diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index 00bf8cbe1c5..49410fe0743 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -33,6 +33,7 @@ class Kernel extends HttpKernel
             \BookStack\Http\Middleware\StartSessionExtended::class,
             \Illuminate\View\Middleware\ShareErrorsFromSession::class,
             \BookStack\Http\Middleware\VerifyCsrfToken::class,
+            \BookStack\Http\Middleware\Impersonate::class,
             \BookStack\Http\Middleware\CheckEmailConfirmed::class,
             \BookStack\Http\Middleware\RunThemeActions::class,
             \BookStack\Http\Middleware\Localization::class,
diff --git a/app/Http/Middleware/Impersonate.php b/app/Http/Middleware/Impersonate.php
new file mode 100644
index 00000000000..b3c540a9594
--- /dev/null
+++ b/app/Http/Middleware/Impersonate.php
@@ -0,0 +1,32 @@
+<?php
+
+namespace BookStack\Http\Middleware;
+
+use BookStack\Permissions\Permission;
+use Closure;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+use Symfony\Component\HttpFoundation\Response;
+
+class Impersonate
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param Closure(Request): (Response) $next
+     */
+    public function handle(Request $request, Closure $next): Response
+    {
+        $impersonateId = session('impersonate', null);
+        if (empty($impersonateId)) {
+            return $next($request);
+        }
+
+        $realUser = auth()->user();
+        if ($realUser && $realUser->can(Permission::UsersManage)) {
+            Auth::onceUsingId($impersonateId);
+        }
+
+        return $next($request);
+    }
+}
diff --git a/app/Users/Controllers/UserController.php b/app/Users/Controllers/UserController.php
index 494221b143e..4ab838fc6a1 100644
--- a/app/Users/Controllers/UserController.php
+++ b/app/Users/Controllers/UserController.php
@@ -191,6 +191,36 @@ public function delete(int $id)
         return view('users.delete', ['user' => $user]);
     }
 
+    /**
+     * Start impersonating the specified user.
+     */
+    public function impersonate(int $id)
+    {
+        $this->checkPermission(Permission::UsersManage);
+
+        $user = $this->userRepo->getById($id);
+
+        if ($user->isGuest() || $user->id === user()->id) {
+            $this->showErrorNotification(trans('errors.users_cannot_impersonate'));
+            return redirect("/settings/users/{$id}");
+        }
+
+        session(['impersonate' => $user->id]);
+
+        return redirect('/');
+    }
+
+    /**
+     * Stop impersonating and return to user edit page.
+     */
+    public function stopImpersonate()
+    {
+        $userId = session('impersonate');
+        session()->forget('impersonate');
+
+        return redirect("/settings/users/{$userId}");
+    }
+
     /**
      * Remove the specified user from storage.
      *
diff --git a/lang/en/errors.php b/lang/en/errors.php
index 20537d59f0c..9ee6ba0cf0b 100644
--- a/lang/en/errors.php
+++ b/lang/en/errors.php
@@ -78,6 +78,7 @@
     // Users
     'users_cannot_delete_only_admin' => 'You cannot delete the only admin',
     'users_cannot_delete_guest' => 'You cannot delete the guest user',
+    'users_cannot_impersonate' => 'You cannot impersonate this user',
     'users_could_not_send_invite' => 'Could not create user since invite email failed to send',
 
     // Roles
diff --git a/lang/en/settings.php b/lang/en/settings.php
index c4d1eb136eb..8448be5aee9 100644
--- a/lang/en/settings.php
+++ b/lang/en/settings.php
@@ -231,6 +231,11 @@
     'users_external_auth_id_desc' => 'When an external authentication system is in use (such as SAML2, OIDC or LDAP) this is the ID which links this BookStack user to the authentication system account. You can ignore this field if using the default email-based authentication.',
     'users_password_warning' => 'Only fill the below if you would like to change the password for this user.',
     'users_system_public' => 'This user represents any guest users that visit your instance. It cannot be used to log in but is assigned automatically.',
+    'users_impersonate' => 'Impersonate User',
+    'users_impersonate_desc' => 'Log in and browse the application as this user.',
+    'users_impersonate_action' => 'Impersonate',
+    'users_impersonating' => 'Impersonating: :name',
+    'users_impersonate_stop' => 'Stop Impersonating',
     'users_delete' => 'Delete User',
     'users_delete_named' => 'Delete user :userName',
     'users_delete_warning' => 'This will fully delete this user with the name \':userName\' from the system.',
diff --git a/resources/views/layouts/base.blade.php b/resources/views/layouts/base.blade.php
index b868cb88804..78b8a11bc2f 100644
--- a/resources/views/layouts/base.blade.php
+++ b/resources/views/layouts/base.blade.php
@@ -54,6 +54,13 @@ class="@stack('body-class')">
     @include('layouts.parts.base-body-start')
     @include('layouts.parts.skip-to-content')
     @include('layouts.parts.notifications')
+    @if(session('impersonate'))
+        <div style="background-color:#c0392b;color:#fff;text-align:center;padding:8px 16px;font-size:0.9em;">
+            {{ trans('settings.users_impersonating', ['name' => user()->name]) }}
+            &nbsp;|&nbsp;
+            <a href="{{ url('/impersonate/stop') }}" style="color:#fff;text-decoration:underline;">{{ trans('settings.users_impersonate_stop') }}</a>
+        </div>
+    @endif
     @include('layouts.parts.header')
 
     <div id="content" components="@yield('content-components')" class="block">
diff --git a/resources/views/layouts/parts/header-user-menu.blade.php b/resources/views/layouts/parts/header-user-menu.blade.php
index c252deb8218..477760fb78e 100644
--- a/resources/views/layouts/parts/header-user-menu.blade.php
+++ b/resources/views/layouts/parts/header-user-menu.blade.php
@@ -39,20 +39,27 @@ class="icon-item">
         </li>
         <li role="presentation"><hr></li>
         <li>
-            @php
-                $logoutPath = match (config('auth.method')) {
-                    'saml2' => '/saml2/logout',
-                    'oidc' => '/oidc/logout',
-                    default => '/logout',
-                }
-            @endphp
-            <form action="{{ url($logoutPath) }}" method="post">
-                {{ csrf_field() }}
-                <button class="icon-item" role="menuitem" data-shortcut="logout">
+            @if(session('impersonate'))
+                <a href="{{ url('/impersonate/stop') }}" role="menuitem" class="icon-item">
                     @icon('logout')
-                    <div>{{ trans('auth.logout') }}</div>
-                </button>
-            </form>
+                    <div>{{ trans('settings.users_impersonate_stop') }}</div>
+                </a>
+            @else
+                @php
+                    $logoutPath = match (config('auth.method')) {
+                        'saml2' => '/saml2/logout',
+                        'oidc' => '/oidc/logout',
+                        default => '/logout',
+                    }
+                @endphp
+                <form action="{{ url($logoutPath) }}" method="post">
+                    {{ csrf_field() }}
+                    <button class="icon-item" role="menuitem" data-shortcut="logout">
+                        @icon('logout')
+                        <div>{{ trans('auth.logout') }}</div>
+                    </button>
+                </form>
+            @endif
         </li>
     </ul>
 </div>
\ No newline at end of file
diff --git a/resources/views/users/edit.blade.php b/resources/views/users/edit.blade.php
index 611653d6a80..e0e9141fa45 100644
--- a/resources/views/users/edit.blade.php
+++ b/resources/views/users/edit.blade.php
@@ -103,6 +103,17 @@ class="button outline">{{ trans('settings.users_mfa_configure') }}</a>
         @endif
 
         @include('users.api-tokens.parts.list', ['user' => $user, 'context' => 'settings'])
+
+        @if(!$user->isGuest() && $user->id !== user()->id && userCan('users-manage') && !session('impersonate'))
+            <section class="card content-wrap auto-height">
+                <h2 class="list-heading">{{ trans('settings.users_impersonate') }}</h2>
+                <p class="text-muted text-small">{{ trans('settings.users_impersonate_desc') }}</p>
+                <form action="{{ url("/settings/users/{$user->id}/impersonate") }}" method="post">
+                    {!! csrf_field() !!}
+                    <button type="submit" class="button outline">{{ trans('settings.users_impersonate_action') }}</button>
+                </form>
+            </section>
+        @endif
     </div>
 
 @stop
diff --git a/routes/web.php b/routes/web.php
index a20c0a3d3d0..248f9e380d1 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -251,6 +251,8 @@
     Route::get('/settings/users/{id}', [UserControllers\UserController::class, 'edit']);
     Route::put('/settings/users/{id}', [UserControllers\UserController::class, 'update']);
     Route::delete('/settings/users/{id}', [UserControllers\UserController::class, 'destroy']);
+    Route::post('/settings/users/{id}/impersonate', [UserControllers\UserController::class, 'impersonate']);
+    Route::get('/impersonate/stop', [UserControllers\UserController::class, 'stopImpersonate']);
 
     // User Account
     Route::get('/my-account', [UserControllers\UserAccountController::class, 'redirect']);
diff --git a/tests/User/UserImpersonationTest.php b/tests/User/UserImpersonationTest.php
new file mode 100644
index 00000000000..66ad72d77ae
--- /dev/null
+++ b/tests/User/UserImpersonationTest.php
@@ -0,0 +1,194 @@
+<?php
+
+namespace Tests\User;
+
+use Tests\TestCase;
+
+class UserImpersonationTest extends TestCase
+{
+    protected function tearDown(): void
+    {
+        session()->forget('impersonate');
+        parent::tearDown();
+    }
+
+    public function test_impersonate_button_shown_on_edit_page_for_admin()
+    {
+        $viewer = $this->users->viewer();
+
+        $resp = $this->asAdmin()->get("/settings/users/{$viewer->id}");
+
+        $this->withHtml($resp)->assertElementExists("form[action$=\"/settings/users/{$viewer->id}/impersonate\"]");
+        $resp->assertSee('Impersonate User');
+    }
+
+    public function test_impersonate_button_not_shown_for_non_admin()
+    {
+        $viewer = $this->users->viewer();
+        $editor = $this->users->editor();
+
+        $resp = $this->actingAs($editor)->get("/settings/users/{$viewer->id}");
+
+        $resp->assertDontSee('Impersonate User');
+        $this->withHtml($resp)->assertElementNotExists("form[action$=\"/settings/users/{$viewer->id}/impersonate\"]");
+    }
+
+    public function test_impersonate_button_not_shown_for_own_user()
+    {
+        $admin = $this->users->admin();
+
+        $resp = $this->actingAs($admin)->get("/settings/users/{$admin->id}");
+
+        $resp->assertDontSee('Impersonate User');
+        $this->withHtml($resp)->assertElementNotExists("form[action$=\"/settings/users/{$admin->id}/impersonate\"]");
+    }
+
+    public function test_impersonate_button_not_shown_for_guest_user()
+    {
+        $guest = $this->users->guest();
+
+        $resp = $this->asAdmin()->get("/settings/users/{$guest->id}");
+
+        $resp->assertDontSee('Impersonate User');
+        $this->withHtml($resp)->assertElementNotExists("form[action$=\"/settings/users/{$guest->id}/impersonate\"]");
+    }
+
+    public function test_impersonate_button_not_shown_when_already_impersonating()
+    {
+        $viewer = $this->users->viewer();
+        $editor = $this->users->editor();
+
+        $this->asAdmin()->post("/settings/users/{$viewer->id}/impersonate");
+
+        $resp = $this->get("/settings/users/{$editor->id}");
+        $resp->assertDontSee('Impersonate User');
+    }
+
+    public function test_impersonate_sets_session_and_redirects_to_home()
+    {
+        $viewer = $this->users->viewer();
+
+        $resp = $this->asAdmin()->post("/settings/users/{$viewer->id}/impersonate");
+
+        $resp->assertRedirect('/');
+        $this->assertSessionHas('impersonate', $viewer->id);
+    }
+
+    public function test_impersonate_requires_users_manage_permission()
+    {
+        $viewer = $this->users->viewer();
+        $editor = $this->users->editor();
+
+        $resp = $this->actingAs($editor)->post("/settings/users/{$viewer->id}/impersonate");
+
+        $resp->assertRedirect('/');
+        $this->assertSessionMissing('impersonate');
+    }
+
+    public function test_cannot_impersonate_guest_user()
+    {
+        $guest = $this->users->guest();
+
+        $resp = $this->asAdmin()->post("/settings/users/{$guest->id}/impersonate");
+
+        $resp->assertRedirect("/settings/users/{$guest->id}");
+        $this->assertSessionError('You cannot impersonate this user');
+        $this->assertSessionMissing('impersonate');
+    }
+
+    public function test_cannot_impersonate_self()
+    {
+        $admin = $this->users->admin();
+
+        $resp = $this->actingAs($admin)->post("/settings/users/{$admin->id}/impersonate");
+
+        $resp->assertRedirect("/settings/users/{$admin->id}");
+        $this->assertSessionError('You cannot impersonate this user');
+        $this->assertSessionMissing('impersonate');
+    }
+
+    public function test_impersonation_banner_shown_while_impersonating()
+    {
+        $viewer = $this->users->viewer();
+
+        $this->asAdmin()->post("/settings/users/{$viewer->id}/impersonate");
+        $resp = $this->get('/');
+
+        $resp->assertSee('Impersonating: ' . $viewer->name);
+        $resp->assertSee('Stop Impersonating');
+    }
+
+    public function test_impersonation_banner_not_shown_when_not_impersonating()
+    {
+        $resp = $this->asAdmin()->get('/');
+
+        $resp->assertDontSee('Impersonating:');
+        $resp->assertDontSee('Stop Impersonating');
+    }
+
+    public function test_requests_are_performed_as_impersonated_user()
+    {
+        $viewer = $this->users->viewer();
+        $admin = $this->users->admin();
+
+        $this->actingAs($admin)->post("/settings/users/{$viewer->id}/impersonate");
+
+        $resp = $this->get('/');
+        $resp->assertSee('Impersonating: ' . $viewer->name);
+    }
+
+    public function test_stop_impersonate_clears_session_and_redirects_to_user_edit()
+    {
+        $viewer = $this->users->viewer();
+
+        $this->asAdmin()->post("/settings/users/{$viewer->id}/impersonate");
+        $this->assertSessionHas('impersonate', $viewer->id);
+
+        $resp = $this->get('/impersonate/stop');
+
+        $resp->assertRedirect("/settings/users/{$viewer->id}");
+        $this->assertSessionMissing('impersonate');
+    }
+
+    public function test_stop_impersonate_banner_gone_after_stopping()
+    {
+        $viewer = $this->users->viewer();
+
+        $this->asAdmin()->post("/settings/users/{$viewer->id}/impersonate");
+        $this->get('/impersonate/stop');
+
+        $resp = $this->get('/');
+        $resp->assertDontSee('Impersonating:');
+    }
+
+    public function test_middleware_does_not_switch_user_without_impersonate_session()
+    {
+        $admin = $this->users->admin();
+
+        $resp = $this->actingAs($admin)->get('/');
+
+        $resp->assertDontSee('Impersonating:');
+    }
+
+    public function test_middleware_does_not_switch_user_if_actor_lacks_users_manage()
+    {
+        $viewer = $this->users->viewer();
+        $editor = $this->users->editor();
+
+        $this->actingAs($editor)->withSession(['impersonate' => $viewer->id]);
+
+        $resp = $this->get('/');
+
+        $resp->assertDontSee('Impersonating: ' . $viewer->name);
+    }
+
+    public function test_stop_impersonate_link_shown_in_user_menu_while_impersonating()
+    {
+        $viewer = $this->users->viewer();
+
+        $this->asAdmin()->post("/settings/users/{$viewer->id}/impersonate");
+        $resp = $this->get('/');
+
+        $this->withHtml($resp)->assertElementContains('a[href="' . url('/impersonate/stop') . '"]', 'Stop Impersonating');
+    }
+}