diff --git a/src/groupdb.js b/src/groupdb.js
index 51e8c7790..354f5612c 100644
--- a/src/groupdb.js
+++ b/src/groupdb.js
@@ -27,8 +27,7 @@ exports = module.exports = {
 var assert = require('assert'),
     database = require('./database.js'),
     DatabaseError = require('./databaseerror'),
-    safe = require('safetydance'),
-    _ = require('underscore');
+    safe = require('safetydance');
 
 var GROUPS_FIELDS = [ 'id', 'name', 'rolesJson' ].join(',');
 
diff --git a/src/groups.js b/src/groups.js
index fd922db60..1550c46f0 100644
--- a/src/groups.js
+++ b/src/groups.js
@@ -259,10 +259,13 @@ function update(groupId, data, callback) {
     assert(Array.isArray(data.roles));
     assert.strictEqual(typeof callback, 'function');
 
-    var error = accesscontrol.validateRoles(data.roles);
+    var error = validateGroupname(data.name);
+    if (error) return callback(error);
+
+    error = accesscontrol.validateRoles(data.roles);
     if (error) return callback(new GroupsError(GroupsError.BAD_FIELD, error.message));
 
-    groupdb.update(groupId, { roles: data.roles }, function (error) {
+    groupdb.update(groupId, { name: data.name, roles: data.roles }, function (error) {
         if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new GroupsError(GroupsError.NOT_FOUND));
         if (error) return callback(new GroupsError(GroupsError.INTERNAL_ERROR, error));
 
diff --git a/src/routes/groups.js b/src/routes/groups.js
index ceec76269..266544de9 100644
--- a/src/routes/groups.js
+++ b/src/routes/groups.js
@@ -55,12 +55,14 @@ function update(req, res, next) {
     assert.strictEqual(typeof req.params.groupId, 'string');
     assert.strictEqual(typeof req.body, 'object');
 
+    if (typeof req.body.name !== 'string') return next(new HttpError(400, 'name must be a string'));
+
     if (!Array.isArray(req.body.roles)) return next(new HttpError(400, 'roles must be an array'));
     for (let role of req.body.roles) {
         if (typeof role !== 'string') return next(new HttpError(400, 'roles must be an array of strings'));
     }
 
-    groups.update(req.params.groupId, { roles: req.body.roles }, function (error) {
+    groups.update(req.params.groupId, { name: req.body.name, roles: req.body.roles }, function (error) {
         if (error && error.reason === GroupsError.BAD_FIELD) return next(new HttpError(400, error.message));
         if (error) return next(new HttpError(500, error));