To monitor which users are performing impersonations in a ServiceNow instance, administrators can activate thesystem propertyglide.sys.log_impersonation. When enabled, this property logs impersonation activities in the system logs, providing full traceability of who is impersonating whom.

Here’s how it works:

By default, impersonation is not loggedunless this system property is explicitly activated.

Once enabled, all impersonation activities are recordedin thesyslogtable (System Log > All), making it easy to track when and by whom impersonations were performed.

This helps in security audits and compliance tracking, ensuring that only authorized users impersonate others in the system.

????Steps to Enable Logging of Impersonations:

Navigate toSystem Definition > System Properties.

In the filter navigator, search forglide.sys.log_impersonation.

Set the value totrue.

Save the changes.

????Alternative Verification Methods:

Check logs manually: Navigate toSystem Logs > Alland filter logs bymessagecontaining"impersonation".

Audit the impersonation role assignments underSystem Security > Roles.

????Reference:

ServiceNow KB Article:KB0717055 – How to Log Impersonations

ServiceNow Docs: Logging and Monitoring in ServiceNow