diff --git a/README.md b/README.md
index 120331d..7c9b995 100644
--- a/README.md
+++ b/README.md
@@ -23,6 +23,8 @@ To handle authorization centrally, groups can be created and assigned directly i
 
 For each client that relies on those group, explicitly add the `groups` scope to client scopes. The groups will now be sent to client upon request.
 
+**Note:** A group named `foo` will be displayed as `/foo`. For this reason, I recommend using group names like `appname/rolename` which will be sent to the client as `/appname/rolename`.
+
 ### Enforcing 2FA
 
 In the realm management console under `Authentication > Required Actions` certain actions can be enabled and set to be the default action. Useful defaults might be to enforce `Configure OTP`, `Update Password`, `Update Profile` and `Verify Email`.