Connect-As: See Your Customer's Odoo Through Their Eyes
One click. Full session. Every action audited. No more “send me your password” emails.
Every agency has lived through this
Three problems that show up in every support ticket.
“Customer says it’s broken”
They send a screenshot. You can’t reproduce. You ask for steps. They reply tomorrow. You ask for access. They send credentials over email. Nobody wins.
Sharing credentials is a mess
Passwords in Slack DMs. Shared logins that nobody resets. Five engineers using the same admin account. When something goes wrong, no one knows who did what.
No audit trail
A record was changed last Tuesday. Who did it? Was it the customer, the agency, or the integrator? Without a real audit log, you’re guessing. Compliance hates guessing.
How Connect-As works
Three steps. No password sharing. No back and forth.
Click Connect-As
Open the customer’s environment in your OEC.sh dashboard. There’s a Connect-As button right next to it. Click it.
Pick the user
Choose which user identity to take on. Sales rep? Accountant? Warehouse manager? You see exactly what they see.
Get a scoped session
You land inside their Odoo. Time-bounded. Every click logged. When you’re done, the session ends and the record stays.
No VPN. No screen share. No “can you forward me your password manager invite?”
What you can do with Connect-As
Real work, on real customer data, in real time.
Debug as a real user
Not as admin. As the actual person who has the bug. See the exact menu, the exact form, the exact button that’s missing.
Reproduce permission issues
“I can’t see the invoices module.” Connect as them. Confirm the bug. Fix the access rule. Done in five minutes.
Walk customers through workflows
On a call. Connect-As to their account. Click through the steps yourself while they watch. Skip the “share your screen” dance.
Onboard new users live
Configure a teammate’s view in real time. Pin the right favorites. Hide the noise. Hand them an account that’s already shaped to their job.
Investigate tickets in context
Stop bouncing between Helpscout, screenshots, and Slack threads. Open the ticket, click Connect-As, see the actual problem.
Run a customer demo
Sales call coming up? Click Connect-As on the demo account. No login screen. No password reset email at the worst possible moment.
A real audit trail. Not just a log file.
Cross-org audit log
Admins see every Connect-As session across every organization they manage.
Per-session record
Who connected. Who they impersonated. When it started. When it ended. What they did.
Permanent and exportable
Every event is immutable. Export to CSV or JSON for your SOC 2 audit, internal review, or compliance officer.
target: bob@acme-customer.com
org: acme-prod, expires_at: +60min
change: +Sales/User
Org owners stay in control
Connect-As is a tool, not a backdoor. Every organization decides its own rules.
Opt-in by default
Connect-As is off until the org owner turns it on. No surprise impersonation. No vendor sneaking in. The customer sets the rules.
Disable for sensitive customers
Got a finance customer who can’t allow any third party in their data? Flip it off. Their org becomes invisible to Connect-As entirely.
Security and Compliance tab
Every setting lives in one place. Who can use Connect-As. Which user roles are impersonatable. Session length. Notification rules. All visible. All exportable.
Registration tokens
Pre-authorized access codes for support teams. Hand a contractor a token, scoped to one org and one week. When the work is done, the token expires. No leftover access hanging around.
Available on every paid plan
Connect-As used to be Agency-only. Now it ships on Starter and above.
| Plan | Price | Connect-As access |
|---|---|---|
| Free | $0/mo | Not available |
| Starter | $19/mo | Within your own organization |
| Pro | $39/mo | Same as Starter, unlimited usage |
| Agency | $199/mo | Cross-organization, plus everything in Pro |
Cross-org Connect-As lets agency admins impersonate users in tenant orgs they manage. See the agency plan for the full picture.
Who actually uses this every day
Four scenarios from real OEC.sh customers.
Debug 50 client Odoos without 50 password resets
A mid-size partner runs 50 customer environments. Before Connect-As, every support ticket meant chasing a credential reset. Now: ticket comes in, click Connect-As, fix it, close. Average resolution time dropped from two days to under an hour.
Onboard a teammate by walking them through their account
New hire joins. You connect as them, walk through the standard workflow, pin the right shortcuts, set their kanban view, hand back a configured account. They start productive on day one instead of week two.
See what a sales rep sees vs an accountant
Permissions in Odoo are layered. Groups, record rules, multi-company, security. Connect as the sales rep. Then connect as the accountant. The difference is right there in front of you. No more guessing.
Log into the demo account in one click
You’re three minutes from a sales call. The demo account password expired. Connect-As to the demo user, prep the screen, jump on the call. The prospect never knows you were panicking 30 seconds ago.
The security model
Four guardrails. None optional.
Permission-gated
Your account needs the Connect-As permission, granted by an org owner. No permission, no button.
Time-bounded
Sessions auto-expire. Default is 60 minutes, configurable down to 5. No forgotten tabs sitting open overnight.
Signed tokens
Cryptographically signed redemption tokens. Can’t be forged. Can’t be replayed. Tied to the actor, the target, and the time window.
Logged on both ends
Cross-org sessions write audit entries to the agency org and the tenant org. Two records. One source of truth.
Compare to Odoo.sh, where shared admin credentials are still the default support pattern.
Frequently asked questions
Everything customers and security teams want to know.
Does the customer get notified when I connect as them?
Yes. Every Connect-As session writes to the customer's audit log the moment it starts. Org owners can also opt into email or Slack alerts for each impersonation event. Nothing happens silently.
Can I impersonate the database admin?
You can impersonate any user the org owner has authorized for Connect-As, including admin roles, but only if they explicitly enable admin impersonation in the Security and Compliance tab. By default, admin-level accounts are excluded for safety.
How long does a Connect-As session last?
Sessions are time-bounded and auto-expire. The default is 60 minutes. Org owners can shorten this in settings. When the session expires, you have to start a new one, which creates a fresh audit entry.
Is there a record of what I did during the session?
Yes. Every action you take inside a Connect-As session is logged: page views, record edits, button clicks, settings changes. The log is permanent and exportable. Compliance teams can review it at any time.
Can I disable Connect-As for my organization?
Absolutely. Connect-As is opt-in by default. Org owners can disable it entirely in the Security and Compliance tab. You can also disable it per-user, so only specific accounts are impersonatable.
What's the difference between Connect-As and shared credentials?
Shared credentials are a security disaster: passwords leak in Slack, get reused, and you have no record of who actually did what. Connect-As gives every support engineer their own identity, scoped time, and a full audit trail tied to the real person, not a shared account.
Stop asking customers for their password.
Connect-As ships on every paid plan. Start free, upgrade when you need it. Your support team will thank you. Your security officer will thank you twice.