diff --git a/backend/src/Squidex/Config/Authentication/OidcServices.cs b/backend/src/Squidex/Config/Authentication/OidcServices.cs
index 30d6decea..ad8e1fa52 100644
--- a/backend/src/Squidex/Config/Authentication/OidcServices.cs
+++ b/backend/src/Squidex/Config/Authentication/OidcServices.cs
@@ -24,6 +24,12 @@ public static class OidcServices
 
             authBuilder.AddOpenIdConnect(Constants.ExternalScheme, displayName, options =>
             {
+                if (identityOptions.OidcDisableProfileScope)
+                {
+                    options.Scope.Clear();
+                    options.Scope.Add(OpenIddict.Abstractions.OpenIddictConstants.Scopes.OpenId);
+                }
+
                 options.Events = new OidcHandler(identityOptions);
                 options.Authority = identityOptions.OidcAuthority;
                 options.Prompt = identityOptions.OidcPrompt;
diff --git a/backend/src/Squidex/Config/MyIdentityOptions.cs b/backend/src/Squidex/Config/MyIdentityOptions.cs
index b2b36c6a6..1a32f6843 100644
--- a/backend/src/Squidex/Config/MyIdentityOptions.cs
+++ b/backend/src/Squidex/Config/MyIdentityOptions.cs
@@ -61,6 +61,13 @@ public sealed class MyIdentityOptions
 
     public string[] OidcScopes { get; set; }
 
+    /// <summary>
+    /// <see cref="Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectOptions"/>
+    /// by default contains scopes "openid" and "profile".
+    /// When <see cref="OidcDisableProfileScope"/> is set to true scope "profile" will be removed.
+    /// </summary>
+    public bool OidcDisableProfileScope { get; set; }
+
     public bool OidcGetClaimsFromUserInfoEndpoint { get; set; }
 
     public bool OidcOverridePermissionsWithCustomClaimsOnLogin { get; set; }
diff --git a/backend/src/Squidex/appsettings.json b/backend/src/Squidex/appsettings.json
index 115f1978d..3a0b12406 100644
--- a/backend/src/Squidex/appsettings.json
+++ b/backend/src/Squidex/appsettings.json
@@ -687,7 +687,10 @@
         "oidcResponseType": "id_token", // or "code"
         "oidcGetClaimsFromUserInfoEndpoint": false,
         "oidcOverridePermissionsWithCustomClaimsOnLogin": false,
-        "oidcOnSignoutRedirectUrl": "",
+        "oidcOnSignoutRedirectUrl": "", 
+        // Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectOptions by default contains scopes "openid" and "profile".
+        // When oidcDisableProfileScope is set to true scope "profile" will be removed.
+        "oidcDisableProfileScope": true,
 
         // Lock new users automatically, the administrator must unlock them.
         "lockAutomatically": false,