Showing results for 
Search instead for 
Did you mean: 

Allow Admins to login as Users

Author Name: Steve Hughes

It would be great if as an admin I could login as another user in order to troubleshoot issues that arise. Instead of having to waste a license for my test user so I can change the test users security roles to mimmick that of the individual having issues.

Status: Planned

Thank you for your feedback. This is a great suggestion! We are considering this for our future release.



Srikumar Nair

PM, Microsoft

Regular Visitor
Commenting further primarily to add the keyword "impersonation" which is the term for this I originally searched for (and ended up creating a duplicate)...
Regular Visitor
There isn't much more of a security risk in this type of feature than being a sysadmin. I would add that this is a HUGE competitive disadvantage to Salesforce and supports their narrative that Microsoft solutions lack elegance and are hard to administer.
Regular Visitor
If this allowed you to be in an "admin mode" that would allow you to view but not edit, or assign records sure. Otherwise there are two aspects workarounds for this. One is to have a test user and the other is a test environment. An admin should never be assuming the identity of a user like this as the potential for abuse is just too great.
Regular Visitor
In response to people that have concerns about admins abusing the ability to log in as other users, CRM already allows impersonation of users when accessing the web services. Their solution to the potential abuse is the 'created on behalf by' and 'modified on behalf by' fields. This wouldn't give admins access to do anything they can't already do using the ActOnBehalfOf privilege. It would just provide a way for them to test as other users through the user interface.
Regular Visitor
We use ADFS to authenticate so having a test user is not a "true" test. and I can't even tell you how many times something works one way in test, but not in production. This would be a great enhancement and would allow for better security overall.
Regular Visitor
I wish they had implemented this the other way round: I choose an e.g. non-admin user and press a button that copies all roles and teams and maybe even the owning BU to my current logged on user. With other word the implementation should clone a current users security to my actual one. Don't know what other users think about it but the current implementation does not really help to check for user related issues. Btw, why is this new feature not available in on-premise installations? Michael
Regular Visitor

Especially in hugh companies the PowerUsers support the local users. It's not the admin. Therefore it should be something that they can use without getting admin permissions.

In general I see this "improvement" somehow critical (not for small companies were this would definitly help because direct actions are daily business), because handling incidents and issues (should) follow(s) procedures (Ticket handling, resulting in software change management) which could be softened by this.

Regular Visitor

This would seriously be a big help with having over 2000 users and a lot of different security setups. For those concerned about changing things while logged into a user, I know in Salesforce it kept track of who was logged in as a user at what times so if something was changed you could see if it was an admin who had logged in as that person or not. Changing your own security is a big hassle and logging in as another user was super helpful in our previous CRM.

Regular Visitor

Having had this feature as a Salesforce Administrator and now not having it as a Dynamics Administrator, I will say it makes my job much harder.

Regular Visitor

Looks like this is finally resolved in CRM Online 2016 Update 1. 

As an administrator you can go into manage roles and turn off your System Administrator privilages (you will get the cautionary message) and masquerade as a say a 'salesperson'

When you go back to Users, highlight your user and say promote to Admin.  

This is a pretty scary way of doing things though especially if you are the only system admin.  You might want another user to have your back just in case this process doesn't work.

This doesn't appear to be in the latest on-premise release yet.

Try it out in a CRM trial instance.