powered by The main team
Out of the box, Concourse comes with a single team called main.
The main team is an admin team, meaning it can create and update other teams. Currently there is no way to promote a team to become an admin team, so main is a special-case.
The main team is configured as part of the deployment itself as flags passed to the ATC. You can find more about the required flags in Configuring Auth Providers.
The values set in the auth flags take effect whenever the ATC starts up. This is done so that you can't get locked out and so that you can have Concourse sanely configured as soon as it comes up.
Consult concourse web --help to discover the complete list of flags for configuring auth for the main team.