We are using CUA as our user repository. There are certain users that are used for RFC connections etc. Now due to security reasons we do not want to allow these users to be able to login to Portal. I think it can be possible if we take these users away from the "Authenticated users" group. But Portal does not allow to take a user out of "Authenciated users" group.