diff --git a/arkindex/users/admin.py b/arkindex/users/admin.py
index e06367de8d3757db92cde090e287926499d5abd6..d01704db6feca473ffe3b98946c86c7c3edcf4ae 100644
--- a/arkindex/users/admin.py
+++ b/arkindex/users/admin.py
@@ -44,7 +44,7 @@ class UserChangeForm(forms.ModelForm):
 
     class Meta:
         model = User
-        fields = ('email', 'password', 'is_active', 'is_admin')
+        fields = ('email', 'password', 'is_active', 'is_admin', 'is_internal')
 
     def clean_password(self):
         # Regardless of what the user provides, return the initial value.
@@ -66,10 +66,10 @@ class UserAdmin(BaseUserAdmin):
     # These override the definitions on the base UserAdmin
     # that reference specific fields on auth.User.
     list_display = ('email', 'is_admin')
-    list_filter = ('is_admin', 'groups')
+    list_filter = ('is_admin', 'is_internal')
     fieldsets = (
         (None, {'fields': ('email', 'verified_email', 'password', 'transkribus_email')}),
-        ('Permissions', {'fields': ('is_admin', 'groups')}),
+        ('Permissions', {'fields': ('is_admin', 'is_internal')}),
     )
     # add_fieldsets is not a standard ModelAdmin attribute. UserAdmin
     # overrides get_fieldsets to use this attribute when creating a user.
@@ -85,12 +85,6 @@ class UserAdmin(BaseUserAdmin):
     inlines = (CorpusRightInline, )
 
 
-class GroupAdmin(admin.ModelAdmin):
-    list_display = ('name', )
-    search_fields = ('name', )
-    fields = ('name', )
-
-
 class UserScopeAdmin(admin.ModelAdmin):
     list_display = ('user', 'scope')
     list_filter = [('scope', EnumFieldListFilter), ]
@@ -98,8 +92,6 @@ class UserScopeAdmin(admin.ModelAdmin):
 
 # Now register the new UserAdmin...
 admin.site.register(User, UserAdmin)
-# ... and, since we're not using Django's built-in permissions,
-# use a custom GroupAdmin to hide them.
+# and hide the unused Group admin
 admin.site.unregister(Group)
-admin.site.register(Group, GroupAdmin)
 admin.site.register(UserScope, UserScopeAdmin)