Home
SkeletonKey consists of two Joomla! plugins which add a “Login as User” button to the backend (administrator) Users component in Joomla!. Clicking on that button logs you into the frontend of the site as that user.
Sometimes users report issues on your site which at first glance don't make sense. Troubleshooting them requires having access to their user account on your site. For example, reported issues with discount coupon codes in e-commerce sites, or users not seeing modules / menu items which according to their user groups they should be seeing.
Being able to quickly log into your site as that user is a tremendous help in verifying the validity of the issue report and troubleshooting it.
SkeletonKey is written with security as the primary and foremost concern.
The login as user button will only be shown in the backend of the site, and only on the user groups you choose to. By default, this is limited to Super Users only i.e. the users on the site which have absolute control of all aspects of it.
The plugins work using short-lived tokens (they expire 10 seconds after creating them), with cryptographically-strong random generated 20 character authorisation codes, and cookies which are locked into your (administrator) user session — the same method the Remember Me plugin built into Joomla! itself uses. This means that it is as secure as your administrator login, and even if you get disconnected or otherwise cannot access your site right after clicking the button the Login as User authorisation expires pretty dang soon.
This is up to the people using this plugin — that's you. You should only make use of this plugin upon obtaining explicit consent of the user you are logging as, and you should respect their privacy. In many jurisdictions you may even be legally required to do so.
SkeletonKey is compatible with Joomla! 4.2 or later, including Joomla! 5. It requires PHP 7.2, 7.3, 7.4, 8.0, 8.1, 8.2, or 8.3.
Please note that Joomla! 5 itself requires PHP 8.1 or later.
- Download the package from the Releases page.
- Install it on your site (System, Extensions, Install)
- Make sure that both the “Authentication - Skeleton Key” and the “System - Skeleton Key” plugin is published, with its access set to Public.
- Go to Users, Manage. Below each user you will see a “Login as User” button. Click on it to log into the frontend of the site as this user.
For usage details, and tips & tricks please refer to The System plugin's documentation page.