Login with impersonation step

Your question may already have an answer on the community forum. Please search for related topics, and then read through the guidelines before creating a new topic.

Here’s an outline with best practices for making your inquiry.

My question:
Hi Guys,
I am trying to login to a web application that has multiple logging in steps. This utilises OKTA, AWS DNS (saml), and then an impersonation step where the user, after login, impersonates a particular user and accesses the application. I have obtained an access token from initial login with a GET request, but from there I am lost. What steps should I take to complete access?

Details (like screenshots):

How I found the problem:

I’ve already tried:

This should be the same process as any other test case.

Define the steps and flow that your test needs to follow which you need to replicate in Postman.

I would recommend using folders in Postman to separate each test case.
This means that the collection becomes the test suite, and the folders become the test cases, and the individual requests become the tests steps.

Usually, each request would be separate and in order, passing variables from previous requests to the next request. (Either collection or environment variables - I would recommend environment as this allows you to potentially run the same tests against multiple environments, TEST, PRE-PROD, etc).

I don’t know enough about your application, but the following is just an example of a test case that uses authentication.

Step 1: Login and retrieve token. (Use the tests tab to retrieve the token and set an environment variable that can be used by the following steps\requests).

Step 2: Your main request. (Using the variable from step 1). GET or POST.

Step 3: (Optional). If you are posting data, you can at this point potentially query the database directly if it has its own API. This allows you to check if the data has been submitted correctly without eyeballing the data.

Step 4: Clean up after yourself. Delete that test data. Either by a DELETE request in the database (where I recommend that your developer creates you a SQL query for you to call that does this properly) or get the developer to create you a custom API that you can just call with a reference number.

Step 5: Log out. (You could also create another \request test at this point trying to use the existing token which should no longer work).

If you don’t know how to set or use variables. Then please take advantage of the Learning Center.

Introduction | Postman Learning Center

In particular, the core Postman training.


I would recommend starting with the “Galaxy APIs 101” and “Galaxy Testing and Automation” courses.

Finally, the following will explain how to set and use variables.

Using variables | Postman Learning Center