Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.

Impersonate a user

Log in to subscribe to topics and get notified when content changes.

Impersonate a user

Administrators can impersonate other authenticated users for testing purposes and view impersonation logs. The impersonation option is not visible in the mobile view of the platform.

When impersonating another user, the administrator has access to exactly what that user can access in the system, including the same menus and modules. The instance records anything the administrator does while impersonating another user as having been done by that user.

Impersonation limitations

  • When you impersonate any user, all scope-protected roles and encryption context roles are removed from the user being impersonated. However, if the impersonating user (the admin, for example) has a scope-protected role, that role is not removed from the list of roles for the user being impersonated.
  • When you impersonate a user with an application-specific admin role (for example, an application admin for Human Resources or Security Incident Response), you cannot access features granted by the application admin role, including security incidents, profile information, or other scope-protected features, unless you already have those roles. Access to modules and applications in the navigation bar is also restricted. Admins cannot change the password of any user with an application admin role.
  • Impersonating a user is not supported for mobile phones. For most mobile phones, however, you can impersonate a user by switching to standard view, performing the impersonation, and switching back to mobile view. Some mobile devices may have problems rendering the Impersonation dialog.

Impersonation requirements

The user account to be impersonated must have a user ID. You can find this ID in the User [sys_user] record for the account. If this value is missing, the message The user you selected could not be impersonated appears.

You need several different logins to test the system:

  • An admin account to do work.
  • An itil (or similar) login to test as a technician.
  • An ess login to test as an end user.

More logins may be required to adequately test the system.

Note: When you impersonate a user who is locked out or is inactive, the system forces a logout after you generate an event or click a link. All changes made while using impersonation affect the current session. Make sure you properly logout, then login after impersonation is completed.
Feedback