diff --git a/README.md b/README.md
index 6df9e5f..66351b5 100644
--- a/README.md
+++ b/README.md
@@ -42,4 +42,4 @@ Available tags for the role:
 
 | Role |                                                                        Tags                                                                        |
 | ---- | -------------------------------------------------------------------------------------------------------------------------------------------------- |
-| Base | all, authorized_key, automatic_updates, cert, firewall, hostname, kernel, motd, password_auth, root_ca, root_login, ssh, time_sync, web_management |
+| Base | all, authorized_key, automatic_updates, cert, firewall, hostname, kernel, motd, password_auth, root_ca, root_login, ssh, time_sync, users, web_management |
diff --git a/roles/base/defaults/main.yml b/roles/base/defaults/main.yml
index 8f55ec2..0eb5146 100644
--- a/roles/base/defaults/main.yml
+++ b/roles/base/defaults/main.yml
@@ -15,6 +15,8 @@ base_users: []
 #  disable_password: false
 #  ssh_keys: []
 #  ssh_keys_force: false # setting ssh_keys_force to true will overwrite the authorized_keys file to only be the ssh keys provided
+#  groups: []
+#  groups_append: true
 
 # Install all available updates at runtime
 base_core_install_updates: true
diff --git a/roles/base/tasks/core_users.yml b/roles/base/tasks/core_users.yml
index 7008d73..025b3dc 100644
--- a/roles/base/tasks/core_users.yml
+++ b/roles/base/tasks/core_users.yml
@@ -6,6 +6,13 @@
     name: "{{ user.username }}"
     password_lock: "{{ user.disable_password | default(false) }}"
 
+- name: "{{ user.username }} group setup"
+  user:
+    name: "{{ user.username }}"
+    groups: "{{ user.groups | join(',') }}"
+    append: "{{ user.groups_append | default('true') }}"
+  when: user.groups is defined
+
 - name: "Configure {{ user.username }} password"
   user:
     name: "{{ user.username }}"