Login as

To help troubleshoot issues on your website or support portal, administrators can log in as the user experiencing the problem using ReachFive. You can log in as another user in the ReachFive Console if you have access to the Profiles page, or use the dedicated Login as API endpoint.

If you wish to use the API, refer to the Log in as via API section below.

Configure the Login as feature

You can configure the Login as feature to be the same for all users or you can set a dynamic configuration which prompts you for the values per user, enabling you to set different requirements for specific use-cases where you may need different redirect URLs or even a different ReachFive client.

To configure the Login as feature, follow the instructions below.

Prerequisites

You must whitelist the following URLs in your selected first-party identity API client:

Allows Origins (CORS)
Allowed Callback URLS

Configuration

  1. Sign in to your ReachFive Console.

  2. Go to Settings  Login as.

  3. Depending on whether you want dynamic or standard usage:

    • For dynamic usage

    • For standard usage

    1. Toggle the dynamic configuration to the on position .

      Each time you use the Login As feature, you have to select a client, a redirect URL, and a response type.

      login as enable dynamic config

    1. Select your first-party identity client from the dropdown menu.

    2. Define the Redirect url. This must be whitelisted within your client.

    3. Select the type of credential to return:

      • code - Authorization Code flow

      • token - Implicit flow

    Credentials are returned as a query string parameter when using the API.

    login as standard settings

Log in as another user in the console

  1. Navigate to the desired profile to log in as (Account  Profiles).

  2. Click Actions  Login as.

  3. Depending on whether you have dynamic or standard usage configured:

    • Dynamic

    • Standard

    If you have the dynamic configuration enabled in your Login as settings, you’ll need to do the following:

    1. Select your first-party identity client from the dropdown menu.

    2. Define the Redirect url. This must be whitelisted within your client.

    3. Select the type of credential to return:

      • code - Authorization Code flow

      • token - Implicit flow

    Credentials are returned as a query string parameter when using the API.

    login as per profile

    If you have the standard configuration where the values are global, you are now redirected to your website or app, as defined in the Redirect url field, as the selected user via ReachFive.

When you log in as another user, this generates a user event with an auth type of login_as which is traceable in the Recent Activity panel of the impersonated user, just like a standard login.

Log in as via API

Here is the call sequence to follow when implementing the Login as feature via the Management API:

  1. POST /oauth/token

  2. GET /api/v2/users/{uid}/login-as

  3. GET redirectUrl returned by the previous request.

For the Authorization code flow only, use the POST /oauth/token Identity API endpoint.