Admin login to user account
I've had numerous opportunities recently to resolve event registration and payment issues with clients.
I deal with non-member contacts and with members at a dozen different membership levels whose memberships are in various states of completion or default. I have to try to explain to them how to navigate the system without having any real clue as to what they are seeing. Every now and again someone supplies their password and I can log in as they do only to find a world very different from what I expected.
Can you please provide us with a way to see the system from the eyes of our customers?
I would think this could be done by adding a "Site Password" option to Settings -> Site Settings. This would mean that there were now two passwords that worked - the contact's own password and the site's universal password. I do not see this as a security issue since we already have access to all customer data, what we don't have is access to the customer's view of that data.
I realize that I can change the user's password and then log in to their account but then I have to explain to them why their old password does not work and ask them to create a new one. This does not create an impression of good management. Also, am I'm not comfortable asking them for their password.
I really wish I could give more details - that's the whole problem. I tell them what (I think) they should do and the customer may say it does not work and I have no way to investigate further - without asking for their password.
My typical recommendation is : "You can pay for a registration by logging in at the club website at http://www.srcc.com . You should have got an email from the system containing a password at the time you registered. You can log in with your email address and that password and you'll see a payment screen or click on "View Profile" (top right) to complete the payment process. If you can't locate the email with the password you can use the "Request New Password" option in the login area.". Maybe that is the wrong instruction!
One frustrated customer sent me his password with a "Hey - you try it" suggestion and he's right, it does not work. I reported this under ticket 216-16F6168A-F763. This may have been a system error but I had no way of helping him (or notifying you) without his perspective.
I can understand the audit issue and how this might complicate error diagnosis and maybe my solution is not a good one, but the problem remains.
Dmitry Buterin commented
I am still quite reluctant about this specific solution as my gut feel is that this against good security practices. (E.g. admin can potentially do things on behalf of user and then there is no proper audit trail of this). Still, I see the valid need so if many other people support this, we would seriously consider it.
In the meantime I would appreciate more details - what are the most frequent situations when this need arises?