diff --git a/packages/protos/io/restorecommerce/auth.proto b/packages/protos/io/restorecommerce/auth.proto
index 29c914ea..f53c7c86 100644
--- a/packages/protos/io/restorecommerce/auth.proto
+++ b/packages/protos/io/restorecommerce/auth.proto
@@ -23,6 +23,7 @@ message Tokens {
   optional bool interactive = 6;
   optional google.protobuf.Timestamp last_login = 7;
   optional string client_id = 8;
+  optional string impersonated_by = 9; // ID of the impersonator
 }
 
 message HierarchicalScope {
diff --git a/packages/protos/io/restorecommerce/user.proto b/packages/protos/io/restorecommerce/user.proto
index 028d958e..b47c1369 100644
--- a/packages/protos/io/restorecommerce/user.proto
+++ b/packages/protos/io/restorecommerce/user.proto
@@ -58,6 +58,8 @@ service UserService {
   rpc ResetTOTP (ResetTOTPRequest) returns (io.restorecommerce.status.OperationStatusObj);
   rpc MfaStatus (MfaStatusRequest) returns (MfaStatusResponse);
   rpc GetUnauthenticatedSubjectTokenForTenant(TenantRequest) returns (TenantResponse);
+  rpc Impersonate (ImpersonateRequest) returns (ImpersonateResponse);
+  rpc EndImpersonation (EndImpersonationRequest) returns (EndImpersonateResponse);
 }
 
 /**
@@ -70,6 +72,33 @@ message LoginRequest {
   optional string token = 3;
 }
 
+message ImpersonateRequest {
+  optional string identifier = 1; // Username to impersonate
+  optional io.restorecommerce.auth.Subject subject = 2; // Impersonator's subject
+}
+
+message AccessTokenData {
+  optional string access_token = 1;
+  optional google.protobuf.Timestamp expires_in = 2;
+  optional string token_type = 3;
+  optional string scope = 4;
+  optional string token_name = 5;
+}
+
+message ImpersonateResponse {
+  optional io.restorecommerce.status.Status status = 1;
+  optional AccessTokenData payload = 2;
+}
+
+message EndImpersonationRequest {
+  optional io.restorecommerce.auth.Subject subject = 1;
+}
+
+message EndImpersonateResponse {
+  optional io.restorecommerce.status.Status status = 1;
+  optional AccessTokenData payload = 2;
+}
+
 message LoginResponse {
   optional User payload = 1;
   optional io.restorecommerce.status.Status status = 2;