@Bouben I have a similar setup with a couple of my tenants. Basically, I log in to my docebosaas.com domain and then impersonate whomever is in the tenant. You can see the dashboard for anyone in this subdomain except for the SuperAdmin.

That is what we do as well.

Hi there,

So if I am reading this correct, you are on your SAAS/Root Domain URL and looking to access the Secondary Domain or Subfolder EE?

If so, head over to the Extended Enterprise and locate the EE and click on the Settings.

The following page will show. Click on Configure Branding and Look. This will then open in a new tab, but you will see you are now logged into the Secondary Domain/EE and free to navigate around. This works as a Superadmin.

If you need a bypass URL for ‘User’ / ‘Poweruser’ permission level users, you will have to set this up with the OAUTH app.

There is actually a way to work around this, but I’d recommend discussing it with your IT team first to ensure it aligns with your security policies.

1. Install the API and SSO app
2. In the app, click API Credentials
3. Click the Add OAuth2 App button
4. Enter a name and description of your choice
5. Enter “admin” in the Client ID
6. Enter the main platform URL (not the extended enterprise; if it's a custom domain, you can use the custom domain)
7. Click Advanced Settings and check the boxes for Authorization Code + Implicit Grant and Resource Owner Password Credentials
8. Confirm
9. Now to log in without SSO you need to access from the following link (customize the bold red text) https://subdomainurl.com/oauth2/authorize?response_type=token&redirect_uri=https://maindomainurl.com/&realm=resource&client_id=admin

Of course, the client ID “admin” can be replaced with anything you prefer, as long as it’s consistent in both step 5 and step 9.