For advanced enterprises with sophisticated authentication requirements, this feature would allow authentication through REMOTE_USER information passed in via HTTP headers

This feature requires a [fundamental change to the Mattermost user model](https://forum.mattermost.org/t/unifying-user-accounts-across-teams-for-mattermost-2-2/1126
) so that users can exist outside of teams.

Several threads have discussed this feature:
- https://forum.mattermost.org/t/active-directory-sso-through-a-reverse-proxys-remote-user/295
- https://forum.mattermost.org/t/client-side-certificate-authentication/1174

It would be incredibly helpful for enterprise license holders to be able to generate a sort of test license, so that they can set up a test instance with all the features of Enterprise instances (such as LDAP, SAML, etc) so they can test out their settings first before implementing them into their production instance.

Our organization wishes to use the new bulk export tool to migrate teams and users from our pilot server. This server used email-based accounts, and we are now using LDAP authentication on the new Enterprise server.

All of these accounts should have LDAP, but were created using email addresses that do not always map. We want users to be able to log in once with their old email authentication, then be prompted to log in again using their LDAP credentials.

The timestamp within the log is now Unix Timestamp. This makes it really hard to find the right logs when there is a issue.

Please implement a option to change to a human readable time. I suggest the UTC timestamp. Dateformat can be fix of should better be looking for the server values.

Now:
{"level":"debug","ts":1540975612.3137412,"caller":"web/handlers.go:50","msg":"POST - /api/v4/users/status/ids"}

Better:
{"level":"debug","ts":10/31/2018 8:46am,"caller":"web/handlers.go:50","msg":"POST - /api/v4/users/status/ids"}

Optimal (i am in europe):
{"level":"debug","ts":31.10.2018 8:46,"caller":"web/handlers.go:50","msg":"POST - /api/v4/users/status/ids"}

Best regards

For instances that only use one team, the option to leave the team is not useful.

Please add an option to the system console to hide the button or add a user permission for this function.
The user permission would be the preferred way to handle this to be prepared for growing instances.

A companies security policy often has rules stating that a password may not be reused. To facilitate this many applications have a feature that allows the administrator to state how many passwords the application should remember until a password can be reused. Think, for example, a maximum of 10 password that the application must remember.

Team invite link is not available when account creation is set to false.
Inviting users manually via email is tedious, it would be easy if the team invite link is available.

Currently the avatar size is around 32px.

My test users are hoping it could be bigger so as to recognize people easily.

I did a local test and increasing the size to 50px+ would not affect the layout and is indeed easier to find people.

Notifications of new chat messages should not be emailed if the chat message has already been deleted.

See:
https://github.com/mattermost/mattermost-server/issues/13064

The ability to generate and copy permalinks is great, but it would be awesome if there was an ability to share that URL, so that standard iOS share sheets, or Android intents, could be used to send urls via Gmail, iMessage, etc. Would make it much easier to integrate into our workflow.

The global channel settings aren't flexible enough create teams with differing levels of channel security. Please consider adding the public & private channel settings at the team level.

Simplistic example:

 Team A: invite only with the creation of public rooms disabled

 Team B: public team, with the creation of public rooms enabled

 Team C: public room with the creation of public rooms disabled

My organization would like to have the option to not show deactivated users in member lists.

In corporate Environments often closed discussions take place between persons whose users already exist within predefined ldap groups. For Mattermost it would make sense to authorize users for private channels using such existing ldap groups.

it would be really nice for monitoring and auditing purposes, to be able to extract a list of members in teams and channels

Make enforce MFA a permission so you can assign it to specific group(s).
Some businesses do want to enforce MFA for some groups and some not.

It would be great if you could prevent users from changing their first and last names when using LDAP authentication.

It would be nice if there were a way to reset someone's MFA configuration from the System Console instead of having to use the command line tool. For large teams, MFA devices are lost fairly frequently so it's burdensome to have to use the command line tool each time.

Sometimes it would be handy to export a list of channel members for example to form an emailing list or something. Can't find a way to do this either on UI or with commandline tools. Ideally it would be configurable to get Name or Email or both.

Please add Gsuite as an officially supported SAML authentication source.