Feature Request: Admin User Impersonation / "Login As User" Functionality
Hey Kinde team! 
I'd like to request a feature that would allow administrators to impersonate or "login as" users without needing their passwords. This would be incredibly useful for:
Support scenarios - Helping users troubleshoot issues they're experiencing in their accounts
Testing & QA - Verifying user-specific configurations and permissions in production
Debugging - Investigating reported problems from the user's perspective
Onboarding assistance - Guiding new users through setup directly in their accounts
Current limitations:
Temporary passwords require manual communication and aren't ideal for security
M2M tokens authenticate as the application, not as specific users
Password resets force users to change their passwords
Proposed solution:
An admin dashboard feature or API endpoint that generates a time-limited, audited session token allowing admins to authenticate as a specific user, with:
Full audit logging of impersonation sessions
Time-limited access (e.g., 15-30 minutes)
Clear indication to the admin that they're in an impersonation session
Optional user notification when their account is accessed by an admin
This is a common feature in enterprise auth platforms and would greatly improve the admin experience while maintaining security through proper logging and controls.
Would love to hear the team's thoughts on this!
I'd like to request a feature that would allow administrators to impersonate or "login as" users without needing their passwords. This would be incredibly useful for:
Support scenarios - Helping users troubleshoot issues they're experiencing in their accounts
Testing & QA - Verifying user-specific configurations and permissions in production
Debugging - Investigating reported problems from the user's perspective
Onboarding assistance - Guiding new users through setup directly in their accounts
Current limitations:
Temporary passwords require manual communication and aren't ideal for security
M2M tokens authenticate as the application, not as specific users
Password resets force users to change their passwords
Proposed solution:
An admin dashboard feature or API endpoint that generates a time-limited, audited session token allowing admins to authenticate as a specific user, with:
Full audit logging of impersonation sessions
Time-limited access (e.g., 15-30 minutes)
Clear indication to the admin that they're in an impersonation session
Optional user notification when their account is accessed by an admin
This is a common feature in enterprise auth platforms and would greatly improve the admin experience while maintaining security through proper logging and controls.
Would love to hear the team's thoughts on this!
