diff --git a/.puppet/hiera/common.yaml b/.puppet/hiera/common.yaml
index c76b904bf..d7802181f 100644
--- a/.puppet/hiera/common.yaml
+++ b/.puppet/hiera/common.yaml
@@ -5,3 +5,4 @@ icingaweb2::web_path: icingaweb2
 icingaweb2::db_user:  icingaweb2
 icingaweb2::db_pass:  icingaweb2
 icingaweb2::db_name:  icingaweb2
+icingaweb2::group:    icingaweb2
diff --git a/.puppet/modules/icingaweb2/manifests/config.pp b/.puppet/modules/icingaweb2/manifests/config.pp
index 473d89d06..625c47b7a 100644
--- a/.puppet/modules/icingaweb2/manifests/config.pp
+++ b/.puppet/modules/icingaweb2/manifests/config.pp
@@ -1,14 +1,15 @@
 class icingaweb2::config (
-  $config = hiera('icingaweb2::config')
+  $config    = hiera('icingaweb2::config'),
+  $web_group = hiera('icingaweb2::group')
 ) {
-  group { 'icingaweb':
+  group { $web_group:
       ensure => present,
   }
 
   file { [ "${config}", "${config}/enabledModules", "${config}/modules", "${config}/preferences" ]:
     ensure  => directory,
     owner   => 'root',
-    group   => 'icingaweb',
+    group   => $web_group,
     mode    => '2770',
   }
 }
diff --git a/.puppet/modules/icingaweb2/manifests/config/general.pp b/.puppet/modules/icingaweb2/manifests/config/general.pp
index c2daec83f..8ccea172f 100644
--- a/.puppet/modules/icingaweb2/manifests/config/general.pp
+++ b/.puppet/modules/icingaweb2/manifests/config/general.pp
@@ -1,14 +1,15 @@
 define icingaweb2::config::general (
   $source,
-  $config   = hiera('icingaweb2::config'),
-  $replace  = true
+  $config    = hiera('icingaweb2::config'),
+  $web_group = hiera('icingaweb2::group'),
+  $replace   = true
 ) {
   include icingaweb2::config
 
   file { "${config}/${name}.ini":
      content => template("${source}/${name}.ini.erb"),
      owner   => 'root',
-     group   => 'icingaweb',
+     group   => $web_group,
      mode    => 0660,
      replace => $replace,
   }
diff --git a/.puppet/modules/icingaweb2/manifests/config/module.pp b/.puppet/modules/icingaweb2/manifests/config/module.pp
index 69e5abd6b..19db02250 100644
--- a/.puppet/modules/icingaweb2/manifests/config/module.pp
+++ b/.puppet/modules/icingaweb2/manifests/config/module.pp
@@ -1,8 +1,9 @@
 define icingaweb2::config::module (
   $module,
   $source,
-  $config  = hiera('icingaweb2::config'),
-  $replace = true
+  $config    = hiera('icingaweb2::config'),
+  $web_group = hiera('icingaweb2::group'),
+  $replace   = true
 ) {
   include icingaweb2::config
 
@@ -10,7 +11,7 @@ define icingaweb2::config::module (
     file { "${config}/modules/${module}":
       ensure  => directory,
       owner   => 'root',
-      group   => 'icingaweb',
+      group   => $web_group,
       mode    => '2770',
     }
   }
@@ -18,7 +19,7 @@ define icingaweb2::config::module (
   file { "${config}/modules/${module}/${name}.ini":
      source  => "${source}/modules/${module}/${name}.ini",
      owner   => 'root',
-     group   => 'icingaweb',
+     group   => $web_group,
      mode    => 0660,
      replace => $replace,
   }
diff --git a/.puppet/profiles/icingaweb2_dev/manifests/init.pp b/.puppet/profiles/icingaweb2_dev/manifests/init.pp
index 379f75247..157a9d80a 100644
--- a/.puppet/profiles/icingaweb2_dev/manifests/init.pp
+++ b/.puppet/profiles/icingaweb2_dev/manifests/init.pp
@@ -1,10 +1,11 @@
 class icingaweb2_dev (
-  $config   = hiera('icingaweb2::config'),
-  $log      = hiera('icingaweb2::log'),
-  $web_path = hiera('icingaweb2::web_path'),
-  $db_user  = hiera('icingaweb2::db_user'),
-  $db_pass  = hiera('icingaweb2::db_pass'),
-  $db_name  = hiera('icingaweb2::db_name'),
+  $config    = hiera('icingaweb2::config'),
+  $log       = hiera('icingaweb2::log'),
+  $web_path  = hiera('icingaweb2::web_path'),
+  $db_user   = hiera('icingaweb2::db_user'),
+  $db_pass   = hiera('icingaweb2::db_pass'),
+  $db_name   = hiera('icingaweb2::db_name'),
+  $web_group = hiera('icingaweb2::group'),
 ) {
   include apache
   include php
@@ -28,7 +29,7 @@ class icingaweb2_dev (
   Exec { path => '/usr/local/bin:/usr/bin:/bin' }
 
   # TODO(el): Enabling/disabling modules should be a resource
-  User <| alias == apache |> { groups +> 'icingaweb' }
+  User <| alias == apache |> { groups +> $web_group }
   -> exec { 'enable-monitoring-module':
     command => 'icingacli module enable monitoring',
     user    => 'apache',
@@ -50,7 +51,7 @@ class icingaweb2_dev (
   file { $log_dir:
     ensure  => directory,
     owner   => 'root',
-    group   => 'icingaweb',
+    group   => $web_group,
     mode    => '2775'
   }