Administrators can impersonate other authenticated users for testing purposes and view
impersonation logs. The impersonation option is not visible in the mobile view of the
When impersonating another user, the administrator has access to exactly what that user can
access in the system, including the same menus and modules. The instance records anything the
administrator does while impersonating another user as having been done by that user.
- When you impersonate any user, all scope-protected roles and encryption context roles are
removed from the user being impersonated. However, if the impersonating user (the admin, for
example) has a scope-protected role, that role is not removed from the list of roles for the
user being impersonated.
- When you impersonate a user with an application-specific admin role (for example, an
application admin for Human Resources or Security Incident Response), you cannot
access features granted by the application admin role, including security incidents, profile
information, or other scope-protected features, unless you already have those roles. Access to
modules and applications in the navigation bar is also restricted. Admins cannot change the
password of any user with an application admin role.
- Impersonating a user is not supported for mobile phones. For most mobile phones, however,
you can impersonate a user by switching to standard view, performing the impersonation, and
switching back to mobile view. Some mobile devices may have problems rendering the
The user account to be impersonated must have a user ID. You can find this ID in the User
[sys_user] record for the account. If this value is missing, the message The user
you selected could not be impersonated appears.
You need several different logins to test the system:
- An admin account to do work.
- An itil (or similar) login to test as a technician.
- An ess login to test as an end user.
More logins may be required to adequately test the system.
Note: When you impersonate a user who is locked out or is inactive, the system forces
a logout after you generate an event or click a link. All changes made while using impersonation
affect the current session. Make sure you properly logout, then login after impersonation is