Everyone

Login as Client (Impersonation)

Use the Login as Client feature in Opterius Commerce to view the portal from a client's perspective for debugging and support.

Last updated 1776211200

Login as Client (Impersonation)

Commerce lets staff members temporarily log in as a client to see exactly what the client sees in the portal. This is useful for debugging reported issues and verifying portal behaviour without needing the client's password.

Requirements

The impersonating staff member must have the clients.impersonate permission. By default this is granted to super_admin and admin roles only.

How to Impersonate a Client

  1. Go to Admin → Clients.
  2. Open the client's record.
  3. Click Login as Client in the top-right actions area.
  4. Commerce logs you in to the client guard and redirects to the portal dashboard (/dashboard).

What Happens Technically

When you click "Login as Client", Commerce:

  1. Stores your staff session identifier in session('impersonating_staff_id').
  2. Authenticates the client guard with the target client's credentials (no password required).
  3. Redirects to the portal.

You are now operating as the client. All portal pages, invoices, tickets, and service views reflect exactly what that client sees.

Impersonation Banner

While impersonating, a yellow banner appears at the top of every portal page:

You are viewing the portal as: Jane Smith (jane@example.com)   [Return to Admin]

The banner is visible only to the impersonating session — the client does not see it if they are logged in simultaneously in another browser.

Ending Impersonation

Click Return to Admin in the yellow banner. Commerce clears the client guard session, restores your staff session, and redirects you back to the client's admin record.

Alternatively, closing the browser tab ends the impersonated session naturally on next tab open (the client guard session expires).

Use Cases

  • A client reports "I can't see my invoice" — impersonate them to verify invoice visibility and permissions.
  • A client says their portal looks broken — check their view for rendering issues tied to their account state.
  • Verifying that a newly provisioned service shows the correct status in the portal.
  • Walking a client through a process on a support call while viewing the same screens.

Audit and Security Notes

[!WARNING] No audit log entries are created for actions taken during an impersonated session. If you submit a ticket reply or change a setting while impersonating, those actions appear in logs as if the client performed them. Use impersonation for read-only investigation wherever possible.

  • Impersonation does not give you the client's password or access to their email account.
  • You cannot impersonate another staff member — impersonation is restricted to the client guard.
  • The clients.impersonate permission should be granted sparingly. Consider limiting it to super_admin only in production.
  • Commerce records a "Staff impersonated client" event in the Activity Log when impersonation is initiated, including the staff member's name and the client's ID.
Previous
← Two-Factor Authentication
Next
Activity Log →