The source grouping identifier field is used when the alert source has its own built in grouping mechanism and we want to match those groups in SecOps.  The field may be populated by a connector based on fields that particular source uses for grouping.  Not all connectors include this mapping, but an example of one that does is QRadar, which uses offense.id to indicate grouping.

For an example of how that field is populated by a connector use the IDE to checkout the QRadar Offenses Connector, that is included with the Qradar integration from the marketplace, and search for 'alert_info.source_grouping_identifier'

To see if that field is populated for a particular alert type you can use a manual action against an alert to run 'Get Original Alert Json' (included with the Tools powerup) and review the output to find the 'SourceGroupingIdentifier' field.