What is Impersonation in ServiceNow

By /






What is Impersonation in ServiceNow? Your Guide to Testing & Troubleshooting



What is Impersonation in ServiceNow? Your Ultimate Guide to User Experience Validation

Ever wished you could truly step into someone else’s shoes, just for a moment, to see the world exactly as they do? In the complex universe of IT Service Management (ITSM), particularly within a robust platform like ServiceNow, this isn’t just a philosophical musing – it’s a critical, everyday necessity for administrators, developers, and quality assurance teams. Welcome to the world of Impersonation in ServiceNow.

At its heart, impersonation is precisely what it sounds like: the ability for a privileged user (typically an administrator) to temporarily assume the identity and permissions of another user within the ServiceNow instance. Think of it as a magical cloak that allows you to experience the platform through another user’s eyes, without needing their password or even logging out of your own session. It’s an invaluable tool for validating access, troubleshooting issues, and ensuring a seamless user experience across your organization.

This article will deep dive into everything you need to know about impersonation in ServiceNow. We’ll cover why it’s a game-changer, how to wield this power responsibly, common scenarios where it shines, how to troubleshoot when things go awry, and why understanding it can give you an edge in your next ServiceNow interview. Let’s peel back the layers and understand this crucial functionality.

Why Impersonation? The Problem It Solves for ServiceNow Professionals

Imagine you’re a ServiceNow administrator or developer. You’ve just finished building a new feature, configured a complex workflow, or updated a set of Access Control Lists (ACLs) to tighten security. From your perspective, everything looks perfect. You, the all-powerful admin, can see every field, click every button, and navigate every page without a hitch. But here’s the rub: your users don’t have your “god-mode” access. They have specific roles, specific permissions, and often, much more restricted views of the platform.

This is where the disconnect happens, and where impersonation steps in as an indispensable bridge. Without it, you’d be constantly guessing, or worse, asking users to test things for you, which can be inefficient and disruptive. Impersonation allows you to proactively catch issues before they impact your end-users, saving countless hours of frustration and support tickets. Let’s break down the core problems it solves:

Testing Access Control Lists (ACLs) and Security Rules

This is arguably the most critical use case for impersonation. ServiceNow’s security model is robust, relying heavily on ACLs to define what users can see and do. If an ACL is misconfigured, a user might see too much (a security risk) or too little (a usability nightmare). By impersonating users with different roles (e.g., an ITIL user, a requester, a manager, a specific department lead), you can immediately verify if your ACLs are working as intended. Can the ITIL user update the Incident but not the Change Request? Can the requester only see their own tickets? Impersonation provides definitive answers.

Validating Workflows, Approvals, and Notifications

Workflows are the lifeblood of many ServiceNow processes. When an incident is created, does it route to the correct group? When a change request is submitted, does it trigger an approval from the right manager? Do the notifications reach the intended recipients at the right time and with the correct information? Impersonating a user allows you to simulate their journey through a workflow, ensuring that all steps, approvals, and notifications fire off precisely as designed for that specific role or individual.

Ensuring a Seamless User Experience (UX) and User Interface (UI)

Beyond functionality, how does the platform actually *feel* for your users? Is the Service Portal intuitive for someone submitting a request? Are the forms cluttered or clean for a specific role? Do UI Policies and Client Scripts behave as expected when viewed by a non-admin? Impersonation helps you evaluate the user experience from their perspective, spotting potential pain points, confusing layouts, or broken client-side scripts that might only manifest for users with limited roles.

Troubleshooting User-Reported Issues (“I Can’t See X!”)

This is perhaps the most common reactive use of impersonation. A user submits a ticket saying, “I can’t see the ‘Priority’ field on the Incident form,” or “My approval button is missing.” Instead of going back and forth with screenshots and questions, an administrator can simply impersonate that user, navigate to the exact record or form, and immediately see what the user is seeing. This direct observation drastically cuts down on troubleshooting time and helps pinpoint the root cause much faster, whether it’s an ACL, a UI Policy, a role assignment, or a personalized setting.

Developing and Enhancing Features for Specific User Groups

When building new features or customizing existing ones, you’re always designing for a target audience. Impersonation allows developers to continually check their work against the intended user group. Does the new custom application work correctly for a user with the ‘custom_app_user’ role? Does the dashboard display the right reports for a manager? This iterative testing ensures that development stays aligned with user needs and permissions from the outset.

In essence, impersonation transforms you from an omniscient observer into an active participant in your users’ ServiceNow journey, making it an indispensable tool for robust development, meticulous testing, and rapid problem resolution.

How to Impersonate a User in ServiceNow

The process of impersonating a user in ServiceNow is straightforward, assuming you have the necessary permissions. Typically, only users with the admin role or the dedicated impersonator role can perform this action. Here’s a step-by-step guide:

Step-by-Step Guide to Impersonation

1. Access the User Menu

In the classic UI, navigate to the top-right corner of your ServiceNow instance. You’ll see your user name. Click on it to reveal a dropdown menu.

2. Select “Impersonate User”

From the dropdown menu, click on the option that says “Impersonate User”. This will open a search dialog box.

3. Search for the Target User

In the search box, start typing the name of the user you wish to impersonate. ServiceNow will auto-suggest users as you type. You can search by first name, last name, user ID, or email address.

4. Select and Impersonate

Once you see the correct user in the search results, click on their name. Your ServiceNow session will immediately switch to that user’s perspective.

Visual Confirmation: The Impersonation Banner

Upon successful impersonation, a prominent banner will appear at the top of your ServiceNow instance (often in a distinct color, like orange or yellow). This banner serves as a critical visual reminder, clearly stating: “Impersonating: [User’s Name]”. This is your cue that you are no longer operating as yourself but as the selected user. It’s an important safety feature to prevent you from inadvertently making changes as the wrong user.

Ending Impersonation

Just as important as starting impersonation is knowing how to end it. There are a couple of ways:

1. “End Impersonation” Link

The most common and recommended way to end impersonation is to click the “End Impersonation” link prominently displayed within the impersonation banner itself. Clicking this will revert your session back to your original administrative user.

2. Logging Out (Less Graceful)

If for some reason the banner is not visible or you cannot click the “End Impersonation” link, logging out of ServiceNow entirely will also end the impersonation and return your session to its default state upon next login. However, this is less efficient as it forces a full re-login.

Permissions Required

To impersonate another user, your user record must typically have one of the following roles:

  • admin (Administrator role)
  • impersonator (A dedicated role specifically for impersonation)

It’s a best practice to grant the impersonator role only to those who absolutely need it, following the principle of least privilege. The admin role is a super-user role and inherently includes the ability to impersonate.

The Power and Perils of Impersonation in ServiceNow

Impersonation is a double-edged sword: incredibly powerful when used correctly, but potentially risky if misused or misunderstood. Let’s explore both sides of this coin.

Benefits: Why Impersonation is Your Superpower

  • Unparalleled Efficiency: No more logging in and out multiple times, or begging users to test things. Instant switching means faster testing and troubleshooting.
  • Accuracy in Testing: You’re seeing the system exactly as the user does, eliminating guesswork and ensuring that your fixes and features are genuinely working for the intended audience.
  • Proactive Problem Solving: Catch issues during development and testing phases, rather than reacting to user complaints in production.
  • Enhanced Collaboration: Better understand user feedback by directly experiencing their challenges.
  • Reduced Risk: By thoroughly testing access and functionality before deployment, you minimize the risk of security vulnerabilities or broken processes going live.

Security Considerations & Best Practices: Wielding the Power Responsibly

With great power comes great responsibility, and this adage holds particularly true for impersonation. Here’s what you need to be acutely aware of:

1. Audit Trails are Your Friend

Crucially, ServiceNow maintains a comprehensive audit trail of all impersonation activities. When you impersonate a user, the system logs who impersonated whom, and when. Furthermore, any actions you perform while impersonating are logged as if the impersonated user performed them. For instance, if you update an incident while impersonating “Jane Doe,” the activity log on that incident will show “Jane Doe” as the updater, but the system logs will also show that “John Admin” impersonated Jane to perform that action.

This auditability is a vital security feature, ensuring accountability and traceability. It means you can never truly “hide” behind an impersonated identity.

2. Never Impersonate in Production Unnecessarily

While often unavoidable for critical troubleshooting, make it a strict policy to limit impersonation in production environments. Prioritize testing in non-production instances (Dev, Test, UAT) to minimize any potential impact or accidental data manipulation.

3. Always End Impersonation Promptly

It’s a common mistake to forget you’re impersonating. Always make it a habit to click “End Impersonation” as soon as you’ve completed your task. Remaining impersonated increases the risk of inadvertently performing actions as the wrong user, which can lead to confusion, incorrect data, or even security breaches.

4. Be Mindful of Your Actions

Any action you take while impersonating a user – creating a record, changing a field, approving a request, deleting data – will be executed *as if* the impersonated user performed that action. Exercise extreme caution, especially in production environments. If you’re only troubleshooting, avoid making changes unless absolutely necessary and documented.

5. Least Privilege for the Impersonator Role

The impersonator role should be granted sparingly. Only assign it to individuals who genuinely require it for their job functions (e.g., specific QA testers, support leads). For everyone else, including most developers, the admin role is typically the source of impersonation rights.

6. Understand What Impersonation Does (and Doesn’t Do)

Impersonation grants you the *permissions* and *UI view* of the target user. It does NOT give you their password, nor does it typically give you access to external systems or integrations that might rely on the user’s specific credentials outside of ServiceNow (unless those integrations are configured to use the ServiceNow user’s internal identity for authentication).

7. Data Privacy and Confidentiality

When impersonating, you might gain access to sensitive or confidential information that the impersonated user is privy to. Always respect data privacy policies and ethical considerations. Only view what is necessary for your testing or troubleshooting purposes.

By adhering to these best practices, you can leverage the immense power of impersonation while safeguarding your ServiceNow instance and its data.

Impersonation vs. Other User Management Concepts

It’s easy to confuse impersonation with other user management concepts in ServiceNow. Let’s clarify the distinctions:

Impersonation vs. Standard User Login

  • Impersonation: An admin (or impersonator role holder) temporarily assumes another user’s identity *within their existing admin session*. No password is required for the target user. It’s for testing and troubleshooting.
  • Standard Login: A user logs in directly to the instance using their own username and password. This is their primary mode of interaction.

Impersonation vs. Delegated Development

  • Impersonation: Focuses on *testing and viewing* the platform as another user, primarily for access control, workflow validation, and UI/UX. It’s about seeing what they see and doing what they can do.
  • Delegated Development: Allows non-admin users to develop applications and features within specific scopes, with strict guardrails. It’s about *granting specific development capabilities*, not about seeing the entire platform from their perspective.

Impersonation vs. “Run As” / “Su-Do” (System-Level Concepts)

While conceptually similar in allowing one user to act as another, Impersonation is an application-specific feature:

  • Impersonation (ServiceNow): Operates entirely within the ServiceNow application layer, governed by its roles and ACLs.
  • “Run As” / “Su-Do” (Operating System): Typically refers to commands in operating systems (like Windows “Run as different user” or Linux “sudo”) that allow a user to execute programs or commands with the privileges of another system user. These are lower-level system functionalities.

Understanding these distinctions ensures you use the right tool for the right job within the ServiceNow ecosystem.

Common Impersonation Scenarios & Real-World Examples

Let’s bring impersonation to life with some practical, real-world examples that ServiceNow professionals encounter daily:

Scenario 1: The Case of the Missing Field (ACL Testing)

  • Problem: A user from the HR department submits a ticket, “I can’t see the ‘Salary’ field on employee records anymore! It just disappeared after the last update.”
  • Admin Action: Instead of asking for screenshots or trying to guess which ACL might be affecting HR users, the admin immediately impersonates the HR user. Navigating to an employee record, the admin confirms the ‘Salary’ field is indeed gone.
  • Resolution: The admin, still impersonating, can use the “Security Debugger” (if enabled) or manually review relevant ACLs on the ‘hr_profile’ table. They might find that a new ACL was created that inadvertently restricted read access to the ‘Salary’ field for the specific role assigned to the HR user. A quick adjustment to the ACL’s roles fixes the issue, and the admin can confirm the fix while still impersonating.

Scenario 2: Workflow Stuck in Limbo (Approval Testing)

  • Problem: A new software request is stuck in the “Approval Pending” stage. The requester claims their manager, Sarah, hasn’t received any notification or approval request.
  • Admin Action: The admin impersonates Sarah, the manager. They check Sarah’s “My Approvals” module and confirm no pending requests. They also check Sarah’s notification preferences to ensure she’s opted-in for approval notifications. The admin then examines the workflow context for the stuck request, specifically looking at the ‘Approval – User’ or ‘Approval – Group’ activity to see which user or group was designated for approval.
  • Resolution: It’s discovered that Sarah’s user record had an incorrect “Manager” field, or she wasn’t part of the correct approval group. The admin corrects the user record or group membership, re-runs the workflow (or manually pushes the approval), and, while still impersonating Sarah, verifies that the approval request now appears and she can approve it.

Scenario 3: Confusing Service Portal Experience (UI/UX Validation)

  • Problem: Several users report that the new “Onboarding Request” form on the Service Portal is confusing. Some fields are missing, and it’s unclear how to submit it.
  • Admin Action: The admin impersonates a typical new hire user (or a user with a ‘requester’ role). They navigate to the Service Portal and open the “Onboarding Request” form. Immediately, they notice that several mandatory fields are hidden by a client script that only targets admin users, or that a dynamic dropdown isn’t populating correctly for non-admins.
  • Resolution: The admin exits impersonation, debugs the client script or UI policy, and re-impersonates the user to confirm the form now displays correctly and guides the user through the submission process clearly. This prevents widespread frustration and support calls.

Scenario 4: Mobile App Glitch (Mobile Experience)

  • Problem: A field technician using the ServiceNow mobile app reports that they can’t see all the fields needed to close an incident from their phone.
  • Admin Action: The admin logs into the desktop instance, impersonates the field technician, and then accesses the mobile app emulator (if available) or simply configures the relevant mobile app screens based on the technician’s role. They quickly identify that the mobile layout for that specific role is missing key fields in the “Close Incident” screen.
  • Resolution: The admin updates the mobile applet or screen configuration for the field technician role, ensuring all necessary fields are visible and editable. They then re-impersonate and verify the fix on the mobile interface.

These examples illustrate how impersonation is not just a theoretical concept but a practical, indispensable tool for maintaining a healthy, efficient, and user-friendly ServiceNow environment.

Troubleshooting Impersonation Issues

Even with a feature as straightforward as impersonation, you might occasionally run into roadblocks. Here are some common issues and how to troubleshoot them:

“I can’t find ‘Impersonate User’!” or “I can’t impersonate anyone!”

  • Check Your Roles: The most common reason. Do you have the admin role or the impersonator role? If not, you won’t see the option or be able to use it. Contact an admin to verify or grant the necessary role.
  • Is the User Active?: You can only impersonate active users. Check the target user’s record (sys_user table) to ensure their ‘Active’ field is set to ‘true’.
  • Is the User Locked Out?: A locked-out user cannot be impersonated or log in directly. Unlock the user’s account if necessary.
  • Search Issues: Ensure you’re typing the correct user details (first name, last name, user ID, email). The search is robust but requires accurate input.

“I impersonated, but it’s not working right / still seeing admin stuff!”

  • Check the Impersonation Banner: This is critical. Are you absolutely certain the banner at the top shows the correct user you intended to impersonate? Sometimes, users click the wrong name in the search results or forget to end a previous impersonation.
  • Browser Cache/Cookies: Old cache or cookies can sometimes interfere. Try clearing your browser cache, using an incognito/private browsing window, or even a different browser.
  • Did You End Impersonation Properly?: If you were impersonating someone else before and didn’t properly end it, you might be in a confused state. End all impersonations and start fresh.
  • Is it Really an Impersonation Issue?: If you’re impersonating a user and still seeing “admin stuff” that they shouldn’t see, it’s highly likely that the underlying security (ACLs) or role configuration for that user is incorrect, not that impersonation itself is failing. Impersonation correctly shows you what the system thinks the user *should* see. If that’s too much, then the problem is with the user’s roles or the ACLs tied to those roles.

“My actions while impersonating aren’t showing in the audit logs correctly!”

  • Verify System Logs: Remember, while the activity stream on a record shows the impersonated user, the deeper system logs (syslog, sys_audit) will clearly indicate who performed the impersonation. If you can’t find this, double-check your search queries in the logs or consult with a more experienced admin.
  • Check for Customizations: Rarely, highly customized auditing mechanisms might override default behavior, but this is uncommon.

Always approach troubleshooting impersonation with a systematic method, starting with verifying your own permissions and the target user’s status, then checking the visual cues, and finally, looking at browser and system-level factors.

Impersonation in the Interview Room: Why it Matters

If you’re aspiring to a role as a ServiceNow Administrator, Developer, Consultant, or even a highly skilled Business Analyst, expect questions about impersonation. Interviewers ask about it not just to test your technical knowledge, but also to gauge your understanding of security best practices, troubleshooting methodologies, and user-centric thinking.

What Interviewers Want to Hear:

  • Core Definition: You should be able to clearly define what impersonation is (logging in as another user for testing purposes).
  • Purpose/Value: Explain *why* it’s important – for ACL testing, workflow validation, troubleshooting user issues, and improving UX. This shows you understand its practical application.
  • How to Use It: Briefly walk through the steps of initiating and ending impersonation, demonstrating your hands-on familiarity.
  • Security Awareness: This is critical. Discuss the importance of the audit trail, never impersonating unnecessarily in production, always ending impersonation, and being mindful of actions taken while impersonated. Emphasize responsibility.
  • Troubleshooting Capability: Mention common issues (like not having the right role, or checking the banner) and how you’d resolve them. This shows problem-solving skills.
  • Real-World Examples: Be ready to provide a brief, concrete example of when you’ve used impersonation to solve a problem or validate a feature. This demonstrates practical experience.

How to Articulate Your Knowledge:

Instead of just a dry definition, aim for a more comprehensive answer, such as:

“Impersonation in ServiceNow is an incredibly powerful administrative feature that allows me to temporarily assume the identity and permissions of another user. I’ve found it indispensable for validating Access Control Lists (ACLs), ensuring workflows and approvals function correctly for different roles, and critically, for efficiently troubleshooting user-reported issues like ‘I can’t see this field.’ It’s my go-to for really understanding a user’s experience. However, I’m always acutely aware of the security implications; I prioritize using it in non-production environments, rely on the audit logs for accountability, and always make sure to end impersonation promptly to prevent any accidental changes or security risks. It’s a fundamental tool for any ServiceNow professional.”

This kind of answer showcases not just *what* you know, but *how* you think about and responsibly apply a core ServiceNow feature.

Conclusion

Impersonation in ServiceNow isn’t just a nifty trick; it’s a fundamental capability that empowers administrators and developers to build, maintain, and troubleshoot a robust, secure, and user-friendly platform. It bridges the gap between the administrative “god-mode” and the diverse experiences of your end-users, transforming guesswork into confident validation.

By understanding what impersonation is, mastering its execution, adhering to vital security best practices, and recognizing its place within the broader ServiceNow ecosystem, you equip yourself with an essential superpower. Use it wisely, use it responsibly, and watch how it dramatically improves your efficiency, reduces user frustration, and elevates the overall quality of your ServiceNow instance. So, go ahead, step into someone else’s digital shoes – it’s the best way to ensure everyone’s journey through ServiceNow is a smooth one!


Scroll to Top