A system and method for using an opaque group within a federated identity management environment, to prevent disclosure of identities of the group. An opaque group is constructed at an identity provider within the system and has a group identity that references primary system identities of its members (e.g., electronic mail addresses, public key certificates, network addresses). Services to the group (e.g., distribution of an object such as a document or electronic mail message, invitation to an online meeting, authentication as a member of the group) can be requested from service providers, but because service providers do not have access to members' primary identities, the service providers forward the requests to an identity provider that has access to the group identity. That identity provider retrieves the members' identities and completes the action.