CentraSite can use groups that are defined in the external authentication system. When you use an external group with CentraSite, the membership of the group is defined and managed by the authentication system, not by CentraSite, you cannot use CentraSite to add members to the group or delete members from the group.

When CentraSite executes a request that references an external group, it accesses the external authentication system to resolve the group's membership. It performs the requested activity for each user who is a member of the specified group and is also a registered user on CentraSite. Users that are named in the external group but are not registered CentraSite users are ignored.

You can use externally defined groups in exactly the same way as native groups that you define in CentraSite. For example, you can assign roles to externally defined groups and you can grant permissions to them.

If your authentication system already defines groups of users who are significant to your SOA environment, for example: SOA Architects, SOA Project Review Team, SOA Managers, add them to CentraSite as external groups. Adding them to external groups will simplify maintenance by eliminating the need to update two systems when the membership of a group changes.