User Impersonation in Unified Interface Apps

– 1 Minutes

With the new Unified Interface apps for Dynamics 365, it is now possible to "log in" as another user. This will be a major benefit to administrators/customizers as they troubleshoot issues on behalf of their users. The reason this is possible is because most (all?) of the data interactions in Unified Interface apps are done through the API, and the API supports user impersonation!

How do you do it? Essentially, we just need to add the MSCRMCallerID header to every API request. One way to do this is using the "ModHeader" extension for Google Chrome. Once you have it installed, create a new profile to add the header to all requests for your environment. It should look something like this...the MSCRMCallerID is the GUID of the user you want to impersonate. There are a few ways to get this, but my favorite is navigating to the user record and using the "Record ID" action from the Level Up extension by Natraj Yegnaraman.

Impersonation Mod Header

That's it! If you refresh your Unified Interface app, you should notice the user name in the upper right corner change, and all requests will be filtered based on the security context of the user you are impersonating! If you create any records, it will show as being created by the impersonated user, with a delegated created by of your user.

Impersonation Delegated

Although most features seem to work in the context of the impersonated user, some don't appear to. For example, Relevance Search -- it will return the results based on your user, not the impersonated user.

This was first proposed as an idea over 7 years ago, and it's currently planned for development in the mid-term. While we wait for Microsoft to build it in to the platform, we at least have a solution that (mostly) works!



Great tip! As you mentioned - this doesn't work in the webUI - UCI Only. And one thing to be aware of, in UCI there is caching going on. To use this workaround/tweak in the safest way possible you should start with fresh Incognito window (no cache), setup the addin prior to doing anything with Dynamics, and only after having everything setup then navigate to UCI/CRM. Certain things may be cached in a normal session or instance of Chrome (session or local storage), if you change the calling userid those caches won't line up with what your user account had access to and you may start seeing some inconsistencies or errors. Another potential workaround would be to completely clear the cache and hard reload the page after enabling the addin (that should also clear most things out).

Bob Guidinger

Thanks, Sean! Yeah, caching is definitely an issue. I was doing forced refreshes (CTRL + F5), and even that seemed to require two or three refreshes to get everything to load properly. As you mentioned, starting with an Incognito window is probably the safest option.


Hi Bob,

This is great!


Hi Bob,

This is a great tip - thanks for sharing. It makes it much easier to troubleshoot issues on behalf of users and, not least, make sure that the users are correctly configured before granting access to the users. It's nice to be able to confirm that to avoid any issues when training the users.

There also seems to be a limitation with regards to charts in dashboards. They are not showing based on the impersonated user. However, views are displaying as the impersonated user.