thanks. I think I would need an example of what you are saying or a more complete explanation. I went to the auth user behavior and then to SA>Authenticate User and it seems if I add usergroup to this, it would exclude customers. It would apply the rule to all logins. Maybe I should just set up a separate login for admin pages?