So you have a PowerPages (PowerApps Portal) website. A website user reports a problem with the data they are seeing, but you are unable to reproduce it using your login account. Wouldn’t it be nice if you could login as this particular user and observe the problem first hand?

Well, if you have access to the backend CRM and if your portal is using an external ID provider (such as Azure B2C, Google, Facebook, etc.) then this can be done fairly easily. I will outline the steps below in this post.

Important: Do this for troubleshooting purposes only, and remember to revert the changes once done.

Overview of how it works

Every user that logins to your portal has a corresponding Contact record in CRM. When an external ID provider is configured for your portal, the usernames and passwords of users are held in that ID provider. At a high level, the following occurs when a user signs in to your portal:

1. User provides username and password at the ID provider’s login page
2. ID provider authenticates the user and establishes their identity
3. This identity is passed to CRM
4. CRM resolves the identity to a Contact record
5. This Contact record represents the logged in user in your portal

In step 4 above CRM uses the External Identity entity to resolve the incoming identity to a Contact record. There is a 1:N relationship from Contact to External Identity, and an External Identity record looks something like this:

The Username and Identity Provider fields are used to locate the matching Contact record for the incoming identity.

In order to impersonate a user, we will temporarily create an additional External Identity record for that user, but use the Username from the External Identity record of our own portal user. This will allow us to login with our own username and password at the external ID provider, but have CRM resolves our portal user context to the one we want to impersonate.

The steps

So, with the above knowledge, the steps to achieve what we want would be:

1. Locate the Contact record for your own portal user (not the user you want to impersonate)
2. Go to the related External Identity record for the above Contact
3. Copy its Username value
4. Copy its Identity Provider value
5. Append “-OLD” to the Username field and save the record. This stops CRM from resolving to our normal Contact record when we login with our username and password.
6. Locate the Contact record for the user you want to impersonate
7. Go to the sub-grid of related External Identity records for the above Contact
8. Add a new External Identity record for the above contact
9. Paste in the Username and Identity Provider values you copied from step 3 and 4
10. Login to your portal with your normal username and password. You should be signed in as the user you want to impersonate.

It is perfectly valid for a Contact record to have multiple External Identity records. Since we have added a new External Identity record to that Contact record, both you and that user can login using your own respective username and password and be resolved to the same user context. This means that you can perform your troubleshooting without disrupting the user.

I hope this will come in handy for you at some point, and remember: do this for troubleshooting purposes only, and don’t forget to revert the changes once done.