8tytg (8tytg) asked a question.
Impersonating another user through an API
I have a use case where an administrator for one application needs to impersonate another user across all the applications that user has access to. Basically, the use case is as follows:
- ApplicationAdminUser authenticates against Okta to access Application A
- From Application A, user seclects a user that they want to impersonate.
- User accessess Application B as the selected User
- User accesses Application C as the selected User
- Applications A is Service_Provider Initiated SAML
- Application B is OpenIDConnect
- Application C is Service Provider Initated SAML
Thank you for reaching out to Okta Support, my name is Andrei and I'll be assisting with your question.
There is no functionality in the Okta Admin UI or in the Okta API to achieve the use case. For security purposes, I believe, the option was never implemented. The only way to achieve this would be to either gain access to the user's credentials or to reset their credentials (in either the Profile Master or Okta itself, based on your use case) and access the user's App Dashboard. You can suggest the idea for this functionality to be added as a Feature Request, though I it would require a fair bit of "backing" to be implemented, I imagine. You can suggest this on the Okta Community portal by using the 'Feedback' option at the bottom of the Okta admin console.Thank you,
Andrei AldeaTechnical Support EngineerOkta Global Customer CareHi there,
Can you please tell, if user impersonation is now available at API level?
Use-case:
Thanks,
IuliuB