In AGOL content descriptions, don't expose usernames - use an alias, name or title

Idea created by shawjs on Jan 15, 2016
    Reviewed
    Score150

    When AGOL for Organziations content is shared with Public, it's description inculdes: 

    Shared by: <a username>
    Please allow dispalying an alias, title or full name rather than username.
    Exposing usernames creates a security risk with cloud-based content that doesn't sit behind a firewall, since all it takes for someone to gain access to Organziational content is one compromised account, and exposing account usernames makes that much more likely.


    Worse yet, when organizations use federated Enterprise logins, the same account credentials allow access to payroll, email, source code, and other cloud-based solutions. And unfortuantly, AGOL doesn't support multifactor authentication when enterprise logins are used.

     

    To make implementation of this easy for existing and new accounts, create an ALIAS account property and have it default to username, but allow members (or at least an administrator) to change it.

     

    Also, if people could have an offical title displayed rather than username (such as "X County Records Officer") it would help organizations avoid needing to create extra AGOL accounts with these names for purposes of conveying offical content. (and if wanting all members to only log in with enteprise logins, having tilte-based account names means they need to be created in the enterprise directory, which some organizations  might not allow).