> ## Documentation Index
> Fetch the complete documentation index at: https://memberpulseptyltd.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# UJ-A-005: Impersonate User for Support

> Platform admin impersonates a user to troubleshoot issues

## Journey Overview

| Attribute      | Value                                               |
| -------------- | --------------------------------------------------- |
| **Journey ID** | UJ-A-005                                            |
| **Actor**      | Platform Admin                                      |
| **Goal**       | View platform as a specific user to diagnose issues |
| **Trigger**    | Support request requires seeing user's perspective  |
| **Outcome**    | Admin views platform as user, diagnoses issue       |

## Preconditions

* Admin has ROLE\_PLATFORM\_ADMIN permission
* Target user exists in the system
* Impersonation feature enabled

## Journey Flow

```mermaid theme={null}
flowchart TD
    A[Access Admin Portal] --> B[Navigate to Users]
    B --> C[Search for user]
    C --> D[Select user]
    D --> E[Click Impersonate]
    E --> F[Confirm impersonation]
    F --> G[Session switched to user]
    G --> H[View as user]
    H --> I[Diagnose issue]
    I --> J[End impersonation]
    J --> K[Return to admin session]
```

## Detailed Steps

<Steps>
  <Step title="Access User Management">
    Navigate to user management:

    * Admin Portal → Users
    * Or search user directly from dashboard
  </Step>

  <Step title="Find User">
    Search for target user:

    ```
    ┌─────────────────────────────────────────────────────────────┐
    │ User Management                                             │
    ├─────────────────────────────────────────────────────────────┤
    │                                                             │
    │ [🔍 Search by name, email, ID...                     ]      │
    │                                                             │
    │ Filters:                                                    │
    │ Tenant: [All Tenants ▼] Role: [All Roles ▼]                │
    │ Status: [All ▼]                                             │
    │                                                             │
    │ Results:                                                    │
    │ ┌─────────────────────────────────────────────────────────┐ │
    │ │ John Smith                                              │ │
    │ │ john@company.com • Acme Association                     │ │
    │ │ Role: Member • Status: Active                           │ │
    │ │ [View] [Edit] [🎭 Impersonate]                          │ │
    │ └─────────────────────────────────────────────────────────┘ │
    │                                                             │
    └─────────────────────────────────────────────────────────────┘
    ```
  </Step>

  <Step title="Initiate Impersonation">
    Click "Impersonate" button:

    Confirmation dialog:

    ```
    ┌─────────────────────────────────────────────────────────────┐
    │ ⚠️ Confirm Impersonation                                    │
    ├─────────────────────────────────────────────────────────────┤
    │                                                             │
    │ You are about to impersonate:                               │
    │                                                             │
    │ User: John Smith                                            │
    │ Email: john@company.com                                     │
    │ Tenant: Acme Association                                    │
    │ Role: Member                                                │
    │                                                             │
    │ This will:                                                  │
    │ • Switch your view to the user's perspective                │
    │ • Allow you to see what they see                            │
    │ • Log all actions taken during impersonation                │
    │                                                             │
    │ Reason for impersonation (required):                        │
    │ [Support ticket #12345 - login issue          ]            │
    │                                                             │
    │ [Cancel]  [Start Impersonation]                             │
    │                                                             │
    └─────────────────────────────────────────────────────────────┘
    ```
  </Step>

  <Step title="Impersonation Session">
    Session switched:

    **Visual Indicators:**

    * Banner: "You are impersonating John Smith \[End]"
    * Different color scheme/border
    * Watermark (optional)

    **Capabilities:**

    * View all screens as user
    * Navigate as user would
    * See user's data and permissions

    **Restrictions:**

    * Cannot change password
    * Cannot delete account
    * Cannot access other user data
    * All actions logged

    ```
    ┌─────────────────────────────────────────────────────────────┐
    │ ⚠️ IMPERSONATING: John Smith (john@company.com)  [End]     │
    ├─────────────────────────────────────────────────────────────┤
    │                                                             │
    │ [Normal Member Portal View]                                 │
    │                                                             │
    │ Dashboard                                                   │
    │ Welcome, John                                               │
    │                                                             │
    │ Your Membership: Professional                               │
    │ ...                                                         │
    │                                                             │
    └─────────────────────────────────────────────────────────────┘
    ```
  </Step>

  <Step title="Diagnose Issue">
    Admin investigates:

    * View user's dashboard
    * Check membership status
    * Review event registrations
    * Test feature access
    * Reproduce reported issue
  </Step>

  <Step title="End Impersonation">
    Click "End" or "End Impersonation":

    * Session returns to admin
    * Impersonation logged with duration
    * Admin back in Admin Portal

    ```
    ┌─────────────────────────────────────────────────────────────┐
    │ ✅ Impersonation Ended                                      │
    ├─────────────────────────────────────────────────────────────┤
    │                                                             │
    │ Session Summary:                                            │
    │ User: John Smith                                            │
    │ Duration: 5 minutes 32 seconds                              │
    │ Pages Viewed: 12                                            │
    │ Actions Taken: 0 (view only)                                │
    │                                                             │
    │ [View Audit Log]  [Back to Users]                           │
    │                                                             │
    └─────────────────────────────────────────────────────────────┘
    ```
  </Step>
</Steps>

## Audit Logging

All impersonation activity is logged:

| Event      | Logged Data                          |
| ---------- | ------------------------------------ |
| Start      | Admin ID, User ID, Reason, Timestamp |
| Navigation | Pages visited                        |
| Actions    | Any changes made                     |
| End        | Duration, Summary                    |

## Security Considerations

* Requires explicit permission
* Reason must be provided
* Session time-limited (30 min default)
* Cannot be used on other admins
* Audit trail maintained
* User may be notified (configurable)

## Related Entities

* [`User/Member`](/entities/core/user-member)
* [`Audit Log`](/entities/system/audit-log)

## Related Journeys

* [UJ-A-003](/admin/journeys/manage-users)
* [UJ-A-007](/admin/journeys/troubleshoot-integration)

## Acceptance Criteria

### Frontend

* [ ] Impersonate button on user records
* [ ] Confirmation dialog with reason input
* [ ] Impersonation banner visible at all times
* [ ] End impersonation button
* [ ] Session summary on end
* [ ] Visual differentiation during impersonation

### Backend

* [ ] `POST /api/admin/impersonate/{userId}` - Start
* [ ] `POST /api/admin/impersonate/end` - End
* [ ] Session token with impersonation context
* [ ] Comprehensive audit logging
* [ ] Action restrictions during impersonation

### Permissions

* [ ] Only ROLE\_PLATFORM\_ADMIN can impersonate
* [ ] Cannot impersonate other admins
* [ ] Tenant boundaries respected

### Business Rules

* [ ] Reason required for audit
* [ ] Session timeout enforced
* [ ] Certain actions blocked
* [ ] Full audit trail

### Error Handling

* [ ] User not found handling
* [ ] Session timeout notification
* [ ] Graceful end on browser close
