diff --git a/src/Keycloak.AuthServices.Sdk/Admin/Constants/KeycloakClientApiConstants.cs b/src/Keycloak.AuthServices.Sdk/Admin/Constants/KeycloakClientApiConstants.cs
index 360be6c8..7e4d7c52 100644
--- a/src/Keycloak.AuthServices.Sdk/Admin/Constants/KeycloakClientApiConstants.cs
+++ b/src/Keycloak.AuthServices.Sdk/Admin/Constants/KeycloakClientApiConstants.cs
@@ -39,6 +39,13 @@ internal static class KeycloakClientApiConstants
     internal const string SendVerifyEmail = $"{GetRealm}/users/{{id}}/send-verify-email";
 
     internal const string ExecuteActionsEmail = $"{GetRealm}/users/{{id}}/execute-actions-email";
+    internal const string GetUserGroups = $"{GetRealm}/users/{{id}}/groups";
+
+
+
+    internal const string GetGroups = $"{GetRealm}/groups";
+
+    internal const string GetGroup = $"{GetRealm}/groups/{{id}}";
 
     #endregion
 }
diff --git a/src/Keycloak.AuthServices.Sdk/Admin/IKeycloakClient.cs b/src/Keycloak.AuthServices.Sdk/Admin/IKeycloakClient.cs
index c0b9ee90..cfeeb70e 100644
--- a/src/Keycloak.AuthServices.Sdk/Admin/IKeycloakClient.cs
+++ b/src/Keycloak.AuthServices.Sdk/Admin/IKeycloakClient.cs
@@ -7,6 +7,6 @@ namespace Keycloak.AuthServices.Sdk.Admin;
 /// Aggregates multiple clients. <see cref="IKeycloakRealmClient"/> and <see cref="IKeycloakProtectedResourceClient"/>
 /// </remarks>
 public interface IKeycloakClient
-    : IKeycloakRealmClient, IKeycloakProtectedResourceClient, IKeycloakUserClient
+    : IKeycloakRealmClient, IKeycloakProtectedResourceClient, IKeycloakUserClient, IKeycloakGroupClient
 {
 }
diff --git a/src/Keycloak.AuthServices.Sdk/Admin/IKeycloakGroupClient.cs b/src/Keycloak.AuthServices.Sdk/Admin/IKeycloakGroupClient.cs
new file mode 100644
index 00000000..acd65722
--- /dev/null
+++ b/src/Keycloak.AuthServices.Sdk/Admin/IKeycloakGroupClient.cs
@@ -0,0 +1,33 @@
+namespace Keycloak.AuthServices.Sdk.Admin;
+
+using System.Threading.Tasks;
+using Constants;
+using Models;
+using Refit;
+using Requests.Groups;
+
+/// <summary>
+/// Group management
+/// </summary>
+[Headers("Accept: application/json")]
+public interface IKeycloakGroupClient
+{
+
+    /// <summary>
+    /// Get a stream of groups on the realm.
+    /// </summary>
+    /// <param name="realm">Realm name.</param>
+    /// <param name="parameters">Optional query parameters.</param>
+    /// <returns>A stream of groups, filtered according to query parameters.</returns>
+    [Get(KeycloakClientApiConstants.GetGroups)]
+    Task<IEnumerable<Group>> GetGroups(string realm, [Query] GetGroupRequestParameters? parameters = default);
+
+    /// <summary>
+    /// Get representation of a group.
+    /// </summary>
+    /// <param name="realm">Realm name.</param>
+    /// <param name="groupId">group ID.</param>
+    /// <returns>The group representation.</returns>
+    [Get(KeycloakClientApiConstants.GetGroup)]
+    Task<Group> GetGroup(string realm, [AliasAs("id")] string groupId);
+}
diff --git a/src/Keycloak.AuthServices.Sdk/Admin/IKeycloakUserClient.cs b/src/Keycloak.AuthServices.Sdk/Admin/IKeycloakUserClient.cs
index 61e36d9d..0d3e52a5 100644
--- a/src/Keycloak.AuthServices.Sdk/Admin/IKeycloakUserClient.cs
+++ b/src/Keycloak.AuthServices.Sdk/Admin/IKeycloakUserClient.cs
@@ -3,6 +3,7 @@
 using Constants;
 using Models;
 using Refit;
+using Requests.Groups;
 using Requests.Users;
 
 /// <summary>
@@ -84,4 +85,14 @@ Task ExecuteActionsEmail(string realm, [AliasAs("id")] string userId,
         [Query] int? lifespan = default,
         [Query][AliasAs("redirect_uri")] string? redirectUri = default,
         [Body] List<string>? actions = default);
+
+    /// <summary>
+    /// Get a users's groups.
+    /// </summary>
+    /// <param name="realm">Realm name (not ID).</param>
+    /// <param name="userId">User ID.</param>
+    /// <param name="parameters">Optional query parameters.</param>
+    /// <returns>A stream of users, filtered according to query parameters.</returns>
+    [Get(KeycloakClientApiConstants.GetUserGroups)]
+    Task<IEnumerable<Group>> GetUserGroups(string realm,  [AliasAs("id")] string userId, [Query] GetGroupRequestParameters? parameters = default);
 }
diff --git a/src/Keycloak.AuthServices.Sdk/Admin/Models/Group/Group.cs b/src/Keycloak.AuthServices.Sdk/Admin/Models/Group/Group.cs
new file mode 100644
index 00000000..987de774
--- /dev/null
+++ b/src/Keycloak.AuthServices.Sdk/Admin/Models/Group/Group.cs
@@ -0,0 +1,18 @@
+#pragma warning disable CS1591, CS8618
+namespace Keycloak.AuthServices.Sdk.Admin.Models;
+
+using System.Collections.Generic;
+
+/// <summary>
+/// Group representation.
+/// </summary>
+public class Group
+{
+    public string Id { get; init; } = default!;
+    public string? Name { get; init; }
+    public string? Path { get; init; }
+    public Dictionary<string, string>? ClientRoles { get; init; }
+    public string[]? RealmRoles { get; init; }
+    public Group[]? SubGroups { get; init; }
+    public Dictionary<string, string[]>? Attributes { get; init; }
+}
diff --git a/src/Keycloak.AuthServices.Sdk/Admin/Requests/Groups/GetGroupRequestParameters.cs b/src/Keycloak.AuthServices.Sdk/Admin/Requests/Groups/GetGroupRequestParameters.cs
new file mode 100644
index 00000000..17637e92
--- /dev/null
+++ b/src/Keycloak.AuthServices.Sdk/Admin/Requests/Groups/GetGroupRequestParameters.cs
@@ -0,0 +1,71 @@
+namespace Keycloak.AuthServices.Sdk.Admin.Requests.Groups;
+
+using Keycloak.AuthServices.Sdk.Admin.Models;
+using Refit;
+
+/// <summary>
+/// Optional request parameters for the <see cref="IKeycloakGoupClient.GetGroups"/> endpoint.
+/// It can be called in three different ways.
+/// <list type="number">
+///     <item>
+///         <description>
+///             Don’t specify any criteria. A stream of all groups within that realm will be returned (limited by pagination).
+///         </description>
+///     </item>
+///     <item>
+///         <description>
+///             If <see cref="Search"/> is specified, other criteria such as <see cref="LastName"/>
+///             will be ignored even though you may set them. The <see cref="Search"/> string will be matched against
+///             the <see cref="User.FirstName"/>, <see cref="User.LastName"/>, <see cref="User.Username"/>
+///             and the <see cref="User.Email"/> of a <see cref="User"/>.
+///         </description>
+///     </item>
+///     <item>
+///         <description>
+///             If <see cref="Search"/> is unspecified but any of <see cref="LastName"/>, <see cref="FirstName"/>,
+///             <see cref="Email"/> or <see cref="Username"/> are specified, then those criteria are matched against
+///             their respective fields on a <see cref="User"/> entity. Combined with a logical <c>AND</c>.
+///         </description>
+///     </item>
+/// </list>
+/// </summary>
+public class GetGroupRequestParameters
+{
+    /// <summary>
+    /// Defines whether brief representations are returned. Default is false.
+    /// </summary>
+    [AliasAs("briefRepresentation")]
+    public bool? BriefRepresentation { get; init; }
+
+    /// <summary>
+    /// Defines whether the params <see cref="LastName"/>, <see cref="FirstName"/>,
+    /// <see cref="Email"/> and <see cref="Username"/> must match exactly
+    /// </summary>
+    [AliasAs("exact")]
+    public bool? Exact { get; init; }
+
+    /// <summary>
+    /// Pagination offset.
+    /// </summary>
+    [AliasAs("first")]
+    public int? First { get; init; }
+
+    /// <summary>
+    /// Maximum results size. Default is 100.
+    /// </summary>
+    [AliasAs("max")]
+    public int? Max { get; init; }
+
+    /// <summary>
+    /// A query to search for custom attributes, in the format "<c>key1:value2 key2:value2</c>".
+    /// </summary>
+    [AliasAs("q")]
+    public string? Query { get; init; }
+
+    /// <summary>
+    /// Search for a string contained in <see cref="Username"/>, <see cref="FirstName"/>,
+    /// <see cref="LastName"/> or <see cref="Email"/>.
+    /// </summary>
+    [AliasAs("search")]
+    public string? Search { get; init; }
+}