Group Management Service (GMS)

The Group Management Service is an access management platform supporting distributed and automated access controls for university applications.

Core capabilities…

  • Define and apply access control policies to applications
    • use group math operations and nesting of groups
    • ability to deligate membership management to others
  • Integrate with nearly any application
  • Audit and point in time knowledge
  • Consistent expression for access controls across application boundaries
  • Ability to link and reuse access controls across application boundaries
  • Application owners can extend, redefine and reuse access controls as often as they choose too.
  • Application owners can choose to delegate out partial or full control over individual GMS groups to other OSU access managers.
GMS Interface Descriptions
GMS Interfaces Description
WebSSO (AKA: "Shibboleth") authenticationIf you are already using WebSSO for your application and the application can use “User Attributes” from the SAML process then this is likely your best/easiest choice.
This is “real time” read from GMS (via WebSSO integration) and has a local “fall back cache” (refreshed frequently) in WebSSO to ensure data is available as long as WebSSO is up.
GMS Web Services Rest/SOAPGMS can expose data via REST/SOAP API models. If your application can be modified to integrate with a REST API and would prefer to directly interact with GMS then this is likely your best choice.
AD domain groups (BCD is currently available)  (This can be extended to support other AD's as well)

If your application(s) only integrate with AD/AD groups then this is likely the easiest choice.

Note this approach exposes your group membership to the AD domain and requires some “sync processing” to occur to keep things updated.

Custom/DirectIf you are willing to implement (AKA: “write code”) a “connector” then this method can get updates directly to your application in an event-based model just after the changes happen in GMS. This is likely the more difficult to implement of the choices, but it can also provide you much more flexibility and leverage GMS in a more complicated way as well.
AWS SQS queue (other message queue systems are also possible)If your application/infrastructure uses a Message/Service Bus design then this may be an easier alternative to the Custom/Direct integration model.


For public documentation, please visit
You can also join the GMS MS Team at to interact with the GMS service team and other GMS users.

To explore or request using GMS, complete the intake form at to start the process.

If you have access to the system, login at

Contact Info

For technical support for any of our services, please visit the IT Service Desk Service or call 614-688-4357 (HELP).