diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
index 31aaa7dc..05b0fe8b 100644
--- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
@@ -47,6 +47,7 @@ wazuh_agent_authd:
   enable: false
   port: 1515
   agent_name: null
+  groups: []
   ssl_agent_ca: null
   ssl_agent_cert: null
   ssl_agent_key: null
diff --git a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml
index 1a9076be..9528aa33 100644
--- a/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml
+++ b/roles/wazuh/ansible-wazuh-agent/tasks/Linux.yml
@@ -82,6 +82,9 @@
         -k "/var/ossec/etc/{{ wazuh_agent_authd.ssl_agent_key | basename }}"
         {% endif %}
         {% if wazuh_agent_authd.ssl_auto_negotiate == 'yes' %} -a {% endif %}
+        {% if wazuh_agent_authd.groups is defined and wazuh_agent_authd.groups | length > 0 %}
+        -G "{{ wazuh_agent_authd.groups | join(',') }}"
+        {% endif %}
       register: agent_auth_output
       notify: restart wazuh-agent
       vars:
diff --git a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
index 0da6165c..8b4151de 100644
--- a/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/defaults/main.yml
@@ -409,3 +409,5 @@ nodejs:
       debian: "deb"
       redhat: "rpm"
   repo_url_ext: "nodesource.com/setup_10.x"
+
+agent_groups: [] # groups to create
diff --git a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml
index 1f354ca3..eaabdb77 100644
--- a/roles/wazuh/ansible-wazuh-manager/tasks/main.yml
+++ b/roles/wazuh/ansible-wazuh-manager/tasks/main.yml
@@ -351,6 +351,14 @@
   tags:
     - config
 
+- name: Create agent groups
+  command: "/var/ossec/bin/agent_groups -a -g {{ item }} -q"
+  with_items:
+    - "{{ agent_groups }}"
+  when:
+    - ( agent_groups is defined) and ( agent_groups|length > 0)
+  tags: molecule-idempotence-notest
+
 - include_tasks: "RMRedHat.yml"
   when:
     - ansible_os_family == "RedHat" or ansible_os_family == "Amazon"