Salesforce Dictionary - Free Salesforce GlossarySalesforce Dictionary
Full Login Access Policies entry
How-to guide

Configuring Login Access Policies

Login Access Policies is reached from Setup and controls both the global login-as toggle and per-publisher grant permissions. Configure it deliberately, because the global setting changes whether impersonation needs user consent at all.

By Dipojjal Chakrabarti · Founder & Editor, Salesforce DictionaryLast updated Jun 16, 2026

Login Access Policies is reached from Setup and controls both the global login-as toggle and per-publisher grant permissions. Configure it deliberately, because the global setting changes whether impersonation needs user consent at all.

  1. Open the page

    In Setup, type "Login Access Policies" in the Quick Find box and select Login Access Policies. You need an admin profile with the Customize Application and user-management permissions to see and change it.

  2. Decide on the global toggle

    Set the "Administrators Can Log in as Any User" checkbox based on your privacy stance. Checked lets qualified admins impersonate without a grant; unchecked keeps the consent default where users must grant access first.

  3. Set per-publisher access

    For each managed package publisher listed, choose Available to Administrators and Users, or Available to Administrators Only, depending on whether end users should be able to grant that vendor's support team access.

  4. Save and verify against the audit trail

    Save the page, then confirm a test login-as session appears in the Setup Audit Trail with the admin name, target user, and timestamp so you know auditing is flowing.

Key options
Administrators Can Log in as Any Userremember

Global toggle. When on, admins with Modify All Data and Manage Users can log in as any active user without a grant. Off by default; not available below Enterprise-level editions.

Available to Administrators and Usersremember

Per-publisher option that lets both end users and admins grant that package publisher's support team login access to an account.

Available to Administrators Onlyremember

Per-publisher option that limits granting to admins with Manage Users, so individual end users cannot expose their session to that publisher.

Gotchas
  • The global toggle does not exist on Professional Edition or lower, and it may need Salesforce to provision it even on a qualifying edition.
  • You cannot start a login-as session while already logged in as another user, and you cannot impersonate inactive users.
  • Logging out after a login-as session also ends the admin's own session, so they will need to sign back in.
  • Even with the global toggle on, Salesforce Support cannot use an admin's login to reach other users; Support access is always granted per user.

See the full Login Access Policies entry

Login Access Policies includes the definition, worked example, deep dive, related terms, and a quiz.