Customer Impersonation
Learn how sales staff can securely log into customer accounts to place orders and manage customer needs.
Overview
Customer Impersonation allows staff to:
- Log into customer accounts securely
- Place orders on behalf of customers
- Edit cart item prices
- Access customer dashboard
- View order history
- Manage customer addresses
How It Works
Security Model
Separate Sessions:
- Staff session remains active
- Customer session created temporarily
- Staff context maintained throughout
- Easy exit from customer context
Audit Trail:
- Orders tagged with staff ID
- Staff information stored in order
- Commission automatically calculated
- Full traceability
Access Control
Staff Must Have:
- Active staff account
- Customer assigned to staff (or "Access All Customers")
- Permission to impersonate
Customer Requirements:
- Active customer account
- Staff has assignment/access permission to the customer
- Not blocked or suspended
Impersonation Process
Step 1: Login as Staff
Navigate to: https://yourstore.com/staff/account/login
Enter credentials:
- Password
Step 2: Find Customer
Go to Customers
Search for customer:
- By name
- By email
- By customer ID
- By external ID
Step 3: Start Customer Context
Use the customer login action (tooltip: Login to this account)
What Happens:
- Staff session saved
- Customer session created
- Redirect to customer dashboard
- Customer-context indicator may be shown (theme-dependent)
Step 4: Perform Actions
As customer, you can:
- Browse products
- Add to cart
- Edit cart (including prices if enabled)
- Proceed to checkout
- Place order
- View order history
- Manage addresses
- Update account information
Step 5: Exit Customer Context
Click Logout from current customer (top banner/header)
What Happens:
- Customer session ended
- Staff session restored
- Redirect to staff dashboard
- Order appears in "My Orders"
Editing Cart Prices
Enable Price Editing
Staff Account Configuration:
- Can Edit Item Price: Yes
System Configuration:
- Allow 0 Price on Item Price Edit: Yes/No
Edit Price Process
- Login as customer
- Add products to cart
- Go to shopping cart
- Find Edit Price field next to each item
- Enter new price
- Click Update
- Proceed to checkout
Price Editing Rules
Allowed:
- Reduce price (discount)
- Increase price (if needed)
- Set to zero (if configured)
Not Allowed:
- Negative prices
- Non-numeric values
Use Cases for Price Editing
Discounts:
- Volume discounts
- Loyalty discounts
- Promotional pricing
- Price matching
Adjustments:
- Custom quotes
- Special agreements
- Contract pricing
- Damaged goods
Free Items:
- Samples
- Replacements
- Promotional items
- Warranty replacements
Pricesystem Integration
Requires: MageB2B_PricesystemCore
Alternative Prices
Configuration:
- Display additional pricesystem prices: Yes
Behavior:
- Dropdown shows alternative prices
- Select from:
- Customer-specific prices
- Category prices
- Pricelist prices
- Product-customer matrix prices
Benefit: Quick price selection without manual entry
Price Selection
- Login as customer
- Add product to cart
- Click Edit Price dropdown
- Select from available prices:
- Base Price: $100.00
- Customer Price: $95.00
- Pricelist A: $90.00
- Volume Price: $85.00
- Price automatically applied
Order Placement
Order Assignment
Automatic:
- Order tagged with staff ID
- Staff group assigned
- Commission calculated
- Order comment added
Order Data:
- Staff assignment information
- Staff group information
- Commission amount
Commission Calculation
Based on Configuration:
- Total excluding tax
- Total including tax
- Product discount
Example:
| Field | Value |
|---|---|
| Order Subtotal | $500.00 |
| Staff Commission | 5% |
| Commission Amount | $25.00 |
Order Confirmation
Customer Receives:
- Order confirmation email
- Standard order details
Staff Receives (if configured):
- Order confirmation copy
- Commission information
- Customer details
Frontend Interface
Staff Indicator
When impersonating, top banner shows:
┌─────────────────────────────────────────────┐ │ You are logged in as: John Doe │ │ Staff: Sarah Johnson │ │ [Logout from current customer] │ └─────────────────────────────────────────────┘Available Actions
Customer Dashboard:
- My Orders
- My Addresses
- Account Information
- Wishlist
- Newsletter Subscriptions
Shopping:
- Browse catalog
- Search products
- Add to cart
- Apply coupons
- Checkout
Restrictions:
- Cannot change customer password
- Cannot delete customer account
- Cannot access restricted pages (if configured)
Access Restrictions
Not Allowed Handles
Configuration: Stores > Configuration > MageB2B > Staff > General
- Not allowed handles: Define restricted pages
Example:
customer_account_edit customer_address_delete wishlist_index_removeBehavior:
- Staff redirected if accessing restricted page
- Error message displayed
- Logged in audit trail
Use Cases
Restrict:
- Password changes
- Account deletion
- Payment method management
- Sensitive customer data
Session Management
Session Lifetime
Configuration:
- Session lifetime (seconds): 900 (default)
Behavior:
- Staff session expires after inactivity
- Customer impersonation ends
- Staff must re-login
Recommendation:
- 3600 (1 hour) for security
- 7200 (2 hours) for convenience
Multiple Impersonations
Scenario: Staff needs to switch between customers
Process:
- Click Logout from current customer
- Search for new customer
- Use the customer login action for the new customer
- Previous customer session ended
Note: Only one customer impersonation at a time
Security Features
Audit Trail
Logged Information:
- Staff ID who placed order
- Timestamp of impersonation
- Customer ID accessed
- Actions performed
- Price changes made
Access: Admin > System > Action Logs (if enabled)
Password Protection
Staff Cannot:
- View customer passwords
- Change customer passwords
- Access password reset tokens
Customer Security Maintained:
- Passwords remain encrypted
- No password exposure
- Secure authentication
IP Tracking
Optional: Track IP addresses
- Staff IP logged
- Customer IP logged
- Detect suspicious activity
Best Practices
For Field Sales
Workflow:
- Visit customer on-site
- Login as staff on mobile device
- Impersonate customer
- Review products together
- Add items to cart
- Apply negotiated pricing
- Complete order
- Click Logout from current customer
For Phone Sales
Workflow:
- Customer calls with order
- Staff searches customer
- Login as customer
- Add items per customer request
- Apply discounts if needed
- Read order total to customer
- Complete order
- Confirm order number
For Customer Service
Workflow:
- Customer reports issue
- Staff accesses customer account
- Review order history
- Place replacement order
- Apply discount or free shipping
- Complete order
- Document in customer comment
Troubleshooting
Cannot Start Customer Context
Check:
- Customer is assigned to staff
- Staff has "Access All Customers" OR customer assigned
- Customer account is active
- Access/scope configuration allows the customer context
- Staff account is active
Price Editing Not Available
Check:
- Staff account: "Can Edit Item Price" = Yes
- Configuration: Price editing enabled
- Product is not virtual/downloadable (if restricted)
Session Expired
Issue: Staff session expires during impersonation
Solution:
- Staff automatically logged out
- Customer session ended
- Staff must re-login
- Cart may be lost (depends on configuration)
Prevention: Increase session lifetime
Order Not Assigned to Staff
Check:
- Staff was logged in during order
- Customer impersonation was active
- Order not placed by customer directly
- Configuration: "Set staff permanently on order"
Advanced Features
Token-Based Login
Requires: Staff Token Service
Use Case: Email links for quick customer access
Process:
- Generate token for customer
- Send email with login link
- Staff clicks link
- Automatically logged into customer account
API Integration
Requires: MageB2B_StaffAPI
Use Case: Mobile apps, external systems
Endpoints:
- POST /V1/staff/token
- POST /V1/staff/customers/:customerId/token
Next Steps
Learn about commission tracking: