diff --git a/machines/nixos/compute01/kanidm/default.nix b/machines/nixos/compute01/kanidm/default.nix
index 5e0129e..77df495 100644
--- a/machines/nixos/compute01/kanidm/default.nix
+++ b/machines/nixos/compute01/kanidm/default.nix
@@ -14,10 +14,12 @@ let
   inherit (lib)
     attrValues
     catAttrs
+    concatLists
     escapeRegex
     concatStringsSep
     mapAttrs'
     nameValuePair
+    unique
     ;
 
   domain = "sso.dgnum.eu";
@@ -86,7 +88,21 @@ in
         }
         // (mapAttrs' (
           name: members: nameValuePair "grp_${name}" { members = builtins.map usernameFor members; }
-        ) meta.organization.groups);
+        ) meta.organization.groups)
+        // (mapAttrs' (
+          name:
+          {
+            admins ? [ ],
+            adminGroups ? [ ],
+          }:
+          nameValuePair "grp-admin_${name}" {
+            members = unique (
+              builtins.map usernameFor (
+                admins ++ (concatLists (builtins.map (group: meta.organization.groups.${group}) adminGroups))
+              )
+            );
+          }
+        ) meta.organization.services);
 
       # INFO: The authentication resources declared here can only be for internal services,
       #       as regular members cannot be statically known.
diff --git a/meta/organization.nix b/meta/organization.nix
index 2376252..0633ba2 100644
--- a/meta/organization.nix
+++ b/meta/organization.nix
@@ -122,6 +122,13 @@
   };
 
   services = {
+    # DG·SI
+    dgsi.admins = [
+      "mdebray"
+      "raito"
+      "thubrecht"
+    ];
+
     # Démarches Normaliennes
     ds-fr.admins = [
       "thubrecht"
@@ -130,8 +137,10 @@
 
     # Cloud DGNum
     nextcloud.admins = [
-      "thubrecht"
+      "jemagius"
+      "mdebray"
       "raito"
+      "thubrecht"
     ];
 
     # Netbox DGNum