GroupID Self-Service

try it free for 30 days

Self-service Group and Directory Management

Managing Active Directory group membership and user attributes is a tedious job for administrators. Giving a web-based self-service option allows administrators to delegate active directory administration to end users. But you need controls. GroupID enables end users to update their own directory information and manage groups based on controls the administrators set. Group management is enhanced as users can create and manage their own groups, opt-in and opt-out of groups based on the security setting for that group. Group renewals and expirations are administered and controlled within GroupID Self-Service. Save your administrators time and effort by putting control of pertinent data in the hands of the end-users.

“Before Imanami, I had to staff several employees just to make changes. That is no longer the case. The products were easy to install, Imanami was great to work with and the systems virtually run themselves.”
“What more could you ask for?”

Mark Campbell
City of Atlanta’s CIO

Save users and IT time

GroupID Self-Service increases productivity for both IT and the business. To take advantage of Active Directory, the information within it needs to be accurate. Users need to have a quick, easy and secure way to update their pertinent personal information. Some attributes should be editable by the user (mobile phone, home address), some should be editable by the user’s manager (title, location) and some should only be editable by IT (email address). GroupID Self-Service gives all of these options with the additional ability to create workflows to give IT even more control, without more work.

According to a survey by Osterman Research, 81% of organizations manage their groups manually. This means that 4 out of 5 organizations have IT manually adding users to groups every time an employee is hired or changes positions. This takes up, on average, 6 hours per week per 1000 employees and, according to the same survey, 42% of users are still in the wrong distribution lists or security groups.

GroupID Self-Service delegates that burden onto a resource that has a vested interest in managing these groups, the users. A group owner can create a group, manage the membership, and make sure that the group is always accurate. The group owner can also open their group to allow other users to optzin to the group. IT can control the whole process with simple to set workflow.

Complete Group Lifecycle Solution

One of the issues of opening groups up to users is the proliferation of groups, something we call group glut. If there are no controls in place, too many groups are created or worse yet, once useful groups are left “cobwebbed” in the Global Address List. The solution to this is group lifecycle. There are four steps to a group’s useful life:

  • Creation
    Give workflow to ensure that group is approved and/or meets naming conventions
  • Use
    During a group’s useful life allow owners to manage groups and users opt-in and opt-out of groups
  • Expiration
    Define a lifecycle for group renewals and enforce that the owner has to actively renew a group to continue to using it. Group owner(s) are notified before the expiration, giving them time to renew it or let it expire
  • Deletion
    Once a group has expired and the owner has not renewed it, wait a set period of days to delete it, giving the owner a chance to “get it back”

GroupID Self-Service gives IT a complete group lifecycle solution, allowing users to manage their own groups but giving IT the control to keep it from getting out of hand. This group lifecycle solution allows you to control group glut on both security groups and distribution lists. When you expire a security group, GroupID will back-up the membership and then remove all members, effectively disabling the group until the group owner(s) renew it. When you expire a distribution list, the group is un-mail-enabled so that messages will bounce. In both cases, the group is appended with an exp- prefix and hidden from the ability to opt in or out.

How Does GroupID Self-Service Do It?

GroupID Self-Service is a web-based portal that gives an intuitive front-end to Active Directory. Users and Administrators can update user attributes and create distribution lists and security groups based on permissions and workflow designed by IT. GroupID Self-Service improves on Active Directory in that it allows for multiple owners of groups, workflow on any attribute changes, security settings on view/edit with field-level security, customizable branding, and differing security settings on groups.


The simple to use MMC administrative interface allows IT to create multiple portals, manage workflow and group lifecycle, and easily brand the self-service portal. Giving access and control of user data to the users helps the organization be more nimble and productive; having control of who can do what helps keep the organization more secure. GroupID Self-Service gives you both.

explore features & benefits

Group Management

GroupID is the industry’s most complete end to end group management solution. Manage a group from creation to its usage to expiration and on to deletion. Give your end users the ability to manage their groups with IT’s control.

Group Lifecycle
Set an expiration policy on any and all groups. Group owner’s are notified before a group expires and is given the ability to renew them. Make sure a group is still useful for the business before allowing it to clutter up your GAL with an old unwanted group. Group lifecycle works on both AD security groups and Exchange distribution lists.
Manage your own groups

Group owners can manage the membership, lifecycle, and delivery restrictions on their groups. Add workflow to join groups, create restrictions on who can send to the group, and add/delete members.
Join & Leave groups

Users can opt in or opt out of groups depending on their security levels.

Multiple owners
Any amount of groups or users can manage a group. All owners receive the same rights. All owners receive workflow notifications. Have an assistant manage your group or delegate it to your favorite employee!

Workflow on group creation
Allow users to create groups but give IT or their manager a chance to approve what they’re doing. Enforce naming conventions or security levels.

Enforcable naming conventions
Force a prefix (or even create a drop down list) onto all group names to standardize your GAL or distinguish groups in different departments.

Group security settings
Private: nobody can join
Semi-private: the owner has to approve the new member
Semi-public: the owner is notified that there is a new member
Public: anybody can join

Delegated User Attribute Management

Allow end users to manage their own attributes, change passwords, and manage workflow requests through a customizable web interface into Active Directory.

Complete Customization
GroupID Self-Service allows you to set any fields to view, edit, or hide depending on a highly customizable set of roles. Allow only the users you want to manage attributes to manage them.

Notification & Workflow
Create workflow on any attribute changes with approvals going to managers, HR, help desk or admins. Very customizable and powerful workflow gives IT confidence in delegating.
Bad Word Filter

Apply a customizable list of bad words onto any attribute on any object to keep users from polluting the GAL with objectionable wording.
Administrator Control
Reset password

Allow end users to reset their own password.

SharePoint Integration

Use Active Directory Security Groups to control access to resources in SharePoint. In many cases, SharePoint groups are redundant to existing Active Directory Security Groups, so why duplicate the management of permissions? Most IT AD administrators however would rather not delegate control to SharePoint Administrators or give access to the directory using Microsoft Windows Server administrative tools such as ADUC (Active Directory Users and Computers) or ADAC (Active Directory Administrative Center). Instead, they can safely delegate access to security group management in Active Directory with GroupID Self-Service’s friendly web-based portal. SharePoint administrators may also extend the portal with native integration by adding a button in the ribbon. Read more in the blog: A better way to manage AD or SharePoint group permissions.

Phonebook access

A common use for GroupID Self-Service is that of a web-based directory based on the content of your Active Directory. Easily deployable as an intranet solution for your organization, the “Phonebook” role of Self-Service allows users to search and list content of users and contacts in the directory but not allow modifications.

Dynamic Schema Detection

Attributes in your Active Directory are exposed in the GroupID Self-Service portal. Choosing which attributes to display or allow to be modified is configurable. If you have extended the schema through common methods such as that which is extended by Microsoft with the deployment of Exchange or through a custom schema extension, these attributes can be exposed for use within the GroupID Self-Service portal.


Cross Forest Support

GroupID Self-Service is designed to work in many disparate environments and includes built-in support for organizations with a cross-forest configuration. Administrators can delegate control over groups and users in environments where there are forests with established trust relationships.

system requirements

Operating System

Microsoft Windows XP Professional.
Microsoft Windows Server 2003 family
Microsoft Windows Server 2008 family (including 2008 R2)
Microsoft Windows Server 2012 family (including 2012 R2)
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Internet Information Server 6.0
Microsoft .NET 4.0 required

Directory Services Supported

Microsoft Active Directory with Exchange Server 2003
Microsoft Active Directory with Exchange Server 2007
Microsoft Active Directory with Exchange Server 2010
Microsoft Active Directory with Exchange Server 2013
Microsoft Active Directory
Microsoft Active Directory with Office 365
Microsoft Active Directory with Google Apps

Other Client Side

Internet Browsers
Any JavaScript 1.0 Compatible Browser
Chrome, Firefox, Microsoft IE 8.0 or higher is recommended but not required

Hardware Recommended
2GHz* Pentium IV or higher
2GB** RAM or higher
100MB*** or more of hard drive space available for execution

* Or the minimum CPU required to run the operating system, whichever is higher.
** Or the minimum RAM required to run the operating system, whichever is higher.

try it free for 30 days download datasheet