Impersonation
Impersonation lets agency operators and platform admins switch into a client brand to perform actions on their behalf — creating campaigns, configuring channels, or debugging issues. Under agency mode, each client is a separate Active Reach org with its own brand-tenant workspace; impersonation drops you inside that org with the client’s scope.
How it works
- From the agency client list or admin tenant list, click Enter brand on a client
- A red impersonation banner appears at the top of the screen showing:
- Which client brand you are impersonating
- A countdown timer (session expires after the configured duration)
- An End simulation button to return to your own view
- Everything you do inside the client brand is logged in the audit trail with your identity as the actor and
delegated_from_org_idset to your agency org - When done, click End simulation — you return to the agency/admin view
Safety mechanisms
- Audit trail — every action during impersonation is logged with the impersonator’s identity and
delegated_from_org_idclaim - Session timeout — impersonation sessions expire automatically (configurable, default 1 hour)
- Hard reload on exit — ending impersonation triggers a full page reload to clear all client-brand state from memory
- Permission scoping — impersonators get the client’s permissions, not escalated access
- Banner always visible — the red banner cannot be dismissed while impersonation is active
Who can impersonate
| Role | Can impersonate? |
|---|---|
| Agency operator | Client brands they manage |
| Platform admin | Any tenant brand |
| Regular team member | No |
What’s next
- Agency overview — all agency features
- Audit log — review impersonation activity