Summary
Our users log in with “Office 365” (AAD / Entra ID) SSO credentials, and despite being enabled, the Full Names from the identity provider do not show up.
Steps to reproduce
- Have Mattermost Professional and an Entra ID (f.k.a. Azure AD) tenant.
- Follow the steps at How to integrate Mattermost E20 with Office 365 to allow users from the Entra ID tenant to log in to Mattermost
- Log in to MM and join a team
- Check out your user profile and notice that it only has a username (the part of the login UPN; in our case it’s a random identifier that has no resemblance of the user’s real or nick name)
- Try to edit user profile: In User Profile Settings, under FULL NAME, it says “Click ‘edit’ to add your full name” but clicking Edit reveals only “This field is handled through your login provider. If you want to change it, you need to do so through your login provider.”
- note you can edit your nickname
- For other users, you can only see their “@username” (e.g. @lrg253lg) and their self-chosen nickname (e.g. “hobbit”), but not the “Full Name”
When troubleshooting, we observed that the cause is that the identity provider (Entra ID) user profile do not have a “First” and “Last” name value populated, but only the “Display Name” value.
In a test tenant, we could replicate this and work around it by populating “First name” and “Last name” values in accounts.
However, when first and last name values are set in the identity provider (Entra ID user account properties) and Mattermost config is set to “Teammate Name Display: show nickname if one exists, otherwise show first and last name”:
- Yes, we now see the user’s nickname prominently displayed in chat for those who have it configured (excellent, that’s what we want)
- When clicking on the user icon in a chat, the little profile popup only shows “First name and Last Name” on top, followed by @1231231 (random account name from IDP), email address, … but no indication of the nickname.
Expected behavior
- Higher Pri: Able to map which parts of an O365 (Entra ID) claim compose the “Full Name” of a user in Mattermost to avoid making assumptions about which fields contain the correct data used in a given organization.
- Optional: Also enable the optional mapping of the “Position” user profile setting, e.g. to pull “job title”.
- Optional: display the nickname as part of the mini-profile popup when clicking another user’s name in chat
Observed behavior
- Unable to map the Entra ID / O365 / identity provider user profile property “Display Name” to the Mattermost user profile “Full Name”. Matter most always composes “Full Name” by concatenating “First Name” and “Last Name” from the IDP. This can create problems for certain name use policies, as well as or Mattermost server operators who do not have the power to convince a large organization to change the way they populate their identity fields in Entra ID.