If you use a third-party single sign-on scheme such as Shibboleth or LDAP with 25Live, users are automatically created in 25Live from your existing directory. You can use these settings to determine which group the new users belong to.
Find the Authentication Options page in the menu at the top right:
Image: Authentication Options menu
On this page you can set the following options:
Default group for new users
Any new user submitted to 25Live will be placed in the default security group you specify here, unless the user is passed in with a valid security group that already exists in the Series25 database.
Behavior for existing users
Whenever any user authenticates who is not a new user or a system administrator, one of two things will happen:
Move the user from their current security group to any new group submitted with the user, as long as the security group already exists in the Series25 database.
Ignore any passed-in security group, so the user remains in their current 25Live security group.
Any existing user already in the 25Live System Administrators security group (ID -1) will never be moved from that group, regardless of the option selected here—even if a different, valid security group is passed in with that user.