If you are not familiar with the oc command, refer to OpenShift - Getting Started with the oc command.

Here is a basic illustration of how a user, group or service account get mapped to permissions.

The oc adm groups new command can be used to create a group. In this example, the group named my-group-admins will be created with no users added as members of the group.

~]$ oc adm groups new my-group-admins
group.user.openshift.io/my-group-admins created

And here is how you would create a group that has one or more users added as members of the group. You may want to use the oc get users command to ensure the users account exists.

~]$ oc adm groups new my-group-admins
group.user.openshift.io/my-group-admins created john.doe jane.doe

The oc get group command can then be used to ensure the group exists.

~]$ oc get group my-group-admins
NAME                          USERS
my-group-admins               john.doe jane.doe

A group is almost always associated with a Role Binding so it might be a good design to have the groups match the Role Bindings.

This one liner can be used to list the Cluster Role Bindings that have been mapped to the group. In this example the Cluster Role Binding named "my-role-admins" is mapped to my-group-admins.

~]$ for crb in `oc get clusterrolebindings | awk '{print $1'}`; do echo $crb; oc describe clusterrolebinding $crb | grep -i my_group; done;
my-role-admins
  Group  my-group-admins

Then the oc describe clusterrolebinding command can be used to show that Cluster Role Binding my-role-admins has group my-group-admins and role cluster-admin.

~]$ oc describe clusterrolebinding admin
Name:         admin
Labels:       <none>
Annotations:  <none>
Role:
  Kind:  ClusterRole
  Name:  admin
Subjects:
  Kind            Name              Namespace
  ----            ----              ---------
  Group           my-group-admins