retrieving a cluster unique identifier (CUID) from a database in response to receiving an initial logon request from a server, wherein the CUID represents a configuration of the cloud data provider;

sending the initial logon request to the server based on the CUID, thereby performing a first logon to the cloud data provider using a first user identity associated with a first user;

retrieving an authorization code from the cloud data provider in response to sending the initial logon request to the server;

exchanging the authorization code for an identifier token and a refresh token issued by the cloud data provider;

validating the identifier token and the refresh token based on the CUID and a token length threshold;

storing the refresh token in the database based on the CUID in response to validating the identifier token and the refresh token;

receiving a user-impersonation logon request from a second user identity associated with a second user;

in response to receiving the user-impersonation logon request from the second user, retrieving the refresh token from the database based on the CUID;

exchanging, based on the CUID, the refresh token for an access token issued by the cloud data provider; and

sending the user-impersonation logon request for the second user and the access token received in exchange for the refresh token, to the server, thereby performing a second logon to the cloud data provider using the second user identity, wherein the second logon impersonates the first logon,

wherein at least one of the retrieving a CUID, sending the initial logon request, retrieving an authorization code, exchanging the authorization code, validating, storing, retrieving the refresh token, exchanging the refresh token, and sending the user-impersonation logon request are performed by one or more computers.