diff --git a/README.md b/README.md
index 973bf8d..3223f33 100644
--- a/README.md
+++ b/README.md
@@ -124,6 +124,7 @@ db2::install { '11.1':
 * `instance_user_uid`: UID of the instance user
 * `instance_user_gid`: GID of the instance user 
 * `instance_user_home`: Home directory of the instance user
+* `groups`: An array of supplementary groups for instance and fence users (optional, default: undef)
 * `type`: Type of product this instance is for (default: ese)
 * `auth`: Type of auth for this instance (default: server)
 * `users_forcelocal`: Force the creation of instance and fence users to be local, true or false. (default: undef)
diff --git a/manifests/instance.pp b/manifests/instance.pp
index 2588a24..d29143e 100644
--- a/manifests/instance.pp
+++ b/manifests/instance.pp
@@ -14,6 +14,7 @@
   $instance_user_uid    = undef,
   $instance_user_gid    = undef,
   $instance_user_home   = undef,
+  $groups               = undef,
   $users_forcelocal     = undef,
   $port                 = undef,
   $type                 = 'ese',
@@ -32,6 +33,14 @@
         home       => $fence_user_home,
         forcelocal => $users_forcelocal,
         managehome => true,
+        groups     => $groups,
+      }
+    }
+    if $groups {
+      $groups.each |$group| {
+        Group <| title == $group |> {
+          members +> $fence_user,
+        }
       }
     }
   }
@@ -43,6 +52,14 @@
       home       => $instance_user_home,
       forcelocal => $users_forcelocal,
       managehome => true,
+      groups     => $groups,
+    }
+    if $groups {
+      $groups.each |$group| {
+        Group <| title == $group |> {
+          members +> $instance_user,
+        }
+      }
     }
   }
 
diff --git a/spec/defines/instance_spec.rb b/spec/defines/instance_spec.rb
index a5b510e..31b923a 100644
--- a/spec/defines/instance_spec.rb
+++ b/spec/defines/instance_spec.rb
@@ -41,7 +41,7 @@
     end
   end
   context "when declared with fence user" do
-    let(:params) {{ 
+    let(:params) {{
       :installation_root => '/opt/ibm/db2/V11.1',
       :fence_user => 'db2fence'
     }}
@@ -60,7 +60,7 @@
     end
   end
   context "when declaring user attributes" do
-    let(:params) {{ 
+    let(:params) {{
       :installation_root => '/opt/ibm/db2/V11.1',
       :fence_user => 'db2fence',
       :instance_user_uid => '1001',
@@ -69,12 +69,14 @@
       :fence_user_uid => '1002',
       :fence_user_gid => 'db2fencg',
       :fence_user_home => '/db2/fence',
+      :groups => 'db2group',
     }}
     it do
       is_expected.to contain_user('db2inst').with(
         :uid => '1001',
         :gid => 'db2instg',
-        :home => '/db2/inst'
+        :home => '/db2/inst',
+        :groups => 'db2group',
       )
     end
     it do
@@ -82,12 +84,13 @@
         :uid => '1002',
         :gid => 'db2fencg',
         :home => '/db2/fence',
+        :groups => 'db2group',
       )
     end
   end
 
   context "when declaring with manage_instance_user falsified" do
-    let(:params) {{ 
+    let(:params) {{
       :installation_root => '/opt/ibm/db2/V11.1',
       :fence_user => 'db2fence',
       :manage_instance_user => false,
@@ -108,7 +111,7 @@
   end
 
   context "when declaring with manage_fence_user falsified" do
-    let(:params) {{ 
+    let(:params) {{
       :installation_root => '/opt/ibm/db2/V11.1',
       :fence_user => 'db2fence',
       :manage_fence_user => false,
@@ -129,7 +132,7 @@
   end
 
   context "when setting the installation type and auth options" do
-    let(:params) {{ 
+    let(:params) {{
       :installation_root => '/opt/ibm/db2/V11.1',
       :fence_user => 'db2fence',
       :type       => 'standalone',
@@ -145,7 +148,7 @@
   end
 
   context "when setting the port option" do
-    let(:params) {{ 
+    let(:params) {{
       :installation_root => '/opt/ibm/db2/V11.1',
       :fence_user => 'db2fence',
       :type       => 'standalone',
@@ -162,11 +165,37 @@
     end
   end
 
-      
-    
+  context "when the group is not defined" do
+    let(:params) {{
+      :installation_root => '/opt/ibm/db2/V11.1',
+      :fence_user => 'db2fence',
+      :manage_fence_user => true,
+      :instance_user => 'db2inst',
+      :manage_instance_user => true,
+      :groups => ['db2group'],
+    }}
+    it do
+      is_expected.to_not contain_group('db2group').with(
+        :members => ['bob', 'db2fence', 'db2inst'],
+      )
+    end
+  end
 
+  context "when the group is already defined" do
+    let(:pre_condition) {"group {'db2group': members => ['bob']}"}
+    let(:params) {{
+      :installation_root => '/opt/ibm/db2/V11.1',
+      :fence_user => 'db2fence',
+      :manage_fence_user => true,
+      :instance_user => 'db2inst',
+      :manage_instance_user => true,
+      :groups => ['db2group'],
+    }}
+    it do
+      is_expected.to contain_group('db2group').with(
+        :members => ['bob', 'db2fence', 'db2inst'],
+      )
+    end
+  end
 
 end
-
-
-