diff --git a/src/abbey/functions/member_of.rego b/src/abbey/functions/member_of.rego
new file mode 100644
index 0000000..5576a27
--- /dev/null
+++ b/src/abbey/functions/member_of.rego
@@ -0,0 +1,26 @@
+package abbey.functions_test
+
+import future.keywords.if
+import future.keywords.in
+
+apps := [
+	"googleworkspace",
+	"okta",
+	"google",
+]
+
+# METADATA
+# title: Member Of
+# description: |
+#  Function which checks whether a user is in a given group.
+#  Groups are kept within an object called group_memberships in the
+#  system.abbey object.
+# related_resources:
+# - ref: https://docs.abbey.io/reference/access-policies/types-of-access-policies
+# entrypoint: false
+member_of(group_id) if {
+    some app in apps # Iterate over each app.
+	user_groups := data.user[app] # Get each app of the user.
+	some group in user_groups.groups # For the app, get the user's group memberships.
+	group_id in group # Check if the group_id is one of the keys of the group object.
+}
diff --git a/src/abbey/functions/member_of_test.rego b/src/abbey/functions/member_of_test.rego
new file mode 100644
index 0000000..c9f9160
--- /dev/null
+++ b/src/abbey/functions/member_of_test.rego
@@ -0,0 +1,53 @@
+package abbey.functions_test
+
+import future.keywords.if
+
+fixture := {
+    "googleworkspace": {
+        "groups": [
+            {
+                "id": "Engineering"
+            },
+            {
+                "id": "R&D"
+            },
+        ]
+    },
+    "okta": {
+        "groups": [
+            {
+                "id": "123"
+            },
+            {
+                "id": "456"
+            },
+        ]
+    }
+}
+
+test_member_of_googleworkspace_engineering_group if {
+	member_of("Engineering") with data.user as fixture
+}
+
+test_member_of_okta_group if {
+	member_of("123") with data.user as fixture
+}
+
+# Tests if the user is a member of a group within Google. However, technically, the way we implement
+# the `member_of` function entails a lookup against all of the user's `apps`. This means this test
+# will also produce `false` if the group doesn't exist as a result of the group not being imported.
+test_not_member_of_googleworkspace_engineering_group if {
+	not member_of("Marketing") with data.user as fixture
+}
+
+# Tests if the user is a member of a group within Okta. However, technically, the way we implement
+# the `member_of` function entails a lookup against all of the user's `apps`. This means this test
+# will also produce `false` if the group doesn't exist as a result of the group not being imported.
+test_not_member_of_okta_group if {
+	not member_of("789") with data.user as fixture
+}
+
+# Tests if the user is a member of a group, but the group is not imported.
+test_unimported_group if {
+	not member_of("unimported") with data.user as fixture
+}