I’m wondering what the Auth0 recommended approach is to avoid impersonation as it’s been long deprecated. Our use case is to allow our support staff to make changes to customer facing features in our application as if they were the customer, with logs to show that the task was actually performed by the admin in question. This needs to be done as if it was from the impersonated user’s perspective as a critical task involves signing a report on behalf of that user as part of performing migrations to update every report to reflect schema changes.
One thing we’ve considered is having our support users log into a global admin Auth0 organisation, then switch into the target organisation for issues to be remedied through organisation switching and using metadata to record which support staff member is currently using the global admin account to act as a end user. However, are there any recommended approaches from Auth0 or what would be considered best practice for this use case? Organisation switching brings in several other issues so it might not be the most ideal solution to this problem.