diff --git a/tests/test_user_management.py b/tests/test_user_management.py
index e41dd99a..bedbaaec 100644
--- a/tests/test_user_management.py
+++ b/tests/test_user_management.py
@@ -344,6 +344,29 @@ def test_authorization_url_has_expected_query_params_with_screen_hint(self):
             "provider": "authkit",
         }
 
+    def test_authorization_url_has_expected_query_params_with_provider_scopes(self):
+        provider = "GoogleOAuth"
+        provider_scopes = [
+            "https://www.googleapis.com/auth/calendar",
+            "https://www.googleapis.com/auth/admin.directory.group",
+        ]
+        redirect_uri = "https://localhost/auth/callback"
+        authorization_url = self.user_management.get_authorization_url(
+            provider=provider,
+            provider_scopes=provider_scopes,
+            redirect_uri=redirect_uri,
+        )
+
+        parsed_url = urlparse(authorization_url)
+        assert parsed_url.path == "/user_management/authorize"
+        assert dict(parse_qsl(str(parsed_url.query))) == {
+            "provider": provider,
+            "provider_scopes": ",".join(provider_scopes),
+            "client_id": self.http_client.client_id,
+            "redirect_uri": redirect_uri,
+            "response_type": RESPONSE_TYPE_CODE,
+        }
+
     def test_get_jwks_url(self):
         expected = "%ssso/jwks/%s" % (
             self.http_client.base_url,
diff --git a/workos/user_management.py b/workos/user_management.py
index d31e35ee..edfa2142 100644
--- a/workos/user_management.py
+++ b/workos/user_management.py
@@ -358,6 +358,7 @@ def get_authorization_url(
         login_hint: Optional[str] = None,
         state: Optional[str] = None,
         provider: Optional[UserManagementProviderType] = None,
+        provider_scopes: Optional[Sequence[str]] = None,
         connection_id: Optional[str] = None,
         organization_id: Optional[str] = None,
         code_challenge: Optional[str] = None,
@@ -379,6 +380,7 @@ def get_authorization_url(
                 The value of this parameter should be a WorkOS Organization ID. (Optional)
             provider (UserManagementProviderType): The provider connection selector is used to initiate SSO using an OAuth-compatible provider.
                 Currently, the supported values for provider are 'authkit', 'AppleOAuth', 'GitHubOAuth, 'GoogleOAuth', and 'MicrosoftOAuth'. (Optional)
+            provider_scopes (Sequence[str]): Can be used to specify additional scopes that will be requested when initiating SSO using an OAuth provider. (Optional)
             domain_hint (str): Can be used to pre-fill the domain field when initiating authentication with Microsoft OAuth,
                 or with a GoogleSAML connection type. (Optional)
             login_hint (str): Can be used to pre-fill the username/email address field of the IdP sign-in page for the user,
@@ -412,6 +414,8 @@ def get_authorization_url(
             params["organization_id"] = organization_id
         if provider is not None:
             params["provider"] = provider
+        if provider_scopes is not None:
+            params["provider_scopes"] = ",".join(provider_scopes)
         if domain_hint is not None:
             params["domain_hint"] = domain_hint
         if login_hint is not None: