Customer Engagement & Dynamics CRM Forum

Expand all | Collapse all

Allow CRM admin to login as another user

  • 1.  Allow CRM admin to login as another user

    Posted 15 days ago
    Hi,

    Anyone felt the need for this feature, discussed it with Microsoft/other experts or already hacked the authentication pipeline to achieve this?

    Ours is a slightly complex and large user base and feature testing for all the user scenarios is a pain. We used to have all sales users' passwords previously but those days are gone now. Passwords change regularly and we aren't allowed to build fake logins. Even if we got around that, moving all the required data in the system to test various features/troubleshoot problems isn't feasible.

    This is available OOB in SFDC and we keep getting asked by others in the company about doing something like this.
    https://help.salesforce.com/articleView?id=000334140&language=en_US&type=1&mode=1

     Thanks

    ------------------------------
    Mayank Agrawal
    CRM Team Lead
    Medline Industries
    Northfield IL
    ------------------------------
    Academy - Online Interactive Learning from Experts


  • 2.  RE: Allow CRM admin to login as another user

    MICROSOFT MVP
    Posted 14 days ago
    Hi Mayank, if a feature exists to enable anyone to log in as anyone else then it's highly likely an external auditor would raise a red flag. This would be a high risk security and data assurance issue.

    I don't know how Salesforce gets around it, but I'm glad that Dynamics 365 Customer Engagement and Power Apps doesn't let sysadmins pretend to be someone else.

    For system testing, I recommend using test user accounts with security roles and team members that mimick real users.

    ------------------------------
    Neil Benson, MVP
    Customery
    Brisbane, QLD, Australia
    Take my free mini-course Agile Foundations for Microsoft Business Apps https://customery.com/foundations
    ------------------------------

    Academy - Online Interactive Learning from Experts


  • 3.  RE: Allow CRM admin to login as another user

    Posted 14 days ago

    Hi, definitely having the same request from the end users again and again too.

    That being said, it does pose some questions in terms of privacy, and tracking of activity history etc.

     

    Best

     

    Adrien NOISETTE

    Project Manager

    AluK S.A.
    42-44 avenue de la Gare

    L-1610 Luxembourg

    Mobile +352 661 455 050

    aluk.com

        Une image contenant clipart  Description générée automatiquement

     

     

    This message and any attachments are confidential and transmitted for the exclusive use of the intended recipient. The information contained may be protected by copyright law. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is strictly prohibited and may be unlawful. Should you receive this message by mistake, please notify us as soon as possible and permanently delete the email. Any confidential or privilege is not waived or lost because this email has been sent to you by mistake. The contents expressed in this mail reflect the opinion of the sender, not necessarily that of the company. AluK S.A. is not responsible for any loss and/or damages arising from any errors and/or omissions in its e-mail messages. AluK S.A cannot guarantee that the message received by you has not been intercepted by third parties and/or manipulated by computer programs used to transmit messages and viruses.



    Academy - Online Interactive Learning from Experts


  • 4.  RE: Allow CRM admin to login as another user

    TOP CONTRIBUTOR
    Posted 14 days ago
    Depends on what you're trying to use it for, but you can impersonate another user via the SDK. A recent update to XrmToolBox added an "Impersonate" button so you could run any XrmToolBox tool as another user. If you're trying to diagnose security errors there's also tools like Access Checker that might help.

    ------------------------------
    Mark Carrington
    Chief Technologist
    Data8
    Chester
    ------------------------------

    Academy - Online Interactive Learning from Experts


  • 5.  RE: Allow CRM admin to login as another user

    TOP CONTRIBUTOR
    Posted 14 days ago
    @Mayank Agrawal you can impersonate users in Chrome using the ModHeader extension. It's great for troubleshooting, verifying and changing default views for users which is not possible using, e.g. User Settings Utility in XrmToolBox.

    It only works in Unified Interface. Moreover, there are some limitations such as charts will not show on dashboards when impersonating a user and relevance search results are not based on the impersonated user.

    It's often a good idea to use the extension in an incognito windows and clear the browser cache.

    @Bob Guidinger wrote a blog post about the extension here. Oleksandr Olashyn also wrote about it on his blog.

    ------------------------------
    BR,
    Niels
    ------------------------------

    Academy - Online Interactive Learning from Experts


  • 6.  RE: Allow CRM admin to login as another user

    SILVER CONTRIBUTOR
    Posted 14 days ago

    I have been asking this question since CRM2011 in 2013 and now in D365

    it would be a useful SysAdmin feature to vet views and dashboards



    ------------------------------
    Richard Jarvis
    Business Process Leader
    Kraton Chemical
    Jacksonville FL
    ------------------------------

    Academy - Online Interactive Learning from Experts


  • 7.  RE: Allow CRM admin to login as another user

    SILVER CONTRIBUTOR
    Posted 13 days ago

    It is a sorely missed capability for sysadmins and makes it extremely difficult to test when you have a large number of personas.  Another facet of being able to login as another user is to help support what they are experiencing and adjust their settings until it is just the way they need it (especially useful for executives who have zero tolerance for doing screensharing sessions).  The way that other CRM systems skirt this issue is that they record in the audit log everything that is being done as under the emulation of the user by sysadmin name.  Using that approach, audit is able to see who and when access and changes were made and by whom while logged in as another user.  I believe this should be limited to only system admins to keep it secure and limited – but if the auditing is appropriately adjusted to track both then it satisfies auditors and identifies who did what.

     

     

    The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you.



    Academy - Online Interactive Learning from Experts


  • 8.  RE: Allow CRM admin to login as another user

    Posted 14 days ago
    Yeah this has been the highest voted things on the Idea pages. But for whatever reason Microsoft has continued to delay this feature. There are plenty of apps that has this feature. So while I get it exposes some security concerns, I don't think its much different then the current method of asking for passwords, writing it down on paper, email chat tools etc.

    Box.com is one that does it real well as well and there platform is nowhere near as complex as Microsoft. It makes troubleshooting so much easier and is such a needed feature for Dynamics 365.  Creating a test account for security role building is a good idea and the best way to go, but for daily troubleshooting it is to much work.

    ------------------------------
    Jefferson Daniel
    Sun Valley Solar Solutions
    ------------------------------

    Academy - Online Interactive Learning from Experts


  • 9.  RE: Allow CRM admin to login as another user

    Posted 14 days ago
    Thanks for your responses everyone. I should have added that we are on prem, version 8.x

    @Neil Benson, audit mechanism of an application needs to record which actions are done by an admin while impersonating a user. Salesforce seems to be capturing that detail.

    @Niels Lønberg, thanks much for sharing these links! I need to seriously improve my search skills :-)
    This technique won't help us with the on-prem version but this is one more reason to move to cloud. Good thing is that the system captures the name of the impersonator on any edits in the *Delegate fields. I hope this can't just be done by any system user but only those who have access to the 'Act on Behalf of another user' privilege.​​​​

    ------------------------------
    Mayank Agrawal
    CRM Team Lead
    Medline Industries
    Northfield IL
    ------------------------------

    Academy - Online Interactive Learning from Experts


If you've found this thread useful, dive deeper into User Group community content by role