Impersonation is allows a entity
to log into a client application under a different Digital Identity
Impersonation may also extend to accessing Protected Resources (web APIs) as the impersonated identity and using their permissions.
Microsoft Active Directory allows Impersonation using an Impersonation Token
Some Authentication Methods support Impersonation by issuing Identity Tokens or Access Tokens and Refresh Tokens with a sub that differs from the currently logged-in user.
There might be more information for this subject on one of the following: