Policy Server Guides › Policy Server Configuration Guide › Impersonation › Impersonation Overview

Impersonation Overview

Impersonation provides a method for a privileged user to assume the role of another user without ending the privileged user's session. This feature facilitates the following: SM_SERVERSESSIONSPEC

• Customer service representatives (CSRs) impersonate customers to investigate access problems.
• Helpdesk representatives impersonate employees to investigate access problems.
• Employees impersonate co-workers who are on vacation or out of the office.
• Any other situation in which one user must temporarily assume the identity, of another user.

Impersonation provides a secure solution in the preceding situations. In all cases, passwords are not disclosed to allow one user to impersonate another user.

The following terms are used when describing impersonation:

• Impersonated session

  A user session created for the purpose of assuming another user's identity.

• Impersonatee

  The user whose identity is assumed by a privileged user.

• Impersonator

  The privileged user that is able to assume the identities of other users.

• Impersonation authentication scheme

  A method for authenticating a user that allows a privileged user to assume the identity of another user while preserving the identity of the impersonator.

• Session

  Also known as user session. This term is the time between authenticating and logging out.

• Session Specification

  Also known as the Session Ticket or Session Spec, this term is the information held in a proprietary format on the Policy Server that describes a user and the characteristics of the current session.

• SMSESSION

  The name of the Web Agent cookie that contains the Policy Server's Session Specification.

Note: For information about sessions, see the "Session Management" chapter of the Administration Guide. For information about Web Agents, see the Web Agent Configuration Guide.