diff --git a/sso_oidc.py b/sso_oidc.py
index 8e2d1a4..e8626b4 100644
--- a/sso_oidc.py
+++ b/sso_oidc.py
@@ -151,6 +151,7 @@ def get_available_scopes() -> list:
         "profile",
         "user_attribute:global:read",
         "user_attribute:global:write",
+        "enable_aws_email_tag",
     ]
 
 
@@ -213,6 +214,9 @@ def generate_id_token(
         payload["email_verified"] = True
         payload["preferred_username"] = email
 
+    if "enable_aws_email_tag" in scopes:
+        payload["https://aws.amazon.com/tags"] = {"principal_tags": {"Email": [email]}}
+
     if "profile" in scopes:
         dn = None
         if "attributes" in user and "display_name" in user["attributes"]: