Announcing User Impersonation in PropelAuth

Announcing User Impersonation in PropelAuth

We are incredibly excited today to announce that User Impersonation support is now live in PropelAuth!

User impersonation, masquerading, ghosting, assume identity, delegated access… this feature goes by a lot of different names. No matter what you call it, at a high level, the feature works like this:

User impersonation is an incredibly powerful feature. It can help your sales teams do better demos. Your CS teams can provide better support and debug issues faster. Your engineering team doesn’t have to wait on users to send over console logs before diagnosing bugs.

The ability to log in as a user and see the product through their eyes streamlines many processes and can help you move faster as a company.

For instance, if you suspect an issue is related to the customer's browser, you can log in as the user and test it yourself, eliminating the need to wait for their input.

Another common use case is sales demos. During many sales calls, representatives can log in as the potential client to showcase the product from the client's perspective, offering a more personalized and engaging demo.

Strict controls on who can impersonate

Because user impersonation is such a powerful feature, we added strict controls on who has access to do it. The first restriction is whether you want it enabled at all. Only the Owner of your organization can enable the feature.

Once enabled, Admins and Owners of the organization can decide who has the ability to impersonate. Additionally, impersonated sessions only last at most 1 hour, at which point you will be automatically logged out.

How do I distinguish impersonated users from non-impersonated users?

If your employees are impersonating one of your users, you may want to limit what actions they can take on that users’ behalf or what data they can see.

Our libraries now include additional fields on the User to determine if the user is impersonated so you can prevent them from taking sensitive actions. You can also determine who is impersonating them so you can appropriately audit actions they take.


You can read more about it in our documentation. If you have any questions, feel free to reach out at