When using the AD group functionality to link user authentication, it would be nice if the user's presence or absence of a group dictated the QATrack group they would be in.
I.e. if User was in Agency_therapy, that would map to granting the user QATrack\Therapist rights.
I'm not sure if this would be the functional way to get this to work but I see this as a mapping table replacing the 'default group' value that maps a site's AD groups to QATrack groups. I would even be open to being forced to rename the QATrack groups to match their respective AD groups.
This would help significantly with onboarding and offboarding staff.