diff --git a/protected/humhub/modules/admin/controllers/ApprovalController.php b/protected/humhub/modules/admin/controllers/ApprovalController.php
index deb9e449b2..0d9e7da950 100644
--- a/protected/humhub/modules/admin/controllers/ApprovalController.php
+++ b/protected/humhub/modules/admin/controllers/ApprovalController.php
@@ -8,6 +8,7 @@
 
 namespace humhub\modules\admin\controllers;
 
+use humhub\components\access\ControllerAccess;
 use humhub\modules\admin\models\UserApprovalSearch;
 use Yii;
 use yii\helpers\Html;
@@ -44,6 +45,7 @@ class ApprovalController extends Controller
     public function getAccessRules()
     {
         return [
+            [ControllerAccess::RULE_LOGGED_IN_ONLY],
             ['checkCanApproveUsers'],
         ];
     }
diff --git a/protected/humhub/modules/admin/tests/codeception/functional/ApprovalCest.php b/protected/humhub/modules/admin/tests/codeception/functional/ApprovalCest.php
new file mode 100644
index 0000000000..07f82c97dc
--- /dev/null
+++ b/protected/humhub/modules/admin/tests/codeception/functional/ApprovalCest.php
@@ -0,0 +1,142 @@
+<?php
+
+namespace admin\functional;
+
+use humhub\modules\admin\permissions\ManageModules;
+use humhub\modules\admin\permissions\ManageSpaces;
+use humhub\modules\admin\permissions\SeeAdminInformation;
+use humhub\modules\user\models\Invite;
+use tests\codeception\_pages\AdminPage;
+use admin\FunctionalTester;
+use Yii;
+
+class ApprovalCest
+{
+
+    public function testApproveByAdmin(FunctionalTester $I)
+    {
+        $I->wantTo('ensure that admins can approve users');
+
+        $settingsManager = Yii::$app->getModule('user')->settings;
+        $settingsManager->set('auth.needApproval', 1);
+        $settingsManager->set('auth.anonymousRegistration', 1);
+        $settingsManager->set('auth.allowGuestAccess', 0);
+
+        $this->register($I);
+
+        $I->amAdmin();
+
+        $this->approveUser($I);
+    }
+
+    public function testApproveByGroupManager(FunctionalTester $I)
+    {
+        $I->wantTo('ensure that group manager can approve users');
+
+        $settingsManager = Yii::$app->getModule('user')->settings;
+        $settingsManager->set('auth.needApproval', 1);
+        $settingsManager->set('auth.anonymousRegistration', 1);
+        $settingsManager->set('auth.allowGuestAccess', 0);
+
+        $this->register($I);
+
+        // User1 is group manager of the User group which is the only gorup available at registration
+        $I->amUser1();
+
+        $this->approveUser($I);
+    }
+
+    public function testApproveNotAllowedByOtherGroupManager(FunctionalTester $I)
+    {
+        $I->wantTo('ensure that group manager can not approve users of another group');
+
+        $settingsManager = Yii::$app->getModule('user')->settings;
+        $settingsManager->set('auth.needApproval', 1);
+        $settingsManager->set('auth.anonymousRegistration', 1);
+        $settingsManager->set('auth.allowGuestAccess', 0);
+
+        $this->register($I);
+
+        // User2
+        $I->amUser2();
+        $I->amOnDashboard();
+        $I->see('New approval requests');
+        $I->click('Click here to review');
+        $I->see('Pending user approvals');
+        $I->dontSee('approvalTest@test.de');
+
+        // This user was created by fixtures
+        $I->see('unnapproved@example.com');
+
+        // Try to approve the user of another group
+        $I->amOnRoute('/admin/approval/approve', ['id' => 8]);
+        $I->seeResponseCodeIs(404);
+    }
+
+    public function testApproveNotAllowedByNormalUser(FunctionalTester $I)
+    {
+        $I->wantTo('ensure that normal users have no access to the approval page');
+
+        $settingsManager = Yii::$app->getModule('user')->settings;
+        $settingsManager->set('auth.needApproval', 1);
+        $settingsManager->set('auth.anonymousRegistration', 1);
+        $settingsManager->set('auth.allowGuestAccess', 0);
+
+        $this->register($I);
+
+        // User2
+        $I->amUser3();
+        $I->amOnDashboard();
+        $I->dontSee('New approval requests');
+        $I->amOnRoute('/admin/approval');
+
+        $I->seeResponseCodeIs(403);
+
+
+        $I->amOnRoute('/admin/approval/approve', ['id' => 8]);
+        $I->seeResponseCodeIs(403);
+    }
+
+    private function register(FunctionalTester $I)
+    {
+        $I->amOnRoute('/user/auth/login');
+        $I->see('Sign up');
+        $I->fillField('#register-email', 'approvalTest@test.de');
+        $I->click('Register');
+        $I->see('Registration successful!');
+
+        $invte = Invite::find()->all()[0];
+
+        $I->amOnRoute('/user/registration', ['token' => $invte->token]);
+        $I->see('Account registration');
+        $I->fillField(['name' => 'User[username]'], 'approvalTest');
+        $I->fillField(['name' => 'Password[newPassword]'], 'approva1TestPassword');
+        $I->fillField(['name' => 'Password[newPasswordConfirm]'], 'approva1TestPassword');
+        $I->fillField(['name' => 'Profile[firstname]'], 'approval');
+        $I->fillField(['name' => 'Profile[lastname]'], 'test');
+
+        $I->click('Create account');
+
+        $I->see('Your account has been successfully created!');
+        $I->see('After activating your account by the administrator');
+    }
+
+    private function approveUser(FunctionalTester $I)
+    {
+        $I->amOnDashboard();
+        $I->see('New approval requests');
+        $I->click('Click here to review');
+        $I->see('Pending user approvals');
+
+        $I->see('approvalTest@test.de');
+        $I->amOnRoute('/admin/approval/approve', ['id' => 8]);
+
+        $I->see('Accept user: approval test');
+        $I->click('Send & save');
+
+        $I->logout();
+        $I->amUser('approvalTest', 'approva1TestPassword');
+        $I->seeElement('#wallStream');
+    }
+
+}
diff --git a/protected/humhub/modules/user/models/Group.php b/protected/humhub/modules/user/models/Group.php
index 4f143b2941..0a8421fbac 100644
--- a/protected/humhub/modules/user/models/Group.php
+++ b/protected/humhub/modules/user/models/Group.php
@@ -58,9 +58,17 @@ class Group extends ActiveRecord
             [['space_id', 'sort_order'], 'integer'],
             [['description'], 'string'],
             [['name'], 'string', 'max' => 45],
+            ['show_at_registration', 'validateShowAtRegistration'],
         ];
     }
 
+    public function validateShowAtRegistration($attribute, $params)
+    {
+        if($this->is_admin_group && $this->show_at_registration) {
+            $this->addError($attribute, 'Admin group can\'t be a registration group!');
+        }
+    }
+
     /**
      * @inheritdoc
      */
@@ -328,7 +336,7 @@ class Group extends ActiveRecord
                 return $groups;
             }
         } else {
-            $groups = self::find()->where(['show_at_registration' => '1'])->orderBy('name ASC')->all();
+            $groups = self::find()->where(['show_at_registration' => 1, 'is_admin_group' => 0])->orderBy('name ASC')->all();
         }
 
         return $groups;
diff --git a/protected/humhub/modules/user/tests/codeception/fixtures/UserFullFixture.php b/protected/humhub/modules/user/tests/codeception/fixtures/UserFullFixture.php
index 1de93785ef..e9664771bd 100644
--- a/protected/humhub/modules/user/tests/codeception/fixtures/UserFullFixture.php
+++ b/protected/humhub/modules/user/tests/codeception/fixtures/UserFullFixture.php
@@ -21,6 +21,7 @@ class UserFullFixture extends ActiveFixture
         'humhub\modules\content\tests\codeception\fixtures\ContentContainerFixture',
         'humhub\modules\user\tests\codeception\fixtures\UserPasswordFixture',
         'humhub\modules\user\tests\codeception\fixtures\UserFollowFixture',
+        InviteFixture::class,
         'humhub\modules\user\tests\codeception\fixtures\GroupFixture'
     ];
 
diff --git a/protected/humhub/modules/user/tests/codeception/fixtures/data/group.php b/protected/humhub/modules/user/tests/codeception/fixtures/data/group.php
index 682d9e86ae..7b1e4f93d0 100644
--- a/protected/humhub/modules/user/tests/codeception/fixtures/data/group.php
+++ b/protected/humhub/modules/user/tests/codeception/fixtures/data/group.php
@@ -18,7 +18,7 @@
  * GNU Affero General Public License for more details.
  */
 return [
-    ['id' => '1', 'space_id' => 1, 'name' => 'Administrator', 'description' => 'Administrator Group', 'created_at' => '2014-08-30 14:03:49', 'created_by' => null, 'updated_at' => null, 'updated_by' => null, 'ldap_dn' => null, 'is_admin_group' => 1],
-    ['id' => '2', 'space_id' => 1, 'name' => 'Users', 'description' => 'Example Group by Installer', 'created_at' => '2014-08-30 14:03:49', 'created_by' => null, 'updated_at' => null, 'updated_by' => null, 'ldap_dn' => null],
-    ['id' => '3', 'space_id' => 1, 'name' => 'Moderators', 'description' => 'Example Moderator group', 'created_at' => '2014-08-30 14:03:49', 'created_by' => null, 'updated_at' => null, 'updated_by' => null, 'ldap_dn' => null]
+    ['id' => '1', 'space_id' => 1, 'name' => 'Administrator', 'description' => 'Administrator Group', 'created_at' => '2014-08-30 14:03:49', 'created_by' => null, 'updated_at' => null, 'updated_by' => null, 'ldap_dn' => null, 'show_at_registration' => 0, 'is_admin_group' => 1],
+    ['id' => '2', 'space_id' => 1, 'name' => 'Users', 'description' => 'Example Group by Installer', 'created_at' => '2014-08-30 14:03:49', 'created_by' => null, 'updated_at' => null, 'updated_by' => null, 'ldap_dn' => null, 'show_at_registration' => 1],
+    ['id' => '3', 'space_id' => 1, 'name' => 'Moderators', 'description' => 'Example Moderator group', 'created_at' => '2014-08-30 14:03:49', 'created_by' => null, 'updated_at' => null, 'updated_by' => null, 'ldap_dn' => null, 'show_at_registration' => 0]
 ];
diff --git a/protected/humhub/modules/user/tests/codeception/fixtures/data/group_user.php b/protected/humhub/modules/user/tests/codeception/fixtures/data/group_user.php
index 426ee25868..c472bbe029 100644
--- a/protected/humhub/modules/user/tests/codeception/fixtures/data/group_user.php
+++ b/protected/humhub/modules/user/tests/codeception/fixtures/data/group_user.php
@@ -19,7 +19,7 @@
  */
 return [
     ['id' => 1, 'user_id' => 1, 'group_id' => 1, 'created_at' => '2014-08-30 14:03:49', 'created_by' => null, 'updated_at' => null, 'updated_by' => null],
-    ['id' => 2, 'user_id' => 2, 'group_id' => 2, 'created_at' => '2014-08-30 14:03:49', 'created_by' => null, 'updated_at' => null, 'updated_by' => null],
+    ['id' => 2, 'user_id' => 2, 'group_id' => 2, 'created_at' => '2014-08-30 14:03:49', 'created_by' => null, 'updated_at' => null, 'updated_by' => null, 'is_group_manager' => 1],
     ['id' => 3, 'user_id' => 3, 'group_id' => 3, 'is_group_manager' => '1', 'created_at' => '2014-08-30 14:03:49', 'created_by' => null, 'updated_at' => null, 'updated_by' => null],
     ['id' => 4, 'user_id' => 6, 'group_id' => 3, 'created_at' => '2014-08-30 14:03:49', 'created_by' => null, 'updated_at' => null, 'updated_by' => null]
 ];
diff --git a/protected/humhub/modules/user/tests/codeception/unit/GroupTest.php b/protected/humhub/modules/user/tests/codeception/unit/GroupTest.php
new file mode 100644
index 0000000000..4f0f5027d3
--- /dev/null
+++ b/protected/humhub/modules/user/tests/codeception/unit/GroupTest.php
@@ -0,0 +1,34 @@
+<?php
+
+namespace tests\codeception\unit;
+
+use tests\codeception\_support\HumHubDbTestCase;
+use humhub\modules\user\models\Group;
+
+class GroupTest extends HumHubDbTestCase
+{
+    public function testRegistrationGroups()
+    {
+        $groups = Group::getRegistrationGroups();
+        $this->assertCount(1, $groups);
+        $this->assertEquals('Users', $groups[0]->name);
+
+        $adminGroup = Group::getAdminGroup();
+        $this->assertEquals(1, $adminGroup->is_admin_group);
+        $adminGroup->show_at_registration = 1;
+        $this->assertFalse($adminGroup->save());
+
+        // Force save
+        $adminGroup->save(false);
+
+        // Update moderator group
+        Group::findOne(['id' => 3])->updateAttributes(['show_at_registration' => 1]);
+
+        // Make sure the admin group is not contained in registration groups even if show_at_registration is set
+        $groups = Group::getRegistrationGroups();
+        $this->assertCount(2, $groups);
+        $this->assertEquals('Moderators', $groups[0]->name);
+        $this->assertEquals('Users', $groups[1]->name);
+    }
+
+}