diff --git a/src/iam/service.py b/src/iam/service.py
index e7d6699..056b39c 100644
--- a/src/iam/service.py
+++ b/src/iam/service.py
@@ -8,12 +8,14 @@ Exports:
 from typing import Annotated
 from datetime import datetime, timedelta, timezone
 
-from src.iam.schemas import IAMCAoRRequest
 from src.service.models import Service
 from src.database import db_dependency
 from src.exceptions import UnauthorizedException
 from src.utils import send_email, generate_jwt
 
+from src.iam.schemas import IAMCAoRRequest
+from src.iam.models import Group
+
 
 from fastapi import Request, Depends
 
@@ -64,3 +66,49 @@ async def send_user_group_invitation(
 		subject=subject,
 		body=body,
 	)
+
+
+async def create_default_user_group(db: db_dependency, org_model):
+	new_group = Group(name="Default Users", org_id=org_model.id)
+	db.add(new_group)
+	db.flush()
+	# Grant default permissions here
+	db.flush()
+	return new_group
+
+
+async def assign_default_user_group(db: db_dependency, org_model, user_model):
+	group_model = None
+	for group in org_model.group_rel:
+		if group.name == "Default Users":
+			group_model = group
+			break
+
+	if group_model is None:
+		group_model = await create_default_user_group(db=db, org_model=org_model)
+
+	user_model.group_rel.append(group_model)
+	db.flush()
+
+
+async def create_default_root_group(db: db_dependency, org_model):
+	new_group = Group(name="Root User", org_id=org_model.id)
+	db.add(new_group)
+	db.flush()
+	# Grant default permissions here
+	db.flush()
+	return new_group
+
+
+async def assign_default_root_group(db: db_dependency, org_model, user_model):
+	group_model = None
+	for group in org_model.group_rel:
+		if group.name == "Root User":
+			group_model = group
+			break
+
+	if group_model is None:
+		group_model = await create_default_root_group(db=db, org_model=org_model)
+
+	user_model.group_rel.append(group_model)
+	db.flush()
diff --git a/src/organisation/router.py b/src/organisation/router.py
index 3be0a2b..ce8aaf2 100644
--- a/src/organisation/router.py
+++ b/src/organisation/router.py
@@ -33,6 +33,7 @@ from src.contact.models import Contact
 from src.contact.schemas import ContactAddress
 from src.contact.exceptions import ContactNotFoundException
 from src.database import db_dependency
+from src.iam.service import assign_default_user_group, assign_default_root_group
 from src.organisation.schemas_questionnaires import QuestionnaireQuestionsVersion0
 from src.user.dependencies import (
 	user_model_body_dependency,
@@ -183,6 +184,10 @@ async def create_org(
 	# Adds currently logged-in user to org users list and sets them as root_user
 	org_model.user_rel.append(user_model)
 	org_model.root_user_rel = user_model
+
+	# Creates default user and default root IAM groups and assigns them
+	await assign_default_user_group(db, org_model, user_model)
+	await assign_default_root_group(db, org_model, user_model)
 	for contact_type in [
 		"billing_contact_id",
 		"security_contact_id",