diff --git a/loops/organize/party.py b/loops/organize/party.py
index e440e4c..8d3822f 100644
--- a/loops/organize/party.py
+++ b/loops/organize/party.py
@@ -80,6 +80,10 @@ class Person(AdapterBase, BasePerson):
     _adapterAttributes = ('context', '__parent__', 'userId', 'phoneNumbers')
     _contextAttributes = list(IPerson) + list(IConcept)
 
+    def createExtUser(self, userId):
+        from scopes.org import user
+        #print('*** Person.createExtUser', userId)
+
     def getUserId(self):
         return getattr(self.context, '_userId', None)
     def setUserId(self, userId):
@@ -111,6 +115,8 @@ class Person(AdapterBase, BasePerson):
         self.context._userId = userId
         setter.propagateSecurity()
         allowEditingForOwner(self.context, revert=not userId)  # why this?
+        if not oldUserId:
+            self.createExtUser(userId)
     userId = property(getUserId, setUserId)
 
     def removeReferenceFromPrincipal(self, userId):
diff --git a/loops/organize/tests.py b/loops/organize/tests.py
index a15751f..b79642d 100755
--- a/loops/organize/tests.py
+++ b/loops/organize/tests.py
@@ -1,5 +1,9 @@
 # loops.organize.tests
 
+import os, sys
+#sys.path = [os.path.dirname(__file__)] + sys.path
+sys.path = ['loops/tests'] + sys.path
+
 import unittest, doctest
 from zope.interface.verify import verifyClass
 
diff --git a/loops/server/auth.py b/loops/server/auth.py
index 2093b18..0373bc1 100644
--- a/loops/server/auth.py
+++ b/loops/server/auth.py
@@ -27,7 +27,8 @@ class LoginView:
 class CallbackView:
 
     def __call__(self):
-        oidc.Authenticator(self.request).callback()
+        oidc.Authenticator(
+                self.request).callback(groupsProvider=self.getGroupsForPrincipal)
         return ''
 
     def getGroupsForPrincipal(self, prcId):
diff --git a/loops/tests/config.py b/loops/tests/config.py
index b1005e5..2698ba1 100644
--- a/loops/tests/config.py
+++ b/loops/tests/config.py
@@ -20,8 +20,14 @@ dbschema = getenv('DBSCHEMA', 'demo')
 
 base_url = 'test://'
 
+# special testing stuff
+from scopes.tests import data_auth # add oidc URIs and keys to dummy_requests data
+from scopes.tests import dummy_requests
+import sys
+sys.modules['requests'] = dummy_requests
+
 # authentication settings
-oidc_provider = ''
+oidc_provider = 'test://oidc'
 oidc_client_id = getenv('OIDC_CLIENT_ID', '12345')
 oidc_params = dict(
     op_config_url=oidc_provider + '/.well-known/openid-configuration',