In anticipation of rapid company growth, a solutions architect plans to configure AWS permissions for new users by organizing them into IAM groups based on department. What is the most secure method to assign permissions to these new IAM groups?