The Group Management System (GMS)
GMS is the Group Management System for CERN. GMS groups are used for both access control and mailing lists. It is a production system already in use by many applications such as Indico, CDS, Single Sign-On and more. Currently (June 2025), it is possible to manage groups through both GMS and the legacy system, Egroups. Egroups will be decommissioned during 2026.
GMS is available as a web portal, https://groups-portal.web.cern.ch, and an API.
GMS Project Goals
The GMS project is jointly funded by FAP-BC and IT to fully develop GMS features to allow the e-groups service to be retired. GMS will introduce the following improvements for CERN and its collaborators:
- Faster synchronisation of group members to Single Sign On, Active Directory and systems relying on the Authorization Service API
- More fine grained controls on group privacy and sharing with systems
The initial project only covers the development of existing e-group features. Additional features are out of scope.
Timeline (updated February 2025)
Key dates
- E-groups becomes read only during September 2025
- E-groups is decommissioned soon after the start of Long Shutdown 3
GMS Presentations
ITUM
- ITUM-36, June 2022 (Dedicated)
- ITUM-41, March 2024 (Slide 6)
- ITUM-42, July 2024 (Dedicated)
- ITUM-43, November 204 (General slide 17)
- ITUM-44, March 2025 (General slide 27)
- ITUM-45, June 2025 (General slide 9)
IT Business Engagement
- ATS-IT Technical Committee, Sept 2024
- ALICE-IT Technical Coordination, Oct 2024
- IT-ATLAS Coordination, Oct 2024
- ATS Common Hardware & Software Technologies Technical Board, November 2024
- IT/CMS Coordination, Nov 2024
- IT/LHCb, December 2024
- IT-TH Coordination, December 2024
- FHR-IT Technical Committee, May 2025
- RCS-ICT Technical Committee, June 2025
What do you need to do?
| Who are you? | Action required? | By when? |
|---|---|---|
| Group Owner | None. Your groups will be migrated for you. You can choose to migrate your groups early. | End Sep 2025 |
| WRITE Egroups SOAP client | Migrate to GMS REST API. Migrate all groups that you manage. | End Sep 2025 |
| READ Egroups SOAP or DB client | Migrate to GMS REST API. READONLY Oracle DB export available on demand. | End Sep 2026 |
| CSV user | Strongly recommend to move to GMS native format. Backwards compatibility provided temporarily. |
Reasonable GMS Usage
Although GMS handles the current 80,000 groups well (with scope to grow), please do not take this as an opportunity to freely create large numbers of groups. Why?
- Every operation (recursive calculation, synchronisations) gets slower the more groups we have
- Downstream off-the-shelf systems already struggle with the number of groups at CERN (e.g. Mailing lists, AD)
- Others may begin to be impacted (e.g. SSO slowness)
- Users in approximately 1000 groups or greater will have authentication issues due to limitations in various security protocols (AD, Kerberos, SAML and OAuth Token size)
Support
Please contact us through Service Now