Restrict Super Administrator access

The system administrator can restrict direct Super Administrator access and allow login via impersonation on the Support Agent portal:

• Direct Super Administrator login can be restricted
  To enhance accountability and meet enterprise audit standards, system administrators can disable direct logins for the Super Administrator account using a system parameter, restrictSuperadminLogin, in web.xml.

  • When enabled (restrictSuperadminLogin = True):

    • Direct login via the Super Administrator username is blocked.

    • Users will see this message: "SuperAdmin login restricted. Contact Systems Administrator."

    • Super Admin access is still possible, but only via impersonation using the Support Agent portal.

    • Access will be limited to the Admin Portal only.

  • When disabled (restrictSuperadminLogin = False), direct login as Super Administrator is allowed.
    

• Super Administrator access is only allowed via impersonation

  • Only users logging in through the support portal with valid credentials can impersonate superadmin.

  • Impersonation allows access to the admin portal with full Super Admin privileges.
    

• Full Audit Trail for Impersonation Sessions

  Impersonation sessions using the Super Administrator account are fully logged in the AdminAuditTrail:

  • All actions taken during impersonation will be logged in the audit trail.

  • The username field will include both the impersonated account and the actual impersonating user (for example, "superadmin - impersonated_by: drwoody@uplandsoftware.net"). This ensures complete traceability of administrative actions.

• Super Administrator navigation restrictions via Quick Access

  • While impersonating Super Administrator, users will no longer be able to navigate to Solution Manager, Support Agent, or Self Service Portal via the Quick Access menu.