Super Users and Support Agents

Q: If we want to have “super users” or “support agents” who can temporarily sign-in as/impersonate a user, is that up to our app or can we use Realms and Orgs?


A: Check out the Create a Session API method. It creates a login token without requiring a password (just relies on your AuthRocket API key). You can use it to enable support agents to literally be logged in as another user.

The only usual concern is separating the admin session from the user session (so the support agent doesn’t have to log back in as themselves when done). This is easily done either by separate admin/user portals (perhaps with separate subdomains, which tends to solve the cookie/session issue) or separate sessions (perhaps using distinct admin and user session IDs within the session store).

Tagged with: sessions impersonation super users

Questions? Find a Typo? Get in touch.