This article explains how customers can manage impersonation access for their Service Provider, ensuring the provider has the necessary access for support and configuration tasks. It also shows where to adjust these settings in the Backup Portal’s Organization settings.
Impersonation access levels
Admin user for the customer's M365 tenant can choose the level of Impersonation access they wish to grant for their Service Provider (via Nexetic Vendor Portal). Service Provider can be granted full or limited access to the customer's backup portal, or the access can be fully denied. The options are:
- Full admin access, incl. access to users' and organization's backups to search & restore data. This access level is recommended if the Service Provider is responsible for handling all end-users' M365 backup related support requests, including data restorations on customer's and end-users' behalf.
- Restricted - access to Dashboard, Users and Settings pages and Audit Log only. With this access level Service Provider can make and change backup configurations, but not view or restore any data in backup.
- None - no access to the customer's backup environment. Service Provider can only see customer details in Nexetic Portal, including customer's name, M365 tenant and purchased licenses & storage space, but the Impersonate option is disabled.
Note
To investigate an issue that was escalated to Nexetic Support team, an engineer may need to access the customer’s backup environment. If a verified customer contact has requested troubleshooting and their impersonation settings allow it, we may use impersonation without asking for separate consent. All impersonation events are recorded in the Audit Log, where they are visible to the customer.
How to set the access level
You can define Impersonation access on the Backup portal's Settings page -> click Organization settings in the top menu. Select the right level and click Save.