diff --git a/evolinux-users/README.md b/evolinux-users/README.md
index c41f96b0..c0f6e9ef 100644
--- a/evolinux-users/README.md
+++ b/evolinux-users/README.md
@@ -34,4 +34,5 @@ evolinux_users:
 
 * `evolinux_sudo_group`: which group to use for sudo (default: `evolinux-sudo`)
 * `evolinux_ssh_group`: which group to use for ssh (default: `evolinux-ssh`)
+* `evolinux_internal_group`: which group to use for all created users (eg. the company name)
 * `evolinux_root_disable_ssh`: disable root's ssh access (default: `True`)
diff --git a/evolinux-users/defaults/main.yml b/evolinux-users/defaults/main.yml
index fe97185c..8ff94551 100644
--- a/evolinux-users/defaults/main.yml
+++ b/evolinux-users/defaults/main.yml
@@ -3,5 +3,6 @@ evolinux_users: {}
 
 evolinux_sudo_group: "evolinux-sudo"
 evolinux_ssh_group: "evolinux-ssh"
+evolinux_internal_group: ""
 
 evolinux_root_disable_ssh: True
diff --git a/evolinux-users/tasks/user.yml b/evolinux-users/tasks/user.yml
index 21cb97b3..f7cf31ba 100644
--- a/evolinux-users/tasks/user.yml
+++ b/evolinux-users/tasks/user.yml
@@ -43,6 +43,8 @@
 
 # Unix groups
 
+## Group for SSH authorizations
+
 - name: "Unix group '{{ evolinux_ssh_group }}' is present (Debian 10 or later)"
   group:
     name: "{{ evolinux_ssh_group }}"
@@ -56,6 +58,29 @@
     append: yes
   when: ansible_distribution_major_version | version_compare('10', '>=')
 
+## Optional group for all evolinux users
+
+- name: "Unix group '{{ evolinux_internal_group }}' is present (Debian 9 or later)"
+  group:
+    name: "{{ evolinux_internal_group }}"
+    state: present
+  when:
+    - evolinux_internal_group is defined
+    - evolinux_internal_group != ""
+    - ansible_distribution_major_version | version_compare('9', '>=')
+
+- name: "Unix user '{{ user.name }}' belongs to group '{{ evolinux_internal_group }}' (Debian 9 or later)"
+  user:
+    name: '{{ user.name }}'
+    groups: "{{ evolinux_internal_group }}"
+    append: yes
+  when:
+    - evolinux_internal_group is defined
+    - evolinux_internal_group != ""
+    - ansible_distribution_major_version | version_compare('9', '>=')
+
+## Optional secondary groups, defined per user
+
 - name: "Secondary Unix groups are present"
   group:
     name: "{{ group }}"
@@ -71,6 +96,8 @@
     append: yes
   when: user.groups is defined
 
+# Permissions on home directory
+
 - name: "Home directory for '{{ user.name }}' is not accessible by group and other users"
   file:
    name: '/home/{{ user.name }}'
@@ -86,7 +113,7 @@
   check_mode: no
   register: grep_profile_evomaintenance
 
-# Don't add the trap if it is present or commented
+## Don't add the trap if it is present or commented
 - name: "User '{{ user.name }}' has its shell trap for evomaintenance"
   lineinfile:
     state: present