[dazbradbury]

Presumably with SAML/SSO you can still change your slack display name and profile picture?

[grinich]

The data only comes during the sign-in flow. If you want to change it dynamically outside of that, it's typically done via SCIM.

For anyone curious, we wrote a blog post all about this. https://workos.com/blog/the-developers-guide-to-directory-sy...

(I work at WorkOS.)

[reactordev]

Negative, that comes from Azure AD, or Cognito, or Keycloak, or whatever.

The users name, email, phone, location, avatar pic, department, etc all comes over in the SAML payload.

[bigyikes]

This is not correct in general. My job uses SSO and I can change my Slack name.

[foobarian]

In our case we can not change the Slack display name, but we can change the @ handle. Pretty good compromise IMO.

[reactordev]

It is correct, your company just messed up somewhere...

[newdee]

Eh, that’s a matter of opinion on policy. Technically (at least with Slack) it is possible to require SSO for users and control over which profile attributes they can change themselves, including display name. Although they may get clobbered at login as part of reading the SAML doc.

[reactordev]

Just because you can, doesn’t mean you should - and in fact is a security hole if you do. We don’t allow security holes where I work so all attributes are copied over and nothing can be changed. No hidden employees. No unknown guests.

[neom]

Not slack, we use teams at work and I have very limited ability to do anything, can't change my name and we have profile pics disabled.