Skip to main content

We are having our customer launch this week and this morning I had the idea to create a customer user profile for our Sales and Field team to access so they can replicate an example customer profile when they are doing live demos.

The issue is that I only want them to have the ability to impersonate one user. I created the power user profile with that one singular permisions and have enabled the required notification for it to be enabled too.

 

It’s still not working. Has anyone tried this use case?

So you want them to only be able to impersonate a single “test” account? If you have a test account you probably don't need to have them impersonate it. Maybe give them each a proper test account?


@lrnlab Unfortunately, as much as I would love to give them all test accounts, our organization uses SSO for sign-on. This nullifies the ability of people to have multiple accounts on one device which is why I was attempting to enable this function as a workaround for additional functionality.


To get this permission to work you have to have both the Impersonate a User permission turned on AND “View” users turned on.  Otherwise it will not create the menu option in the admin portal for the Power User to see the individuals they need to impersonate.  Remember that your test account also has to be assigned to each Power User as a “Resource” as well before it will show up.

Another important note is that if you try to impersonate a Power User to see if this permission set up works, you won’t see the “Log In As This User” option because you can’t Impersonate while you’re already Impersonating.  You have to actually log in as the Power User to see the permission as active.  I have my own test Power User I use for this when trying out new profiles.


@lrnlab Unfortunately, as much as I would love to give them all test accounts, our organization uses SSO for sign-on. This nullifies the ability of people to have multiple accounts on one device which is why I was attempting to enable this function as a workaround for additional functionality.

If it helps, and if your SSO is set-up at a sub domain level (not the root), you can always use the root to manually login all the while leaving SSO in place for the sub domain.


@trose23 Thank you! I had a feeling it would be something simple like this but I just couldn't place my finger on it. The user resources are in place and with this integration of the “View” permission, we are now experiencing success with this Power User Profile. I have designated a user to assist with the primary testing on their account and verify it is working.

 

@lrnlab Another tripping point for us as we are having the SSO pulled from the root. Our organization does not want anyone to have access unless they are using the SSO and are very strict about it so we don't have the ability to modify the system to allow this functionality. I do appreciate knowing these adaptabilities are available though. 


You can set the power user up to have all of the permissions to impersonate a user and give them visibility to a group of test accounts (depending on the scope of the activity). Then have a test account(s) added to those power users user resources. 

This will allow the power users to go to the “branch” with the test accounts and impersonate the users while login as their own accounts on SSO.

We do this for our instructors. The only problem is that we have to periodically add all of the system users to the instructor’s user resources in power users resource management.


Reply