Atlassian blocks Update profile calls that modify the name attribute of accounts assigned to an SSO-enforced authentication policy. Other attributes can be updated via the API without issue for SSO-enforced accounts, including updating the email via the Set email call.

• Updates to the Full name of an SSO-enforced account are currently possible via the UI, but that ability has been filed as a bug: ACCESS-1718.

Due to the limitations on being able to update an SSO-enforced account's name via the API, customers who configure SAML SSO without Atlassian's optional SAML attributes for .../claims/givenname and .../claims/surname are only able to update an account's Full name via the UI (which is apparently a bug) or via SCIM. If a fix for ACCESS-1718 is released and a customer in this position hasn't or can't configure SCIM, they are left with no recourse to update an SSO-enforced account's Full name without disabling SSO, which is a security risk that many customers are unwilling to take.

While the Full name of an account can be defined by SAML using the .../claims/givenname and .../claims/surname attributes, many customers prefer to use a different value for their users' Full name values in Atlassian, such as the displayName SCIM attribute. For customers who don't or can't use SCIM, blocking updates to the Full name of an account via the User management REST API just because it's assigned to an SSO-enforced authentication policy doesn't make sense and only causes frustration for customers who use SSO without SCIM and want to administer their accounts via the API.