Given the administrative burden of managing a large organization with user accounts that are not searchable by last name we believe supporting search on last name is a reasonable Idea:
When using a SAML-based identity provider for an ArcGIS Online organization the givenname attribute is passed from the identity provider to ArcGIS Online. First name and last name are tentatively extracted from the composite givenname value and are displayed in user profiles, but apparently are not committed to the system until the profile is actively Saved by the user or an administrator. The organization can be searched for users based on their first name, but results are not returned for last name until the manual save operation is completed, contrary to the widely-held assumption that a user account can be located based on the user's last name.