Impersonate a user and returning to admin user

This guide explains how to impersonate a user in Discourse and return to your admin account. This is useful when you need to troubleshoot issues faced by a specific user or verify their permissions.

Required user level: Administrator

The admin can choose to impersonate another user when needed. This can be useful when a member is experiencing odd behavior or you need to check their permissions. Impersonating another user acts as if you are logged in as that user. This documentation will guide you through the process of impersonating a user as an admin and how to return to the admin account.

Impersonating a User

1. Navigate to the Admin section of the sidebar and select Users.
   

   

   image2200×342 34.6 KB

2. Find and select the profile of the user you want to impersonate.

3. Click on Admin in the top right corner.
   

   

   image1002×191 9.23 KB

4. At the bottom, select the Impersonate button
   

   Once you’ve impersonated the user, you are no longer logged in as an admin. You will experience the Discourse interface just as the user does.

   

   image1028×172 7.23 KB

Impersonating a user is not transparent — it creates a logged visit for that user and resets any notification flags that are acted on. Consider communicating to the user that impersonation was performed.

Terminating the impersonation session

Method 1, good for infrequent use:

To stop impersonating and return to your admin account, simply log out from the impersonated user account and log back in as the admin.

Logging in and impersonating in a private/incognito window prevents needing to log back in under your main browser session. Just close the incognito window and you’re good to go!

Method 2, recommended if you frequently impersonate users

The impersonate_without_logout setting, when enabled, shows a persistent banner at the top of the interface while impersonating a user, with a button to immediately end the session and return to your admin account.

This makes repeated impersonation workflows safer and more efficient, especially for support and QA.

Additionally, the hidden site setting experimental_impersonation_time_limit_minutes can be used to define a maximum duration for an impersonation session (default: 15 minutes). Once this time limit is reached, the session automatically terminates, adding an extra layer of safety.

Enabling impersonate_without_logout

The recommended way to enable this feature is via Admin → Upcoming Changes (/admin/config/upcoming-changes), where it can be toggled on for all staff or specific groups.

For self-hosted sites, it can also be enabled via the Rails console:

SiteSetting.impersonate_without_logout = true
SiteSetting.experimental_impersonation_time_limit_minutes = 15

Last edited by @dax 2026-02-25T18:31:58Z

Check document

Perform check on document:

It might be worth noting that impersonating a user is not transparent – it creates a logged visit for that user, and resets any notification flags that are acted on. Probably best to communicate to any real user that it’s being done.

I also ran into this issue. Can we at least add a confirmation dialog on the Impersonate button? Currently it starts the impersonation right away without warning the user of the caveats, especially the one it creates a logged visit.

The other buttons in its vicinity (like Delete user) do have a confirmation dialog. As a user I would expect the Impersonate button to open a dialog just like the others.

I didn’t even note the lack of a confirmation dialog, but yeah, that would be a good place to warn that you’re about to become that user and leave tracks — not just poke around behind the scenes without impact.

I think you can enable the setting at /admin/config/upcoming-changes now.