diff --git a/docs/references/api.md b/docs/references/api.md
index 193b7ee3a..e19558e3e 100644
--- a/docs/references/api.md
+++ b/docs/references/api.md
@@ -862,9 +862,10 @@ Response (200):
 
 ### Set members
 
-PUT `/api/v1/groups/:groupId` <scope>admin</scope>
+PUT `/api/v1/groups/:groupId/members` <scope>admin</scope>
 
-Sets the members of an existing group with id `groupId`.
+Sets the members of an existing group with id `groupId`. Note that this replaces the
+existing users with the provided userIds.
 
 Request:
 ```
diff --git a/src/routes/groups.js b/src/routes/groups.js
index e968e28c7..17d2e5dd5 100644
--- a/src/routes/groups.js
+++ b/src/routes/groups.js
@@ -5,7 +5,7 @@ exports = module.exports = {
     list: list,
     create: create,
     remove: remove,
-    update: update
+    update: updateMembers
 };
 
 var assert = require('assert'),
diff --git a/src/server.js b/src/server.js
index a41c5a364..2e6cf8a30 100644
--- a/src/server.js
+++ b/src/server.js
@@ -123,7 +123,7 @@ function initializeExpressSync() {
     router.get ('/api/v1/groups', usersScope, routes.user.requireAdmin, routes.groups.list);
     router.post('/api/v1/groups', usersScope, routes.user.requireAdmin, routes.groups.create);
     router.get ('/api/v1/groups/:groupId', usersScope, routes.user.requireAdmin, routes.groups.get);
-    router.put ('/api/v1/groups/:groupId', usersScope, routes.user.requireAdmin, routes.groups.update);
+    router.put ('/api/v1/groups/:groupId/members', usersScope, routes.user.requireAdmin, routes.groups.updateMembers);
     router.del ('/api/v1/groups/:groupId', usersScope, routes.user.requireAdmin, routes.user.verifyPassword, routes.groups.remove);
 
     // form based login routes used by oauth2 frame