Articles in this section

Security Roles: User Impersonation

Convergence Training Support
  • Updated
Follow

Article Links Introduction | Multi-factor Authentication | Step 1: Submit Support Request | Step 2: Modify Master Security Roles | Step 3: Enable MFAStep 4: Impersonate a User | Delete an Impersonator |

 

INTRODUCTION

User Impersonation allows Master and Admin administrators to log in as other employees. Typically, user impersonation is helpful when troubleshooting user questions.

Administrators who have been set up as an impersonator, are also required to set up with Multifactor Authentication (MFA), which requires them to present two pieces of “evidence” before they are granted access to the system.

As a best practice, you should limit the number of administrators that can have access to this feature.

Please refer to the Users: User Impersonation article to learn more about this feature and how to set it up for certain administrators.

Back to top

 

MULTI-FACTOR AUTHENTICATION

Our LMS can be configured to require Multifactor Authentication (MFA). MFA is a security mechanism that requires users to provide two credentials to authenticate their identity at login before they are granted access to the LMS.

MFA must be enabled in order to enable and use User Impersonation. An extra layer of security is required due to the sensitive nature of allowing an administrator the ability to log in and impersonate another user. We want to validate the administrator's login credentials and ensure they have the authority to impersonate another user.

Please refer to the Multi-Factor Authentication article to learn more about MFA.

 

STEP 1: SUBMIT SUPPORT REQUEST

Please submit a request to our support team to enable User Impersonation AND MFA.

Your request should include the following:

User Impersonation

Provide the user names, first and last names of the administrators you would like to enable User Impersonation. As a best practice, we recommend that you limit the number of administrators that have access to this feature.

If at a future date you want to add more administrators, you will need to submit a request to support so they can add those administrators. Be sure to include the user names, first and last names in the request.

Multi-Factor Authentication

Include the MFA option(s) you want your user to be able to select from email, text, QRcode. You may select any or all three options. 

Once support has completed your ticket, be sure to follow the remaining steps in this article to complete the steps to enable User Impersonation and MFA.

Back to top

 

STEP 2: MODIFY MASTER SECURITY ROLES

Please refer to the Security Roles: Administration tab to learn how to enable Impersonation for Master administrators.

When you enable this feature it will allow a Master administrator to delete impersonators. The Impersonator menu item will appear under the Security menu. A Master administrator can delete administrators as impersonators. They cannot add impersonators. This must be done by submitting a request to support.

Back to top

 

STEP 3: ENABLE MFA PER USER

Please refer to the Multi-Factor Authentication article to learn how to enable MFA for selected users.

Back to top

 

STEP 4: IMPERSONATE A USER

When you impersonate a user:

  • You will have to re-authenticate using MFA. This ensures that you have the authority to impersonate and user and we have verified your identity.
  • If the user is currently logged in, they will be logged out.
  • Anything you do while logged in as the user is PERMANENT, including completing courses, enrolling in courses, and performing any function on his behalf as an administrator. Use caution when performing any function when logged in as another user.

Please follow these steps to Impersonate a User:

  1. Click Administration.
  2. Click Organization, then Users from the left menu bar.
  3. Search and locate the user you want to impersonate
    mceclip0.png
  4. Click the user’s name to highlight the user’s row. 
  5. The Impersonate button will become active on the top button bar.
    Note: if you do not see the impersonate button, you have not been added as an impersonator. Please refer to Step 1: Submit Support Request in this article to learn how to be added as an impersonator.
  6. Click the OK button on the Confirmation screen.
  7. Click the Send Code button on the Multi-Factor Authentication screen if you authenticate via email or text.
    Note: Please refer to the Users: Log In and Log Out article to learn about the three methods to log in using MFA.
  8. Enter the PIN from the text or email, or your authenticator app.
  9. Click the Verify button.
  10. The screen will re-format and you will be logged in as that user.
    mceclip2.png
  11. You can tell you are impersonating a user because the User icon has changed to a drama mask and the background is yellow. If you hover over the icon, you will see who you are impersonating.
  12. Perform any function necessary.
  13. Click the Log Out button when you no longer need to impersonate the user.
  14. You will be logged out of the LMS and will need to log back in as yourself.

Back to top

 

DELETE AN IMPERSONATOR

An administrator with access rights can delete an impersonator. This should be reserved for Master Administrators only.

User caution when deleting impersonators. If you delete an impersonator in error, you will need to contact our support team to add them back as an impersonator.

Follow these steps to delete an impersonator:

  1. Click the Administration tab.
  2. Click Security, then Impersonators from the left menu bar.
  3. The Manage Impersonators screen will appear.
  4. Search and locate the administrator you want to delete as an impersonator.
  5. Click the Delete icon in the Actions column.
  6. Click the Yes button on the Confirm Delete screen.
  7. Click the OK button on the Delete screen.
  8. The administrator will no longer appear on the Manage Impersonators screen.

Back to top

 

Related articles