Journey Overview
Preconditions
- Admin has ROLE_PLATFORM_ADMIN permission
- Target user exists in the system
- Impersonation feature enabled
Journey Flow
Detailed Steps
1
Access User Management
Navigate to user management:
- Admin Portal → Users
- Or search user directly from dashboard
2
Find User
Search for target user:
3
Initiate Impersonation
Click “Impersonate” button:Confirmation dialog:
4
Impersonation Session
Session switched:Visual Indicators:
- Banner: “You are impersonating John Smith [End]”
- Different color scheme/border
- Watermark (optional)
- View all screens as user
- Navigate as user would
- See user’s data and permissions
- Cannot change password
- Cannot delete account
- Cannot access other user data
- All actions logged
5
Diagnose Issue
Admin investigates:
- View user’s dashboard
- Check membership status
- Review event registrations
- Test feature access
- Reproduce reported issue
6
End Impersonation
Click “End” or “End Impersonation”:
- Session returns to admin
- Impersonation logged with duration
- Admin back in Admin Portal
Audit Logging
All impersonation activity is logged:Security Considerations
- Requires explicit permission
- Reason must be provided
- Session time-limited (30 min default)
- Cannot be used on other admins
- Audit trail maintained
- User may be notified (configurable)
Related Entities
Related Journeys
Acceptance Criteria
Frontend
- Impersonate button on user records
- Confirmation dialog with reason input
- Impersonation banner visible at all times
- End impersonation button
- Session summary on end
- Visual differentiation during impersonation
Backend
-
POST /api/admin/impersonate/{userId}- Start -
POST /api/admin/impersonate/end- End - Session token with impersonation context
- Comprehensive audit logging
- Action restrictions during impersonation
Permissions
- Only ROLE_PLATFORM_ADMIN can impersonate
- Cannot impersonate other admins
- Tenant boundaries respected
Business Rules
- Reason required for audit
- Session timeout enforced
- Certain actions blocked
- Full audit trail
Error Handling
- User not found handling
- Session timeout notification
- Graceful end on browser close