I choose to use "Jenkins's own user database" security realm for user login as I couldn't use LDAP in my company. And Google's OpenID has issue when you decided to change the hostname or port number to something else.
And I use "Project-based Matrix Authorization Strategy" schema for my security.
But I don't seem to able to create my own group, and add users to the group to manage the permission.