Skip to main content

Login As User with External Credentials Awareness

When using External Credentials to grant SAP access in Salesforce, and the "Administrators Can Log in as Any User" feature is enabled, a security risk arises: administrators inherit the user's SAP access during impersonation.

Salesforce does not currently offer a built-in solution to prevent this behavior. To mitigate the risk:

  • Disable the "Administrators Can Log in as Any User" feature.
  • Encourage users to grant temporary access to admins via Personal Settings > Grant Account Login Access.