Overview#

Impersonation is allows a entity to log into a client application under a different Digital Identity.

Impersonation may also extend to accessing Protected Resources (web APIs) as the impersonated identity and using their permissions.

Microsoft Active Directory allows Impersonation using an Impersonation Token

Some Authentication Methods support Impersonation by issuing Identity Tokens or Access Tokens and Refresh Tokens with a sub that differs from the currently logged-in user.

More Information#

There might be more information for this subject on one of the following:

• Anonymous Credential
• DID Authentication
• Delegation vs Impersonation
• Digital Signature Algorithm
• Event 4624
• Golden Ticket
• Identity Assurance Level
• Impersonation Token
• Kerberos
• Kerberos Delegation
• Kerberos Forged Ticket
• MSFT Access Token
• Macaroons
• Man-In-The-Middle
• NO_IMPERSONATION_TOKEN
• OAuth 2.0 Security Best Current Practice
• OAuth 2.0 Token Exchange
• Open Protocol for Access Control, Identification, and Ticketing with privacY
• Password
• Proof of Ownership
• SECURITY_IMPERSONATION_LEVEL
• Session Management
• Spoofing Attack
• WILL_NOT_PERFORM
• Web Authentication
• Windows Logon