1. Knowledge base
  2. Venue editor

Admin impersonation

Admin impersonation lets a global admin act as another user in the editor for support and debugging without sharing passwords. Sessions are time-limited and recorded in an audit log.

Who can impersonate

Only global admins can impersonate. The feature is intended for the customer support team.

You cannot impersonate:

  • Yourself.
  • Another global admin.
  • A disabled user.

Starting an impersonation session

  1. In the editor, open AdminUsers (or any user details page).
  2. Find the target user.
  3. Click Impersonate.
  4. Confirm by re-entering your own password in the dialog.
    • On the production environment, an extra warning is shown.
    • If you have unsaved editor changes, you must explicitly acknowledge that they will be lost before continuing.
  5. After confirmation, the page reloads and you are logged in as the target user. The navbar turns amber and shows:
    • “Impersonating <email>”
    • A live countdown of remaining time
    • A Stop button

During an impersonation session

  • You see exactly what the target user sees, with their permissions and organization scope.
  • All actions you take are attributed to the target user. Audit entries on the back end record that you (the global admin) performed them, so the trail is complete.
  • The session is non-renewable and lasts up to 30 minutes.
  • You can press Stop in the navbar at any time to return to your own session.

Ending an impersonation session

  • Stop button — returns you to your own admin session immediately.
  • Expiry — when the 30-minute window elapses, the session ends and you are returned to the login page.

Audit trail

Every impersonation start and stop is recorded with:

  • The admin user.
  • The target user.
  • Start and end timestamps.
  • A unique session identifier.
  • The originating IP address and user agent.

Server logs preserve the impersonator’s identity on every request issued during the session, so support reviews can always reconstruct who performed an action.

Constraints summary

  • Global admin role required.
  • Cannot impersonate yourself, another global admin, or a disabled user.
  • 30-minute non-renewable session.
  • All sessions are audited.

When to use this

  • Investigating a user-reported bug that is permission- or tenant-scoped.
  • Reproducing an issue in the exact context of the affected user.
  • Verifying access changes after an admin update.

When you do not need impersonation: routine schema editing, configuration changes, and any work that can be done from your own admin account.