When assigning a custom role through New member defaults, we would like the custom role to be able to have the privilege for “Link to organization-specific group” (or portal:admin:manageEnterpriseGroups)
This would enable our users to leverage SAML groups from our Enterprise Directory.
Our current workaround is to have a schedule task that checks for new users. When it finds a new user that was assigned a custom role without that privilege by New member defaults, it then changes their role to a custom role that includes that privilege (and other privileges that are not compatible with New member defaults.)
(This is related to Make ‘create group with update capabilities’ a non-admin privilege.)