Impersonation allows a tenant owner to grant access to Tines support to "impersonate" or log in to the tenant as if they are a specific user on that tenant.
Enabling impersonation
If you're interacting with Tines support to work through an issue, they might suggest using impersonation to quickly attempt to directly reproduce, troubleshoot or fix the problem. If you agree, and would like to grant them permission to do so, you can navigate to a user in the user settings page and click to enable impersonation.
Once you enable impersonation of a user, it will automatically be disabled again 24 hours later. You may also manually disable it at any time.
When a Tines team member authenticates to log in to the tenant to begin impersonating a user, they do so via a dedicated, Tines managed identity provider, rather than using any SSO provider you may have configured.
Audit logs record when a Tines team member logs in to begin impersonation, and any action they take while impersonating.
How we secure impersonation access
We have taken a number of steps to ensure that impersonation is handled securely and that you remain in control:
Only tenant owners can enable impersonation.
Once impersonation is enabled for a user, it is automatically disabled again after 24 hours.
Impersonation of a user can also be manually disabled at any time.
Disabling impersonation of a user will immediately terminate any active impersonation sessions for that user.
Audit logs will record any actions take by Tines team members during impersonation.
Authentication of Tines team members for the purposes of impersonation is restricted to select members of our support and engineering teams and requires the use of a managed Tines device.
Each impersonation access request by a Tines team member is manually reviewed and approval to impersonate, if granted, expires after 2 hours.