diff --git a/oauthproxy.go b/oauthproxy.go
index fb6ef0bc..d45bc692 100644
--- a/oauthproxy.go
+++ b/oauthproxy.go
@@ -78,6 +78,7 @@ type OAuthProxy struct {
 	sessionStore        sessionsapi.SessionStore
 	ProxyPrefix         string
 	basicAuthValidator  basic.Validator
+	basicAuthGroups     []string
 	SkipProviderButton  bool
 	skipAuthPreflight   bool
 	skipJwtBearerTokens bool
@@ -200,6 +201,7 @@ func NewOAuthProxy(opts *options.Options, validator func(string) bool) (*OAuthPr
 		trustedIPs:          trustedIPs,
 
 		basicAuthValidator: basicAuthValidator,
+		basicAuthGroups:    opts.HtpasswdUserGroups,
 		sessionChain:       sessionChain,
 		headersChain:       headersChain,
 		preAuthChain:       preAuthChain,
@@ -534,7 +536,7 @@ func (p *OAuthProxy) isTrustedIP(req *http.Request) bool {
 	return p.trustedIPs.Has(remoteAddr)
 }
 
-// SignInPage writes the sing in template to the response
+// SignInPage writes the sign in template to the response
 func (p *OAuthProxy) SignInPage(rw http.ResponseWriter, req *http.Request, code int) {
 	prepareNoCache(rw)
 	err := p.ClearSessionCookie(rw, req)
@@ -589,7 +591,7 @@ func (p *OAuthProxy) SignIn(rw http.ResponseWriter, req *http.Request) {
 
 	user, ok := p.ManualSignIn(req)
 	if ok {
-		session := &sessionsapi.SessionState{User: user}
+		session := &sessionsapi.SessionState{User: user, Groups: p.basicAuthGroups}
 		err = p.SaveSession(rw, req, session)
 		if err != nil {
 			logger.Printf("Error saving session: %v", err)