Masquerade Ball

Have you ever needed to test as another user but you don't know that user's password? Maybe your authentication scheme is tied to LDAP or an SSO provider (Google, Facebook, Okta, etc.) and you can't add users. Well there is a way...

The easiest way is to download one of the apps here:
https://github.com/ainielse/rando/tree/master/masquerade_ball

Just a few easy steps and you can masquerade as another user.

  1. Download the application above.

  2. Install it into the same (DEV or TEST, NOT PROD) workspace as your application.

  3. Edit the Authentication Schemes of both applications.

    1. Either set the cookie to "Workspace Sharing"

    2. or set the cookie to custom and put in the same name.

  4. Edit page one (1) of the "Masquerade Ball" application and change the button to point to your application.

Now any developer in your workspace can log in with their own APEX username and password, but masquerade as any user name.

If you are a visual learner, check out APEX Instant Tips #111.

How does the Masquerade Ball application work?

The application takes advantage of the APEX session management model. APEX maintains a session based upon two things: APEX session ID and the value of a cookie. If you have multiple applications within a workspace that have the same cookie and you construct links between the applications that pass the same APEX session ID, you will be logged in already when switching (linking) from one application to another. APEX itself works this way. The APEX Builder, SQL Workshop, and Team Development are separate applications, but they use the same cookie. Clicking on the APEX tabs simply links you to the another application, passing the session ID (and your browser handles passing the cookie along). If you enter an application with an existing session and valid associated cookie value, you can skip authentication altogether. Hence, by logging into Maquerade Ball (and masquerading as another user) you can switch to any application with the same cookie without having to re-authenticate. Voila!