diff --git a/apps/client/src/ee/security/components/sso-oidc-form.tsx b/apps/client/src/ee/security/components/sso-oidc-form.tsx
index 28b1ac47..9e470388 100644
--- a/apps/client/src/ee/security/components/sso-oidc-form.tsx
+++ b/apps/client/src/ee/security/components/sso-oidc-form.tsx
@@ -16,6 +16,7 @@ const ssoSchema = z.object({
   oidcClientSecret: z.string().min(1, "Client secret is required"),
   isEnabled: z.boolean(),
   allowSignup: z.boolean(),
+  isGroupSyncEnabled: z.boolean(),
 });
 
 type SSOFormValues = z.infer<typeof ssoSchema>;
@@ -36,6 +37,7 @@ export function SsoOIDCForm({ provider, onClose }: SsoFormProps) {
       oidcClientSecret: provider.oidcClientSecret || "",
       isEnabled: provider.isEnabled,
       allowSignup: provider.allowSignup,
+      isGroupSyncEnabled: provider.isGroupSyncEnabled || false,
     },
     validate: zodResolver(ssoSchema),
   });
@@ -67,6 +69,9 @@ export function SsoOIDCForm({ provider, onClose }: SsoFormProps) {
     if (form.isDirty("allowSignup")) {
       ssoData.allowSignup = values.allowSignup;
     }
+    if (form.isDirty("isGroupSyncEnabled")) {
+      ssoData.isGroupSyncEnabled = values.isGroupSyncEnabled;
+    }
 
     await updateSsoProviderMutation.mutateAsync(ssoData);
     form.resetDirty();
@@ -119,6 +124,15 @@ export function SsoOIDCForm({ provider, onClose }: SsoFormProps) {
             />
           </Group>
 
+          <Group justify="space-between">
+            <div>{t("Group sync")}</div>
+            <Switch
+              className={classes.switch}
+              checked={form.values.isGroupSyncEnabled}
+              {...form.getInputProps("isGroupSyncEnabled")}
+            />
+          </Group>
+
           <Group justify="space-between">
             <div>{t("Enabled")}</div>
             <Switch
diff --git a/apps/client/src/ee/security/components/sso-saml-form.tsx b/apps/client/src/ee/security/components/sso-saml-form.tsx
index 76ea3d51..5a7ba9f8 100644
--- a/apps/client/src/ee/security/components/sso-saml-form.tsx
+++ b/apps/client/src/ee/security/components/sso-saml-form.tsx
@@ -26,6 +26,7 @@ const ssoSchema = z.object({
   samlCertificate: z.string().min(1, "SAML Idp Certificate is required"),
   isEnabled: z.boolean(),
   allowSignup: z.boolean(),
+  isGroupSyncEnabled: z.boolean(),
 });
 
 type SSOFormValues = z.infer<typeof ssoSchema>;
@@ -45,6 +46,7 @@ export function SsoSamlForm({ provider, onClose }: SsoFormProps) {
       samlCertificate: provider.samlCertificate || "",
       isEnabled: provider.isEnabled,
       allowSignup: provider.allowSignup,
+      isGroupSyncEnabled: provider.isGroupSyncEnabled || false,
     },
     validate: zodResolver(ssoSchema),
   });
@@ -75,6 +77,9 @@ export function SsoSamlForm({ provider, onClose }: SsoFormProps) {
     if (form.isDirty("allowSignup")) {
       ssoData.allowSignup = values.allowSignup;
     }
+    if (form.isDirty("isGroupSyncEnabled")) {
+      ssoData.isGroupSyncEnabled = values.isGroupSyncEnabled;
+    }
 
     await updateSsoProviderMutation.mutateAsync(ssoData);
     form.resetDirty();
@@ -132,6 +137,15 @@ export function SsoSamlForm({ provider, onClose }: SsoFormProps) {
             />
           </Group>
 
+          <Group justify="space-between">
+            <div>{t("Group sync")}</div>
+            <Switch
+              className={classes.switch}
+              checked={form.values.isGroupSyncEnabled}
+              {...form.getInputProps("isGroupSyncEnabled")}
+            />
+          </Group>
+
           <Group justify="space-between">
             <div>{t("Enabled")}</div>
             <Switch
diff --git a/apps/client/src/ee/security/types/security.types.ts b/apps/client/src/ee/security/types/security.types.ts
index c0f6d05d..c676ce2e 100644
--- a/apps/client/src/ee/security/types/security.types.ts
+++ b/apps/client/src/ee/security/types/security.types.ts
@@ -11,6 +11,7 @@ export interface IAuthProvider {
   oidcClientSecret: string;
   allowSignup: boolean;
   isEnabled: boolean;
+  isGroupSyncEnabled: boolean;
   creatorId: string;
   workspaceId: string;
   createdAt: Date;
diff --git a/apps/server/src/database/migrations/20250710T120000-add-group-sync-to-auth-providers.ts b/apps/server/src/database/migrations/20250710T120000-add-group-sync-to-auth-providers.ts
new file mode 100644
index 00000000..2f06989f
--- /dev/null
+++ b/apps/server/src/database/migrations/20250710T120000-add-group-sync-to-auth-providers.ts
@@ -0,0 +1,17 @@
+import { type Kysely } from 'kysely';
+
+export async function up(db: Kysely<any>): Promise<void> {
+  await db.schema
+    .alterTable('auth_providers')
+    .addColumn('is_group_sync_enabled', 'boolean', (col) =>
+      col.defaultTo(false).notNull(),
+    )
+    .execute();
+}
+
+export async function down(db: Kysely<any>): Promise<void> {
+  await db.schema
+    .alterTable('auth_providers')
+    .dropColumn('is_group_sync_enabled')
+    .execute();
+}
\ No newline at end of file
diff --git a/apps/server/src/database/types/db.d.ts b/apps/server/src/database/types/db.d.ts
index b49f15b0..854a9aa3 100644
--- a/apps/server/src/database/types/db.d.ts
+++ b/apps/server/src/database/types/db.d.ts
@@ -62,6 +62,7 @@ export interface AuthProviders {
   deletedAt: Timestamp | null;
   id: Generated<string>;
   isEnabled: Generated<boolean>;
+  isGroupSyncEnabled: Generated<boolean>;
   name: string;
   oidcClientId: string | null;
   oidcClientSecret: string | null;
@@ -122,6 +123,7 @@ export interface Comments {
   pageId: string;
   parentCommentId: string | null;
   resolvedAt: Timestamp | null;
+  resolvedById: string | null;
   selection: string | null;
   type: string | null;
   workspaceId: string;
diff --git a/apps/server/src/ee b/apps/server/src/ee
index 4c252d1e..8f0fbf69 160000
--- a/apps/server/src/ee
+++ b/apps/server/src/ee
@@ -1 +1 @@
-Subproject commit 4c252d1ec35a3fb13c8eaf19509de83cf5fe2779
+Subproject commit 8f0fbf6964b6b0180a5f30f13f142d305b0003f3