diff --git a/docs/resources/iam_group.md b/docs/resources/iam_group.md
new file mode 100644
index 0000000..b41cc75
--- /dev/null
+++ b/docs/resources/iam_group.md
@@ -0,0 +1,96 @@
+---
+page_title: "montecarlo_iam_group Resource - terraform-provider-montecarlo"
+subcategory: ""
+description: |-
+ A named resource which lets you define Monte Carlo authorization group responsible for assigning roles to the users.
+---
+
+# montecarlo_iam_group (Resource)
+
+Represents a named resource which lets you define _Monte Carlo_ **authorization group** responsible for assigning roles to the users. An authorization group policy is made up of three primary parts:
+
+- a list of permissions
+- a list of group members (not set by this resource)
+- optionally, one or more Monte Carlo domains to restrict the group to
+
+The list of permissions/roles specifies **what can be done** (such as access or edit monitors), and the domain restrictions specify what parts of your data/metadata those users **may access under given permissions**.
+
+To get more information about _Monte Carlo_ **authorization groups**, see:
+- [API documentation](https://apidocs.getmontecarlo.com/#definition-AuthorizationGroupOutput)
+- How-to Guides
+ - [Authorization](https://docs.getmontecarlo.com/docs/authorization)
+
+
+
+## Example Usage
+
+```terraform
+resource "montecarlo_iam_group" "example" {
+ name = "name"
+ description = "description"
+ role = "mcd/viewer"
+ domains = ["domainUUID"] # restricting to selected domains
+ sso_group = "sso_group" # automatical mapping to SSO group
+}
+```
+
+
+
+
+## Schema
+
+### Required
+
+
+- `name` (String) ID of the authorization group. Must be unique per _Monte Carlo_ account. Authorization group **name within the UI** is not value of this attribute, instead `label` is used ([see bellow](#attr--label)).
+
+- `role` (String) Used to define the specific role or permissions that are assigned to the _Monte Carlo_ authorization group.
+Allowed roles:
+
+ - **mcd/owner**
+ - **mcd/domains-manager**
+ - **mcd/responder**
+ - **mcd/editor**
+ - **mcd/viewer**
+ - **mcd/asset-viewer**
+ - **mcd/asset-editor**
+
+### Optional
+
+- `description` (String, _default:_ `""`) Description of the authorization group. Usually can be used to document for what the authorization group is responsible for.
+
+- `domains` (Set of Strings, _default:_ `[]`) Set of **domain UUIDs** that this authorization group should be restricted to. By default, if this attribute is not set, the authorization group permissions will be applied globally.
+
+- `sso_group` (String, _default:_ `null`) Automatically assignes all of the users from the provided **SSO group** to the authorization group.
+
+ - if set, users cannot be assigned to the authorization group directly
+
+ - if set, when authorization group already exists, all of the previous user assignments will be destroyed.
+
+### Read-Only
+
+
+- `label` (String) Authorization group **label/name** as it should be presented in the _Monte Carlo_ UI. Implementation of this resource will always set this attribute to the same value as the `name` attribute ([see above](#attr--name)) to avoid confusion.
+
+
+
+## Import
+
+This resource can be imported using the import ID with following format:
+
+* `{{group_name}}`
+
+In **Terraform v1.5.0** and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import a _Transactional Warehouse_ using one of the formats above. For example:
+
+```terraform
+import {
+ id = "{{group_name}}"
+ to = montecarlo_iam_group.default
+}
+```
+
+When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), _Authorization Group_ can be imported using one of the formats above. For example:
+
+```
+$ terraform import montecarlo_iam_group.default {{group_name}}
+```
diff --git a/examples/resources/montecarlo_iam_group/resource.tf b/examples/resources/montecarlo_iam_group/resource.tf
new file mode 100644
index 0000000..14f7295
--- /dev/null
+++ b/examples/resources/montecarlo_iam_group/resource.tf
@@ -0,0 +1,21 @@
+## Allowed roles:
+## "mcd/owner"
+## "mcd/domains-manager"
+## "mcd/responder"
+## "mcd/editor"
+## "mcd/viewer"
+## "mcd/asset-viewer"
+## "mcd/asset-editor"
+
+resource "montecarlo_iam_group" "example_thin" {
+ name = "name"
+ role = "mcd/viewer"
+}
+
+resource "montecarlo_iam_group" "example_thick" {
+ name = "name"
+ description = "description"
+ role = "mcd/viewer"
+ domains = ["domainUUID"] # restricting to selecting domains
+ sso_group = "sso_group" # automatical mapping to SSO group
+}