diff --git a/tf-stage-1/modules/kc-client/client.tf b/tf-stage-1/modules/kc-client/client.tf
index 97f5e24..86eee47 100644
--- a/tf-stage-1/modules/kc-client/client.tf
+++ b/tf-stage-1/modules/kc-client/client.tf
@@ -3,8 +3,8 @@ data "keycloak_realm" "realm" {
 }
 
 resource "keycloak_openid_client" "client" {
-  realm_id  = data.keycloak_realm.realm.id
-  client_id = var.client_id
+  realm_id      = data.keycloak_realm.realm.id
+  client_id     = var.client_id
   client_secret = var.client_secret
 
   name        = var.client_name
@@ -24,11 +24,11 @@ resource "keycloak_openid_client" "client" {
 
   login_theme = var.login_theme
 
-  standard_flow_enabled        = true
-  implicit_flow_enabled        = false
-  direct_access_grants_enabled = true
-  service_accounts_enabled     = false
-  frontchannel_logout_enabled  = var.frontchannel_logout_enabled
+  standard_flow_enabled                     = true
+  implicit_flow_enabled                     = false
+  direct_access_grants_enabled              = true
+  service_accounts_enabled                  = false
+  frontchannel_logout_enabled               = var.frontchannel_logout_enabled
   oauth2_device_authorization_grant_enabled = var.device_authorization_grant_enabled
 
 }
@@ -43,7 +43,7 @@ resource "keycloak_role" "restricted-access" {
 resource "keycloak_role" "admin-role" {
   realm_id    = data.keycloak_realm.realm.id
   client_id   = keycloak_openid_client.client.id
-  name        = "${var.admin_role_name != null ? "${var.admin_role_name}" : "${var.client_name}-admin"}"
+  name        = var.admin_role_name != null ? "${var.admin_role_name}" : "${var.client_name}-admin"
   description = "Client Admin permissions"
 }
 
@@ -53,9 +53,9 @@ resource "keycloak_group" "access_group" {
 }
 
 resource "keycloak_group" "admin_group" {
-  realm_id = data.keycloak_realm.realm.id
+  realm_id  = data.keycloak_realm.realm.id
   parent_id = keycloak_group.access_group.id
-  name     = "${var.client_name}-admin"
+  name      = "${var.client_name}-admin"
 }
 
 resource "keycloak_group_roles" "access_group_roles" {
@@ -73,3 +73,18 @@ resource "keycloak_group_roles" "admin_group_roles" {
     keycloak_role.admin-role.id
   ]
 }
+
+data "keycloak_group" "super_admin_group" {
+  realm_id = data.keycloak_realm.realm.id
+  name     = "service-admin"
+}
+
+resource "keycloak_group_roles" "super_admin_group_roles" {
+  exhaustive = false
+  realm_id   = data.keycloak_realm.realm.id
+  group_id   = data.keycloak_group.super_admin_group.id
+  role_ids = [
+    keycloak_role.restricted-access.id,
+    keycloak_role.admin-role.id
+  ]
+}