By default, ActAs and OnBehalfOf requests are disabled in the Access Manager Identity Server. To enable delegation and impersonation, you must enable ActAs and OnBehalfOf by performing the following steps:
Go to WS-Trust > Service Provider Domain.
Click the service provider domain name for which you want to enable ActAs and OnBehalfOf operations.
Under WS Trust Operations, select ActAs and OnBehalfOf in Available operations and move to Selected operations.
Click OK.
These operations are restricted to a set of privileged user accounts defined in the policy. You need to configure the allowed user accounts who can perform ActAs and OnBehalfOf operations. For information, see Adding Policy for ActAs and OnBehalfOf.