How to log in to service consoles on behalf of another user

The platform provides a way to log in to a service on behalf of another user account without entering its login credentials using a one-time token.

The /idp/ott endpoint allows you to generate a one-time token containing encrypted login-specific data and use it either to log in on behalf of a user account, or to make an external login URL.

Restrictions

The platform enforces the following rules for the /idp/ott endpoint:

  • Only API clients can access this endpoint.

  • A one-time token can be generated for a user account located within the same tenant or its sub-tenants.

  • A one-time token cannot be generated for a user account located in a sub-tenant that has “Support access” disabled.

What you can do with to log in to service consoles on behalf of another user

Operation

Methods and endpoints used

GET /idp/external-login
POST /idp/ott
POST /idp/ott
POST /idp/ott/login