From 7a269bde96f392d607bff301bcf4ad85f1b5adec Mon Sep 17 00:00:00 2001
From: Philipp <philipp.noreply@chaostreff-backnang.de>
Date: Tue, 28 Jan 2025 20:41:21 +0100
Subject: [PATCH] docs: Add note for group name handling

---
 README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.md b/README.md
index 120331d..7c9b995 100644
--- a/README.md
+++ b/README.md
@@ -23,6 +23,8 @@ To handle authorization centrally, groups can be created and assigned directly i
 
 For each client that relies on those group, explicitly add the `groups` scope to client scopes. The groups will now be sent to client upon request.
 
+**Note:** A group named `foo` will be displayed as `/foo`. For this reason, I recommend using group names like `appname/rolename` which will be sent to the client as `/appname/rolename`.
+
 ### Enforcing 2FA
 
 In the realm management console under `Authentication > Required Actions` certain actions can be enabled and set to be the default action. Useful defaults might be to enforce `Configure OTP`, `Update Password`, `Update Profile` and `Verify Email`.