# Impersonate Users for Support

**ID:** ADM-006
**Priority:** Low
**Status:** Planned

## User Story
As a platform administrator, I want to temporarily impersonate a user so that I can troubleshoot issues they're experiencing without asking for their credentials.

## Acceptance Criteria
- [ ] Admin can initiate impersonation session for any user
- [ ] Impersonation requires confirmation and reason
- [ ] Clear visual indicator when in impersonation mode
- [ ] Admin can end impersonation and return to their session
- [ ] All actions during impersonation are logged
- [ ] User is optionally notified of impersonation
- [ ] Impersonation sessions have time limit
- [ ] Cannot impersonate other admins without super-admin

## Technical Notes
- Special JWT claim to indicate impersonation
- Original admin identity preserved in token
- Audit log must capture both admin and impersonated user
- Consider "read-only" impersonation mode
- Security review required before implementation

## Related TODOs
- New feature - support tooling