Ban User: {user.name}

Quick select reason

{[ 'Violated terms of service', 'Free tier abuse', 'Spam or suspicious activity', 'Non payment of dues', ].map((reason) => ( ))}

Reason for ban

setBanReason(e.target.value)}
              placeholder="Enter the reason for banning this user..."
              className="border-gray-300 dark:border-gray-600 focus:ring-red-500 focus:border-red-500 dark:bg-gray-800 w-full resize-none rounded-md border px-3 py-2 shadow-sm focus:ring-2 dark:text-white"
              rows={3}
              autoFocus
            />
            <div className="mt-4 flex justify-end gap-3">
              <button
                onClick={() => {
                  setShowBanModal(false);
                  setBanReason('');
                }}
                className="text-gray-700 dark:text-gray-300 bg-gray-100 dark:bg-gray-800 hover:bg-gray-200 dark:hover:bg-gray-700 cursor-pointer rounded-md px-4 py-2 text-sm font-medium transition"
              >
                Cancel
              </button>
              <button
                onClick={handleConfirmBan}
                className="bg-red-600 hover:bg-red-700 dark:bg-red-500 dark:hover:bg-red-600 cursor-pointer rounded-md px-4 py-2 text-sm font-medium text-white transition"
              >
                Confirm Ban
              </button>
            </div>
          </div>
        </td>
      )}
    </tr>
  );
}
```

The `UserRow` component includes the following functionality:

1. **State management**
   - `showBanModal`: Controls whether the ban confirmation modal is visible.
   - `banReason`: Stores the reason provided for banning a user.

2. `handleBanToggle()`
   - If the user is already banned, calls `authClient.admin.unbanUser()` to unban them.
   - If the user is not banned, opens the ban modal to collect a reason.
   - Refreshes the user list after changes.

3. `handleConfirmBan()`
   - Calls `authClient.admin.banUser()` with the user’s ID and the selected or entered ban reason.
   - Resets the modal state and refreshes the user list.

4. `handleImpersonate()`
   - Calls `authClient.admin.impersonateUser()` with the user’s ID.
   - If successful, redirects the admin to the homepage (`'/'`) as the impersonated user.

5. **Row rendering**
   - Displays user details: **Name, Email, Role, and Status (Active/Banned)**.
   - Shows action buttons:
     - **Impersonate**: Disabled if the user is banned.
     - **Ban/Unban**: Toggles based on the user’s current status.

6. **Ban modal**
   - Appears when banning a user.
   - Provides quick‑select ban reasons and a textarea for custom reasons.

This component ensures that admins can **manage user accounts directly from the dashboard**, with clear UI feedback for banning, unbanning, and impersonating users.

## Create the user list component

Create a file `src/components/AdminDashboard.tsx`. This component will fetch and display the list of users using the Admin API.

```tsx shouldWrap
import { useEffect, useState } from 'react';
import { authClient } from '../auth';
import { UserRow } from './UserRow';
import { RedirectToSignIn, SignedIn } from '@neondatabase/neon-js/auth/react/ui';
import type { User } from '@neondatabase/neon-js/auth/types';

export type UserType = User & { banned: boolean | null } & { role?: string | null };

export default function AdminDashboard() {
  const [users, setUsers] = useState<UserType[]>([]);
  const [userDataLoading, setUserDataLoading] = useState(false);
  const { data, isPending: isSessionDataLoading } = authClient.useSession();

const fetchUsers = async () => {
    setUserDataLoading(true);
    const { data, error } = await authClient.admin.listUsers({
      query: { limit: 100, sortBy: 'createdAt', sortDirection: 'desc' },
    });

if (data) {
      setUsers(data.users);
    } else {
      console.error(error);
      alert('Failed to fetch users.');
    }
    setUserDataLoading(false);
  };

useEffect(() => {
    if (data?.user?.role === 'admin') fetchUsers();
  }, [data]);

if (userDataLoading || isSessionDataLoading) {
    return (
      <div className="text-gray-600 dark:text-gray-300 flex min-h-screen items-center justify-center">
        Loading users…
      </div>
    );
  }

const isImpersonating = data?.session?.impersonatedBy;

return (
    <div
      className={`bg-gray-50 dark:bg-gray-900 min-h-screen px-4 py-8 lg:px-8 sm:px-6 ${isImpersonating ? 'pt-20' : ''}`}
    >
      <SignedIn>
        {data?.user?.role === 'admin' ? (
          <>
            <div className="mb-6 flex items-center justify-between">
              <h1 className="text-gray-900 text-2xl font-semibold dark:text-white">
                Support Dashboard
              </h1>
            </div>

<div className="border-gray-200 dark:border-gray-700 dark:bg-gray-800 relative overflow-x-auto rounded-lg border bg-white shadow-sm">
              <table className="min-w-full text-sm">
                <thead className="bg-gray-100 text-gray-700 dark:bg-gray-700 dark:text-gray-200 sticky top-0 z-10">
                  <tr>
                    <th className="px-4 py-3 text-left font-medium">User Name</th>
                    <th className="px-4 py-3 text-left font-medium">Email</th>
                    <th className="px-4 py-3 text-left font-medium">Role</th>
                    <th className="px-4 py-3 text-left font-medium">Status</th>
                    <th className="px-4 py-3 text-left font-medium">Actions</th>
                  </tr>
                </thead>

<tbody className="divide-gray-200 dark:divide-gray-700 divide-y">
                  {users.map((user) => (
                    <UserRow key={user.id} user={user} refreshData={fetchUsers} />
                  ))}
                </tbody>
              </table>
            </div>
          </>
        ) : (
          <div className="border-red-400 bg-red-50 text-red-700 dark:border-red-500 dark:bg-red-900/30 dark:text-red-300 mx-auto max-w-lg rounded-lg border p-6 text-center">
            <h2 className="mb-2 text-lg font-semibold">Access Denied</h2>
            <p>You do not have permission to view this page.</p>
          </div>
        )}
      </SignedIn>

<RedirectToSignIn />
    </div>
  );
}
```

The `AdminDashboard` component includes the following features:

1. **State management**
   - `users`: Stores the list of users fetched from the backend.
   - `userDataLoading`: Tracks whether user data is currently being loaded.
   - `authClient.useSession()`: Provides session data and loading state for the authenticated user.

2. **`fetchUsers()`**
   - Calls `authClient.admin.listUsers()` to retrieve up to 100 users, sorted by creation date (newest first).
     > For detailed guidance on customizing query parameters, enabling partial searches by name or email, and implementing pagination for large user bases, see the [Admin API](/docs/auth/guides/plugins/admin) reference
   - Updates the `users` state with the fetched data.
   - Handles errors by logging them and showing an alert.
   - Sets loading state before and after the request.

3. **`useEffect()`**
   - Runs when session data changes.
   - If the logged‑in user has the role `admin`, it triggers `fetchUsers()` to load user data.

4. **Loading state**
   - If either session data or user data is still loading, displays a “Loading users…” message.

5. **Dashboard rendering**
   - If the user has the `admin` role:
     - Displays a **Support dashboard** header.
     - Renders a table of users with columns for **User ID, Email, Role, Status, and Actions** (using the `UserRow` component).
   - If the user is not an admin:
     - Shows an **Access Denied** message.

6. **Authentication handling**
   - Only renders the dashboard for signed‑in users by wrapping the content in `<SignedIn>`.
   - Uses `<RedirectToSignIn>` to redirect unauthenticated users to the sign‑in page.

## Add an Impersonation banner

When impersonating a user, it is critical to have a way to return to your admin account. This component checks the session for the `impersonatedBy` field on the session object and displays a banner with a button to stop impersonation.

Create `src/components/ImpersonationBanner.tsx`:

```tsx shouldWrap
import { authClient } from '../auth';

export function ImpersonationBanner() {
  const { data: session } = authClient.useSession();

// Only render if currently impersonating
  if (!session?.session.impersonatedBy) return null;

const stopImpersonation = async () => {
    await authClient.admin.stopImpersonating();
    window.location.reload();
  };

return (
    <div className="bg-amber-400 text-amber-900 fixed left-0 right-0 top-0 z-50 flex items-center justify-center gap-4 p-3 font-medium shadow-md">
      <span>
        👀 You are impersonating <strong>{session.user.email}</strong>
      </span>
      <button
        onClick={stopImpersonation}
        className="bg-amber-900 text-amber-50 hover:bg-amber-800 rounded px-4 py-1 text-sm font-bold shadow-sm transition"
      >
        Return to Admin
      </button>
    </div>
  );
}
```

The `ImpersonationBanner` component includes the following features:

1. **Session handling**
   - Uses `authClient.useSession()` to access the current session data.
   - Checks if the session includes `impersonatedBy`.
   - If not impersonating, the component returns `null` (renders nothing).

2. **`stopImpersonation()`**
   - Calls `authClient.admin.stopImpersonating()` to end the impersonation session and revert to the admin account.

3. **Banner rendering**
   - Displays a fixed banner at the top of the screen to display the user information being impersonated.
   - Includes a **Return to Admin** button that triggers `stopImpersonation()`.

This component ensures admins have clear visibility when impersonating a user and provides a quick way to return to their own account.

## Complete the App component

Finally, update `src/App.tsx` to include routing and the main dashboard layout.

```tsx shouldWrap
import { RedirectToSignIn, SignedIn, UserButton } from '@neondatabase/neon-js/auth/react';
import AdminDashboard from './components/AdminDashboard';
import { Link, Route, Routes } from 'react-router';
import Auth from './pages/Auth';
import Account from './pages/Account';
import { authClient } from './auth';

const HomePage = () => {
  const { data, isPending } = authClient.useSession();
  const isImpersonating = data?.session?.impersonatedBy;

if (isPending) {
    return (
      <div className="text-gray-600 dark:text-gray-300 flex min-h-screen items-center justify-center">
        Loading session…
      </div>
    );
  }

return (
    <div
      className={`bg-gray-50 dark:bg-gray-900 min-h-screen px-4 py-8 ${isImpersonating ? 'pt-20' : ''}`}
    >
      <div className="mx-auto max-w-2xl space-y-6">
        <SignedIn>
          <div className="flex items-center justify-between">
            <h1 className="text-gray-900 text-3xl font-semibold dark:text-white">
              Client Dashboard
            </h1>
            <UserButton className="bg-gray-100 text-gray-900 hover:bg-gray-200 dark:bg-gray-800 dark:text-gray-100 dark:hover:bg-gray-700 ring-gray-200 dark:ring-gray-700 focus-visible:ring-blue-500 flex items-center gap-2 rounded-full ring-1 transition-all duration-150 focus:outline-none focus-visible:ring-2" />
          </div>

<div className="border-gray-200 dark:border-gray-700 dark:bg-gray-800 rounded-lg border bg-white p-5 shadow-sm">
            <p className="text-gray-600 dark:text-gray-300 text-sm">
              <span className="font-semibold">Status:</span>{' '}
              {data?.session ? (
                <span className="text-green-600 dark:text-green-400">Authenticated</span>
              ) : (
                <span className="text-red-500">Guest</span>
              )}
            </p>

{data?.user && (
              <p className="text-gray-600 dark:text-gray-300 mt-2 text-sm">
                <span className="font-semibold">User ID:</span> {data.user.id}
              </p>
            )}
          </div>

<div className="border-gray-200 bg-gray-950 text-gray-100 dark:border-gray-700 rounded-lg border p-4 text-sm shadow-sm">
            <div className="text-gray-400 mb-2 text-xs font-semibold uppercase tracking-wide">
              Session Data
            </div>
            <pre className="max-h-72 overflow-auto whitespace-pre-wrap break-words">
              {JSON.stringify(data, null, 2)}
            </pre>
          </div>

{data?.user?.role === 'admin' && (
            <div className="border-green-500 bg-green-50 dark:border-green-400 dark:bg-green-900/30 rounded-lg border p-5">
              <h2 className="text-green-800 dark:text-green-200 mb-2 text-lg font-semibold">
                Admin Access
              </h2>
              <p className="text-green-700 dark:text-green-100 mb-4 text-sm">
                You have permission to manage users and system settings.
              </p>

<Link
                to="/admin"
                className="bg-green-600 hover:bg-green-700 dark:bg-green-600 dark:hover:bg-green-800 inline-flex items-center rounded-md px-4 py-2 text-sm font-medium text-white transition"
              >
                Go to Admin Dashboard →
              </Link>
            </div>
          )}
        </SignedIn>

<RedirectToSignIn />
      </div>
    </div>
  );
};

export default function App() {
  return (
    <Routes>
      <Route path="/" element={<HomePage />} />
      <Route path="/admin" element={<AdminDashboard />} />
      <Route path="/auth/:path" element={<Auth />} />
      <Route path="/account/:path" element={<Account />} />
    </Routes>
  );
}
```

This file defines the main **React application** with routing and a client dashboard that integrates authentication and admin access:

1. **`HomePage` component**
   - **Session handling**
     - Uses `authClient.useSession()` to fetch session data and loading state.
   - **Header**
     - Displays a "Client Dashboard" title.
     - Includes a `UserButton` for account management (profile, sign out, etc.).
   - **User and session details**
     - Shows authentication status and user ID if logged in.
     - Renders raw session data for debugging purposes.
   - **Admin call‑to‑action**
     - If the user’s role is `admin`, shows an “Admin Access” card.
     - Provides a link to the **Admin Dashboard** (`/admin`).
   - **Authentication handling**
     - Uses `<SignedIn>` to render content only for authenticated users.
     - Uses `<RedirectToSignIn>` to redirect unauthenticated users to the sign‑in page.

2. **`App` component:**
   The main application component that sets up routing using `react-router` with the following routes:
   - `/` → `HomePage`
   - `/admin` → `AdminDashboard`
   - `/auth/:path` → `Auth` page
   - `/account/:path` → `Account` page

This setup provides a **client dashboard** that shows session details, user status, and admin access, while routing users to authentication, account, and admin pages as needed.

## Run the application

1. **Start the development server:**

```bash
   npm run dev
   ```

2. Open `http://localhost:5173` in your browser.
3. In a separate browser or incognito window, create some test user accounts by signing up.
4. In the original browser window, log in with the account you assigned the **admin** role to in [Step 2](#create-an-admin-user).
5. You should now see the dashboard populated with user accounts.  
   ![Support dashboard](/docs/guides/admin-dashboard-demo.png)
6. Return to the admin dashboard, where you can list, ban, and impersonate users.
7. Try impersonating the user. The app will switch to their perspective, allowing you to debug issues they may encounter.  
   ![Impersonation banner](/docs/guides/admin-dashboard-impersonation.png)
8. The **Go to Admin Dashboard** link is only visible to users with the `admin` role and provides quick access to the admin interface.  
   ![Admin access](/docs/guides/admin-dashboard-admin-access.png)

</Steps>

## Use cases for impersonation and admin tools

While this demo app simply shows the impersonated user’s information and session details, in a production application impersonation and admin tools can be far more powerful and useful. They enable support teams, moderators, and operations staff to manage accounts effectively and resolve issues quickly. Common scenarios include:

- **Customer support & debugging:** Admins can impersonate a user to reproduce bugs, troubleshoot login issues, or verify account settings exactly as the user sees them. This eliminates guesswork when a user reports a problem that only occurs on their account.
- **Billing & subscriptions:** Support staff can impersonate a user to confirm subscription status, payment history, or upgrade/downgrade flows.
- **Feature access & permissions:** Admins can check whether a user has the correct role‑based permissions or feature entitlements, ensuring access policies are applied correctly.
- **Onboarding assistance:** Support teams can walk through the app as the user to confirm onboarding steps are completed properly.
- **Trust & safety:** Moderators can use the **Ban** functionality to revoke access for users posting spam or violating terms of service, preventing future logins.
- **Back‑office operations:** Operations managers can view user details, confirm email addresses, or audit user roles directly from a UI instead of running manual SQL queries.

## Source code

The complete source code for this example is available on GitHub.

<DetailIconCards>
<a href="https://github.com/dhanushreddy291/neon-auth-admin-dashboard" description="Complete source code for the Admin Dashboard example." icon="github">Admin Dashboard Example</a>
</DetailIconCards>

## Resources

- [Neon Auth Admin API Reference](/docs/auth/guides/plugins/admin)
- [Neon Auth Overview](/docs/neon-auth/overview)
- [Neon Auth UI components](/docs/auth/reference/ui-components)
- [React with Neon Auth UI (UI Components)](/docs/auth/quick-start/react-router-components)
- [Neon JavaScript SDK (Auth & Data API)](/docs/reference/javascript-sdk)