Future Scope
- Matt Birtch
- Asaad Mahmood
We are looking at this feature as the first candidate to leverage the new ‘properties’ concept that @Joram Wilander has been working on.
Figma Design - Figma Prototype - Loom Demo Video
Ability to define custom profile attributes at the team level
Team admins would be able to define new properties (not system defined ones) at the Team level, and any user that is part of that team will get that property on their profile and would be able to set the value.
Team admins won’t be able to link this property to AD/LDAP at this point.
Here’s how it is displayed.
In the profile settings modal, we can also show an indication on the particular property that is introduced by a specific team.
This allows us to see which team has introduced that property, and can be especially helpful if we have conflictory properties introduced by separate teams, like 2 separate teams introducing Rank.
Configuring custom user properties
In the system console, a new view is proposed under Site Configuration > System properties. This will house configuration for customizing properties for users, messages, and cards.
To start, we’ll focus on user properties. Below is the view for configuring these properties.
Locked user properties
Every Mattermost server has as set of standard user properties. These properties cannot be removed.
Profile Image (no visibility options)
Full Name (visibility default: Always show)
Username (visibility default: Always show)
Email (visibility default: Hide when empty)
ID (visibility default: Always hide)
The following configuration can be changed available for standard user properties
Visibility - admins can hide/show the property from user profiles (see below)
Link/unlink SAML or ADLDAP (if setup)
Unlocked user properties
Default unlocked user properties
By default, the following optional properties ship with user profiles. These properties can be removed or edited as needed. Additional properties can also be added here (see ‘Adding a new property’ below).
Nickname
Position
Adding a new user property
Users can click the + Add property button to add a new property to the system.
Re-ordering unlocked properties
Each row in the custom properties table can be dragged to re-order. Re-ordering here will change the order properties are displayed in the user profile.
NOTE: Standard properties cannot be re-ordered.
Editing a property
Editing property name
Clicking on the property name in the table enables users to edit the name inline.
Note: User property names must be unique.
Editing property type
Custom properties can be clicked to open up the types menu to change the property type. This menu is searchable.
Editing property options
Admins can set predefined options for a property with Select, and Multi-Select property types. Admins can add and remove options directly in this configuration table.
More settings and actions
Rename: Sets focus on the name cell
Edit property type: Sets focus on the type cell and shows the type menu
Visibility: Choose whether the property shows in user profiles. Available options are:
Always show
Always hide
Hide when empty (default)
Allow new options: Choose whether end users can add new options for the property. This is only available for Select or Multi-Select property types.
Duplicate property: Creates a copy of the property with the same configuration and adds to the bottom of the table. Appends ‘2’ to the end of the property name.
Link to SAML or AD/LDAP: If SAML or ADLDAP are configured on the server, this option will be available and user properties can be linked.
Linking a property to SAML or AD/LDAP attribute
If the server is already configured with AD/LDAP or SAML sync, then the menu option to link a property becomes available.
LDAP and SAML can both be configured on the system and on properties. If so, we will show both options.
If “Enable Synchronizing SAML Accounts With AD/LDAP:” is turned on, we will still show both options, but those who are signing in with SAML will have their values inherited from AD/LDAP.
Here’s how the properties would behave depending on the various options turned on.
AD/LDAP SAML Table
AD/LDAP Enabled | SAML Enabled | Enable Synchronizing SAML Accounts With AD/LDAP | User login | Value State | Result |
|---|---|---|---|---|---|
Yes | No | No | Via AD/LDAP | Attribute found in AD/LDAP | Values comes from AD/LDAP |
Yes | Yes | No | Via AD/LDAP | Attribute found in AD/LDAP | Values comes from AD/LDAP |
Yes | Yes | No | Via SAML | Attribute found in SAML | Value comes from SAML |
Yes | Yes | Yes | Via SAML | Attribute found in SAML, and also in AD/LDAP | Value comes from AD/LDAP |
Yes | Yes | Yes | Via SAML | Attribute found in SAML, but not in AD/LDAP | Value comes from SAML |
Yes | Yes | Yes | Via SAML | Attribute found in SAML, but user as a whole does not exist in AD/LDAP | Value comes from SAML |
Yes, but property linked only to SAML | Yes | Yes | Via SAML | If SAML attribute found in LDAP | Value comes from LDAP |
Yes, but property linked only to SAML | Yes | Yes | Via SAML | If SAML attribute not found in LDAP | Value comes from SAML |
Upon clicking this menu option, a modal opens to link the property with the AD/LDAP or SAML attribute.
When a value is entered, the attribute is checked and validated with AD/LDAP (or SAML).
If there’s a way to add validation of attributes when configuring them, but that is additional work.
From Colton: It is a valid requirement from customers, as its case sensitive, its very error prone.
When a property is linked, it will show ‘Linked with AD/LDAP’ in the row
Once a property is linked, it can be edited or unlinked by clicking ‘Edit link to AD/LDAP’ in the menu which will open the modal to make changes.
How a linked property appears in the list
A user can also click any of the tags to go to the edit screen for that linkage..
If a property is no longer valid and was changed in SAML/LDAP.
We can try to show that property in red, identifying that it was unlinked, and when a person opens up the modal, we can show the error.
And clicking on it can open this.
Changes to current LDAP/SAML Configuration
Currently various profile attributes are being linked to SAML and LDAP using the various options mentioned on each page.
Various attributes may already be synced on these pages, so we need to ensure that those are migrated once we switch these attributes to the System Properties page.
However, since we’ll be having the link option available in the System properties page, we do not need to duplicate these options there.
Thus, we will have a to add anchors to the new page.
Which can be done as follows:
AD/LDAP
SAML
Also proposing we encapsulate everything in the SAML section in a white container like we have in AD/LDAP, even if it is just under one and not broken out.
Displaying custom properties in the profile popover
Webapp
Standard properties will have reserved slots in the popover, while custom properties will display directly below the ‘Email’ property.
Mobile
Custom properties in the profile settings modal
Webapp
Mobile
