cancel
Showing results for 
Search instead for 
Did you mean: 

Allow Admins to login as Users

Author Name: Steve Hughes

It would be great if as an admin I could login as another user in order to troubleshoot issues that arise. Instead of having to waste a license for my test user so I can change the test users security roles to mimmick that of the individual having issues.

Status: Planned

Thank you for your feedback. This is a great suggestion! We are considering this for our future release.

 

Sincerely,

Srikumar Nair

PM, Microsoft

Comments
Level: Powered On
Status changed to: Planned

Thank you for your feedback. This is a great suggestion! We are considering this for our future release.

 

Sincerely,

Srikumar Nair

PM, Microsoft

Level: Powered On
That would mean to have a "Run As" mode for a new window. I believe it could be selected inside the Preview mode as a Lookup to select the user Test Role!
Level: Powered On
It does come with security concerns, as an admin user could make changes, then this seems like the end user has made them. The auditing would need to reflect this too maybe? For example if the admin tests a process and forgets to remove the sample data. I think the user needs to authorize that admins can run as them, so they are part of the process. E.g - User rings administrator with as issue - Admin requests permission from the user to log in as them. Maybe just by clicking a button on the toolbar of the user record in MSCRM. - The user then receives an email with a hyperlink to allow or deny the permission - Then once the user has allowed permission the admin can use their account for a time period (perhaps 24 hours?)
Level: Powered On
https://connect.microsoft.com/dynamicssuggestions/feedback/details/735403/allow-admins-to-impersonat... I can't delete it! Yes totally agree with below regarding security concerns but impersonation should handle this - all user actions logged against their admin account and not the account they are impersonating. I dont think you should be able to make changes in impersonate mode (support / test function) You can provide support without remote desktop - test your field level security easily, along with form functionality / plugins etc.
Level: Powered On
In the workarounds it was commented that you could use the "run as" mode in order to impersonate a user, but some of our clients specifically state in their contracts that even that we as admins are not allowed to know their passwords. Being able to impersonate a user in a "troubleshooting mode" that would be recorded in auditing would be a fantastic addition.
Level: Power Up
I agree, the best way around this is to create a test AD account and assign the same permissions of the user we need to impersonate. I don't think is worth adding more complexity to CRM such as impersonate a user account.
Level: Powered On
Would be really useful so you avoid having one or more user account & licenses in use just for support. I have a background with the only real competitor MS CRM has, and there a user can allow admins to impersonate (either permanently or for a period of time). This is really useful when troubleshooting. As long as it is audited no security concerns exists.
Level: Powered On
Thank you for your suggestion. We are considering this functionality for a future release of CRM.
Level: Powered On
As a top 5 item on Connect that has been here now for nearly 3.5 YEARS I disappointed that this still hasn't been addressed in CRM 2015. What is the point of the new "rapid release cadence" if things like this are continuously ignored?
Level: Powered On
I currently oversee a 3,000 user + Dynamics 2013 Online CRM Org which was replatform from Salesforce.com. This functionality was essential for debugging/training/ and helping configure individual users to their preference. Today my team needs to use tools like Bomgard to screen share with these users. I also agree with the other user comments that there is a security risk and auditing needs to be put into place. In Salesforce there was an auditing log which tracked when a user "Assumed" another user. The Administrator also needed to be granted access by the user. There is a screen in Salesforce that allows the user to grant access for a certain duration to the following levels - Company Administrator, Salesforce.com Support, Salesforce Foundation Support, and Vertical Response Support. Users with "Assume User" access should following the guidelines put in place by their company to make sure they are in compliance (HIPAA, etc). This functionality would also be beneficial while working with Microsoft Engineers on issues. Currently Microsoft has to download our database to an onpremise server to trouble shoot performance and other issues. Our Dynamics org is over 100 GB which causes issues for the Microsoft Engineers in downloading the database. I hope my comments help.
Labels