Remove the ability for non-Arcos employees to use the security groups designated for Arcos.

We experienced an issue where administrators got locked out of the system when they were a member of the "Admin" group as SSO permissions were removed. After submitting a ticket, we found that this group is used by Arcos employees / was modified, and it was suggested that we create our own admin group. I think that it would be really beneficial if this group could be locked down to only Arcos employees or hidden somehow so that companies cannot use it. Ex. Have an admin group that is only used by Arcos employees that individual companies cannot see or use and have an admin group that is only used by companies and cannot be modified.