We are using active directory and a federated server configuration. Currently anybody who hits our Portal url becomes a user in Portal, is there a way to prevent that? Any best practices? Also, is there any way to configure security to who can create a group? Our biggest problem is if we only have so many "named user" licenses and anybody can get into portal by clicking a link how do we control that across the Enterprise with thousands of employees.