diff --git a/modules/core/docs/authproc_scopeattribute.md b/modules/core/docs/authproc_scopeattribute.md
index 6930149bb355cbf4bacf3cc66a39212cc1521c39..586158798667d2ddc234c195da27e1b7e35b6247 100644
--- a/modules/core/docs/authproc_scopeattribute.md
+++ b/modules/core/docs/authproc_scopeattribute.md
@@ -26,6 +26,12 @@ Parameters
 
 :   If the attribute already exists, the new values will be merged into the existing attribute.
 
+`onlyIfEmpty`
+:	Only replace the targetAttribute if it is empty to begin with.
+
+:	If `true`, then the targetAttribute will only be created if it didn't already contain values. Defaults to `false`.
+
+:	This is useful if, for instance, you want to create eduPersonScopedAffiliation from eduPersonAffiliation _only_ if eduPersonScopedAffiliation was not returned by the authenticaton source.
 
 Example
 -------
diff --git a/modules/core/lib/Auth/Process/ScopeAttribute.php b/modules/core/lib/Auth/Process/ScopeAttribute.php
index 9c8c571ac40107b25074d5d774c68475f1d413cd..6c2c03a93b2444d1487d8e46feb824337dca2527 100644
--- a/modules/core/lib/Auth/Process/ScopeAttribute.php
+++ b/modules/core/lib/Auth/Process/ScopeAttribute.php
@@ -30,6 +30,13 @@ class sspmod_core_Auth_Process_ScopeAttribute extends SimpleSAML_Auth_Processing
 	 */
 	private $targetAttribute;
 
+	/**
+	 * Only modify targetAttribute if it doesn't already exist.
+	 *
+	 * @var bool
+	 */
+	private $onlyIfEmpty = false;
+
 
 	/**
 	 * Initialize this filter, parse configuration
@@ -46,6 +53,7 @@ class sspmod_core_Auth_Process_ScopeAttribute extends SimpleSAML_Auth_Processing
 		$this->scopeAttribute = $config->getString('scopeAttribute');
 		$this->sourceAttribute = $config->getString('sourceAttribute');
 		$this->targetAttribute = $config->getString('targetAttribute');
+		$this->onlyIfEmpty = $config->getBoolean('onlyIfEmpty', false);
 	}
 
 
@@ -72,6 +80,10 @@ class sspmod_core_Auth_Process_ScopeAttribute extends SimpleSAML_Auth_Processing
 			$attributes[$this->targetAttribute] = array();
 		}
 
+		if ($this->onlyIfEmpty and count($attributes[$this->targetAttribute]) > 0) {
+			return;
+		}
+
 		foreach ($attributes[$this->scopeAttribute] as $scope) {
 
 			if (strpos($scope, '@') !== FALSE) {
@@ -93,4 +105,4 @@ class sspmod_core_Auth_Process_ScopeAttribute extends SimpleSAML_Auth_Processing
 
 	}
 
-}
\ No newline at end of file
+}
diff --git a/tests/modules/core/lib/Auth/Process/ScopeAttributeTest.php b/tests/modules/core/lib/Auth/Process/ScopeAttributeTest.php
index 31e151636028a1901b710bd97011c0fbbbc4ff6a..8b86314cf2ba9909e4168da047c3d40e90153f6c 100644
--- a/tests/modules/core/lib/Auth/Process/ScopeAttributeTest.php
+++ b/tests/modules/core/lib/Auth/Process/ScopeAttributeTest.php
@@ -191,4 +191,27 @@ class Test_Core_Auth_Process_ScopeAttribute extends PHPUnit_Framework_TestCase
         $attributes = $result['Attributes'];
         $this->assertEquals($attributes['eduPersonScopedAffiliation'], array('student@example.org'));
     }
+
+	/*
+	 * When the target attribute exists and onlyIfEmpty is set
+	 */
+	public function testOnlyIfEmpty()
+	{
+       $config = array(
+            'scopeAttribute' => 'schacHomeOrganization',
+            'sourceAttribute' => 'eduPersonAffiliation',
+            'targetAttribute' => 'eduPersonScopedAffiliation',
+			'onlyIfEmpty' => true,
+        );
+        $request = array(
+            'Attributes' => array(
+                'schacHomeOrganization' => array('example.org'),
+                'eduPersonAffiliation' => array('student'),
+				'eduPersonScopedAffiliation' => array('staff@example.org', 'member@example.org'),
+            )
+        );
+        $result = self::processFilter($config, $request);
+        $attributes = $result['Attributes'];
+        $this->assertEquals($attributes['eduPersonScopedAffiliation'], array('staff@example.org', 'member@example.org'));
+	}
 }