Impersonating another user through an API Skip to main content
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
GAB AdminGAB Admin 

Impersonating another user through an API

I have a use case where an administrator for one application needs to impersonate another user across all the applications that user has access to.  Basically,  the use case is as follows:
  1. ApplicationAdminUser authenticates against Okta to access Application A
  2. From Application A,  user seclects a user that they want to impersonate.
  3. User accessess Application B as the selected User
  4. User accesses Application C as the selected User
  • Applications A is Service_Provider Initiated SAML
  • Application B is OpenIDConnect
  • Application C is Service Provider Initated SAML

How can this be accomplished without the ApplicationAdminUser knowing the credentials of the selected user?
Andrei AldeaAndrei Aldea (Okta, Inc.)

Thank you for reaching out to Okta Support, my name is Andrei and I'll be assisting with your question.

There is no functionality in the Okta Admin UI or in the Okta API to achieve the use case. For security purposes, I believe, the option was never implemented.

The only way to achieve this would be to either gain access to the user's credentials or to reset their credentials (in either the Profile Master or Okta itself, based on your use case) and access the user's App Dashboard.

You can suggest the idea for this functionality to be added as a Feature Request, though I it would require a fair bit of "backing" to be implemented, I imagine. You can suggest this on the Okta Community portal by using the 'Feedback' option at the bottom of the Okta admin console.


Thank you,
Andrei Aldea
Technical Support Engineer
Okta Global Customer Care