Policy Server Guides › Policy Design Guide › Impersonation › Impersonation Overview

Impersonation Overview

Impersonation provides a method for a privileged user to assume the role of another user without ending the privileged user’s session. This feature facilitates the following:

• Customer service representatives (CSRs) impersonate customers to investigate access problems.
• Helpdesk representatives impersonate employees to investigate access problems.
• Employees impersonate co-workers who are on vacation or out of the office.
• Any other situation in which one user must temporarily assume the identity of another user.

Impersonation provides a secure solution in the above situations. In all cases, passwords are not disclosed in order to allow one user to impersonate another user.

The following terms will be used when describing impersonation:

Impersonated session

A user session created for the purpose of assuming another user's identity.

Impersonatee

The user whose identity can be assumed by a privileged user.

Impersonator

The privileged user who has the ability to assume the identities of other users.

Impersonation authentication scheme

A method for authenticating a user that allows a privileged user to assume the identity of another user while preserving the identity of the impersonator.

Session

Also know as user session. This is the time between authenticating and logging out.

Session Specification

Also know as the Session Ticket or Session Spec, it is the information held in a proprietary format on the Policy Server that describes a user and the characteristics of the current session.

SMSESSION

The name of the Web Agent cookie that contains the Policy Server’s Session Specification.

Note: For information about sessions, see the SiteMinder Policy Server Management Guide. For information about Web Agents, see the SiteMinder Web Agent Guide.