diff --git a/pkg/login/social/azuread_oauth.go b/pkg/login/social/azuread_oauth.go
index 774e7bdfa55..7296a90ce58 100644
--- a/pkg/login/social/azuread_oauth.go
+++ b/pkg/login/social/azuread_oauth.go
@@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"io"
 	"net/http"
 	"strings"
 
@@ -214,9 +215,11 @@ func extractGroups(client *http.Client, claims azureClaims, token *oauth2.Token)
 	if res.StatusCode != http.StatusOK {
 		if res.StatusCode == http.StatusForbidden {
 			logger.Warn("AzureAD OAuh: Token need GroupMember.Read.All permission to fetch all groups")
-			return []string{}, nil
+		} else {
+			body, _ := io.ReadAll(res.Body)
+			logger.Warn("AzureAD OAuh: could not fetch user groups", "code", res.StatusCode, "body", string(body))
 		}
-		return nil, errors.New("error fetching groups")
+		return []string{}, nil
 	}
 
 	var body getAzureGroupResponse