If the Identity Provider (IdP) passes in role information for the person logging in, then you can set this 'prefix' field so that only those roles starting with the prefix should be handled by Mahara.
This way the IdP can have different roles for different Service Providers (SP). If the person does not have any roles relating to this prefix, they will not be allowed to log in.