SSGM stands for self-service group management.
Groups may be used for many purposes in an organization: application access management, license management, SharePoint site access, SSPR – to name a few. SSGM can enable some of, or perhaps even the whole of, the process of creating and managing group configuration and membership, allowing IT teams to concentrate on other functions within the organization.
For a lot of organizations, it is desirable that the day-to-day control of groups and group membership should be delegated to people in the business who understand the business context for that group and its membership. These people can be designated as owners, and administrators can define policies for what these owners can do with specific group types (for example security or O365 groups).
In Azure AD, self-service groups work like this:
- A group is either open to join for all users, or membership requires owner approval
- Owners manage their groups, including membership request, through the access panel (myapps.microsoft.com)
- User make requests through the same access panel (with a business justification, if required)
- If the group requires owner approval then an owner receives an approval notification and can decide whether or not to approve or reject the request
- The user is notified of the response