Piotr Gajek
written by Piotr Gajek
posted on July 12, 2022
Technical Architect and Full-stack Salesforce Developer. He started his adventure with Salesforce in 2017. Clean code lover and thoughtful solutions enthusiast.
Table of Content

Detect “Log in to Community as User” in Apex

Introduction

Log in to Community as User is a feature provided by Salesforce, which allows users with “Manage External Users” permission login to the community as a selected account’s contact (user).
It can be a potential cause of problems because in some cases we want to hide some sensitive data from internal users. Below I described a logic that helps you to detect that an internal user is logged to the community on behalf of community user.

If we want to see Log in to Community as User button, we must fulfill a few points:
– Ensure that Communities are enabled in your org.
– Ensure that your profile has Manage External Users’ permission.
– Ensure that the contact is associated with an account and community user is created.

After clicking this button you should be able to log in to a community in contact (user) context, has whole access to the user’s system and be able do actions on behalf.

Apex

We can use the standard Apex method Auth.SessionManagement.getCurrentSession(), which provide some session information:

{
  SessionId=0Ak###############, 
  UserType=Standard, 
  ParentId=0Ak###############, 
  NumSecondsValid=7200, 
  LoginType=SAML Idp Initiated SSO, 
  LoginDomain=null,
  LoginHistoryId=0Ya###############,
  Username=user@domain.com, 
  CreatedDate=Wed Jul 30 19:09:29 GMT 2014, 
  SessionType=Visualforce, 
  LastModifiedDate=Wed Jul 30 19:09:16 GMT 2014, 
  LogoutUrl=https://google.com, 
  SessionSecurityLevel=STANDARD,
  UsersId=005###############, 
  SourceIp=1.1.1.1
}

We can easily check that someone else is logged in to a community as a current user checking UserTypeSourceIp and LoginType.

    public Boolean isLoggedOnBehalf() {
        Map<String, String> session = Auth.SessionManagement.getCurrentSession();
        return session.get('UserType') == 'Standard' &&
               session.get('SourceIp') == '::' && 
               session.get('LoginType') == null;
    }

Resources