User Impersonation_masquerading feature

Hi, I am trying to perform user impersonation via switch or masquerading. I am a super user. How can we achieve it? I tried finding in the user profile but could not locate.
The aim is to fetch the token for a specific user by using a switch or masquerading so that we don’t have to login into the application for that user or use password.

Any help is appreciated,

Can anyone please update here.

Please suggest is it possible ? or how to go about it.

Can you provide more information about your use case? What are you looking to do as these users being impersonated?

Consider application ‘X’ is configured to use Oracle IDCS for authentication. Another application ‘B’ is configured to use Okta for authentication. Now, IDCS and Okta are configured in an SSO such that IDCS is the service provider and Okta is IDP. Is there a way a user logged into application ‘B’ can hit an API on application ‘X’ in terms of auth?

I am expecting the auth to be handled by SSO. Application B can have whatever token generation logic is needed to do this and I am open to using SAML or OIDC. Note that both are my products and I have taken care of cors and other security issues.lso, these apps will talk during the runtime so I don’t expect the end-user to enter the password again.

So basically - OKTA is my IDP & IDCS is mapped as a service provider. Now if I am a super user 'User1, then the expectation is that I should be able to generate the token for any other user -let’s say ‘user2’ and invoke the IDCS API using that token on user2 behalf. Please note I will not have a ‘user2’ password and I do not want to log in to OKTA to do this.

I reviewed below -

  • Authorization Code Flow where the user is redirected to Okta for authentication, and upon successful login, Okta redirects back to your application with an authorization code that can be exchanged for an access token but this is not expected.
  • Client Credentials Flow - A token is generated but not for a specific user. and with a token, I can hit the OKTA API. But the aim is to generate the user-specific token and should be able to hit the IDCS API which is a service provider specific to the user.

Note: I have been looking for help on this for the past 2-3 weeks but still didn’t get the expected response as user impersonation is possible or not. ? If not - Please confirm it is not possible, If yes - please suggest a way. Any response is appreciated.

I am reachable on . Please assist.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.