Before initiating an impersonated session, an administrator must create a policy for the session. This policy must be created under Impersonation administrator’s interface. A role must be created for impersonator and another role for impersonatee, and the impersonatee role is mapped to the impersonator role. To create a policy, see Role Policies.
Example: A user belongs to the group membership, Access Helpdesk, and creates a role called Access Impersonator. An administrator creates another group of users with role Access Impersonatee and maps it to the Access Impersonator role. Now, only Access Impersonator can impersonate Access Impersonatee users.
To initiate impersonation, the Access Impersonator requests impersonation from the Access Impersonatee. Upon approval, the Access Impersonatee clicks the Help Desk Session and is notified that the Impersonation is in progress.
The Impersonator must have the role that is authorized to perform Impersonation.
The Impersonatee has to give consent to the impersonator to access the session.