One-Click Login and Impersonation: Admin Access Guide

The B2B Dashboard provides two special access features: One-Click Login for passwordless user access, and Impersonation for administrator troubleshooting.

One-Click Login

One-Click Login allows users to access the dashboard without entering a password. This is useful for support scenarios, automated user provisioning, or integrations that need to provide direct dashboard access.

How It Works

One-Click Login uses cryptographically signed URLs:

  1. A unique hash is generated for each user
  2. The hash is combined with the user ID to create a secure URL
  3. The URL format is: /one-click/{user_id}/{hash}
  4. When the user visits the URL, they are automatically authenticated

One-Click Login links can be generated programmatically via the API or through administrative interfaces. These links are time-limited and single-use for security.

Security

  • Each link is cryptographically signed and verified
  • Links expire after a configured time period
  • Once used, the link becomes invalid
  • The hash is tied to a specific user and cannot be reused for different accounts
  • All one-click login attempts are logged for audit purposes

Use Cases

  • Support — Help users access their account without password resets
  • Automated Onboarding — Include login links in welcome emails
  • Integrations — Provide direct dashboard access from external systems
  • Password Recovery — Alternative to traditional password reset flows

Impersonation

Impersonation allows administrators to log in as another user to see exactly what they see. This is an essential troubleshooting and support tool.

Starting an Impersonation

  1. Navigate to Admin > Users
  2. Find the user you want to impersonate
  3. Click the Impersonate button in the user's Actions column
  4. You are immediately logged in as that user

During Impersonation

While impersonating:

  • You see the dashboard exactly as the user sees it
  • All navigation, permissions, and content are scoped to the impersonated user
  • A prominent banner displays at the top of the page indicating you are in Impersonation Mode
  • The banner shows the name of the user you are impersonating
  • All actions taken are logged under the impersonated user's account

Leaving Impersonation

To exit impersonation mode:

  1. Click the Leave Impersonation button in the banner at the top of the page
  2. You are immediately returned to your own admin account
  3. No session data from the impersonation carries over

Audit Logging

All impersonation sessions are logged with:

  • The administrator who performed the impersonation
  • The user who was impersonated
  • Start and end timestamps
  • Any actions taken during the session

Security Notes

  • Impersonation is restricted to users with the appropriate permission
  • Administrators cannot impersonate other administrators with higher permissions
  • Impersonation sessions have a maximum duration and automatically expire
  • All impersonation activity is subject to audit review

Still need help? Contact Us Contact Us