• State Verified Answer
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 17 subscribers
  • Views 2261 views
  • Users 0 members are here
Options
Related

Is there a way to hide the username from the mentions list?

Alex Nassi

In our community, we have a subset of users that have their email address as their username. The usernames are populated via an SSO connector, so users cannot immediately edit their usernames themselves through their profiles. This was mentioned by one of our community members as a possible GDPR/data privacy concern.

Due to this, I was wondering if there's a way to edit the @mention list in an effort to only show displaynames and not usernames. This appears different for different users, for example, you can see different user names in the first picture below but no username on my account in the second picture (I assume this is my display name being the same as my username?):

I haven't seen anything in the admin menu to change how the usernames are displayed and don't see this list in the widget studio or anywhere else in the interface menu. Any attempts from the theme side seem like it would remove the whole name and avatar, not just a section of the name. @tom

I realize also that the username ends up being the user profile URL, but this mention list would be a good start at least in fixing this. 

Any suggestions? 

  • 0

     

    I know there is a way in the admin panel to make users not searchable (done on a per user basis) but I believe that also effects your all members pages as well as if you were to search for that uesr in the top search bar and it is not applicable to just a portion of the text in @mention

  • 0 in reply to Sara Collins

      Thank you for the reply. I'll bring that up to the user who brought this up (User A), but I was hoping for more of a widespread solution to just remove the reference to the User Name as this was mentioned by User A, reporting that he could see User B's email address.

    We have some updates to our SSO connector coming soon (I'm working with John on this) so I'm hoping that will also help make it easier to modify the user names.

  • +1 in reply to Alex Nassi

    Usernames are the only thing in that list that make a user unique.  By removing them you run into the issue where several users use the same display name or similar(this is allowed) in which case the user becomes indistinguishable from others.

    It has always been the recommendation to never use email as a username because it is an information disclosure vulnerability as information that the platform protects as private is being made public and not just here.

  • 0 in reply to Patrick M.

    Thanks  . That makes sense. Good reasons to work on the root cause (emails as usernames) instead of one of the symptoms of the issue (showing on this menu). 

  • 0

    I know this is probably considered resolved, I'm going to throw in how we've handled this on the element14 Community:

    1. Changed the username regular expression filter to disallow @ in the username. This prevents users from using an e-mail address as their sign in name

    2. Turned on allowing users to login with their sign in name or e-mail address, this reduces the number of users that complain that they cannot login, because now it's obvious to them that 'sign in name' and 'email address' are two different things

    3. Turned on moderation for not allowing e-mail addresses in content and set the level of this to '1', Verint's moderation then picks up any user who has an e-mail address as their sign in name and puts them straight into moderation / the abuse queue, and that then gives me the opportunity to go through each user on a case by case basis and change their sign in name from being an e-mail address to something sensible. This combined with point '2' means that they can still use their e-mail address to login even if they don't know their new sign in name that's been set.

    This approach drastically cuts down two things:

    1. The amount of personally identifiable information accidentally made public by the user

    2. Ensuring that any e-mail addresses posted by the user is caught by the moderation queue regardless of it accidentally being their sign in name or in their content.

    The user can also, as Sara has said, stop their profile being 'searchable' which means they're removed from the mention list in content.

About
Privacy Policy
Terms of use
Copyright 2024 Verint, Inc.
Powered by Verint Community