diff --git a/ssoauth/app_settings/defaults.py b/ssoauth/app_settings/defaults.py
index 99723867374423445e65ba2f909d6d076b670671..56d10be6cc5688e4b6c59de74eb999cb2640f8f9 100644
--- a/ssoauth/app_settings/defaults.py
+++ b/ssoauth/app_settings/defaults.py
@@ -34,21 +34,23 @@ SP_SLS_X_FRAME_OPTIONS = None  # in case you encounter problems with SLS view no
 GROUPS_SAML_ATTRIBUTE = "IDMGroups"  # this SAML attribute is expected to contain list of groups for a user
 GROUP_RESOLVER = "ssoauth.auth_utils.groups_from_saml2_dn_list"  # in case you want to override how groups are resolved for users
 
-GROUPS = getattr(django_settings, "LOCAL_GROUPS", {
+PREDEFINED_GROUPS = {
     # Predefined groups and the corresponding permissions are here.
     # Both groups and permissions are created/updated automatically after applying migrations.
     # First, permissions are created:
     #   - django.contrib.auth is responsible for handling vanilla permissions (mostly model permissions).
     #   - All other explicitly assigned to groups permissions are automatically created.
-    # Second, groups are created and/or updated
+    # Second, groups are created and/or updated.
     #
     # !IMPORTANT! Group naming:
-    #   - Check the current conventions and/or ask somebody who knows better.
-    #   - At the moment of rewriting this functionality:
-    #     - Give your local groups the same name as the AuthGroup they will be mapped to, e.g. your local group
-    #       for students will be named IDM_Studierende
-    #     - While there is no naming convention for unmapped groups, be kind and keep it sane
-})
+    # Give your local groups the same name as the AuthGroup they will be mapped to
+    # (e.g. your local group for students will be named IDM_Studierende)
+    #
+    # Example:
+    # {"IDM_Studierende": ["perm_codename", "another_perm_codename"]}
+}
+
+
 """
 Settings you might want to change on development (don't change them for production):
 """
diff --git a/ssoauth/apps.py b/ssoauth/apps.py
index 1452d99f9203398faeb8f6a95f784483529616b6..12c3ed40ed56c39f492b6f84fc82eed9efc13752 100644
--- a/ssoauth/apps.py
+++ b/ssoauth/apps.py
@@ -2,11 +2,9 @@ from django.apps import AppConfig
 from django.contrib.auth.management import create_permissions
 from django.core import management
 from django.db.models.signals import post_migrate
-
 from . import app_settings
 from . import logger
 from . import sso_utils
-from .setup_groups import setup_groups
 
 
 class SSOAuthConfig(AppConfig):
@@ -28,7 +26,8 @@ class SSOAuthConfig(AppConfig):
 
     @staticmethod
     def post_migrate_callback(*args, **kwargs):
+        # compatibility groups and permissions
         management.call_command("create_compat_groups")
+        # predefined groups and permissions
         create_permissions(*args, **kwargs)  # calling create_permissions() before using the permissions
-        logger.debug("Setting up custom permissions and groups.")
-        setup_groups()
+        management.call_command("create_custom_groups")
diff --git a/ssoauth/setup_groups.py b/ssoauth/management/commands/create_custsom_groups.py
similarity index 64%
rename from ssoauth/setup_groups.py
rename to ssoauth/management/commands/create_custsom_groups.py
index 12bc3a500d8f25363b08b3dff5699dd68fc4742e..75708d8d9020f82790caf73bf4264c1f7147d070 100644
--- a/ssoauth/setup_groups.py
+++ b/ssoauth/management/commands/create_custsom_groups.py
@@ -1,8 +1,9 @@
+from django.core.management.base import BaseCommand, CommandError
 from django.apps import apps
 from django.contrib.auth import get_user_model
 
-from . import app_settings
-from . import logger
+from ... import app_settings
+from ... import logger
 
 
 def setup_groups():
@@ -15,7 +16,7 @@ def setup_groups():
     ContentType = apps.get_model("contenttypes", "ContentType")
     Permission = apps.get_model("auth", "Permission")
 
-    for group_name, permission_names in app_settings.GROUPS.items():
+    for group_name, permission_names in app_settings.PREDEFINED_GROUPS.items():
         group, created = Group.objects.get_or_create(name=group_name)
         if created:
             logger.info("Created group \"{}\"".format(group_name))
@@ -30,3 +31,16 @@ def setup_groups():
             if perm not in group.permissions.all():
                 group.permissions.add(perm)
                 logger.info("Added permission \"{}\" to group \"{}\"".format(perm_name, group_name))
+
+
+class Command(BaseCommand):
+    help = "Creates groups and permissions, predefined by user in project settings."
+    requires_migrations_checks = True
+    requires_system_checks = True
+
+    def handle(self, *args, **options):
+        try:
+            setup_groups()
+        except Exception as e:
+            raise CommandError("Could not ensure that compatibility groups and permissions exist. {0}".format(str(e)))
+