diff --git a/docs/api/openapi.osdu.yaml b/docs/api/openapi.osdu.yaml
index 319055e73f381f135c11c6eddea1961c48149509..58ba669cba0d26d9db1007f2c6cb7dd235b2770c 100644
--- a/docs/api/openapi.osdu.yaml
+++ b/docs/api/openapi.osdu.yaml
@@ -1901,10 +1901,13 @@ definitions:
     properties:
       created_by:
         type: string
-        description: The trusted app id .
+        description: The trusted app id.
       created_date:
         type: string
         description: The create date and time.
+      user:
+        type: string
+        description: The impersonated user.
       resources:
         type: array
         items:
diff --git a/docs/api/openapi.yaml b/docs/api/openapi.yaml
index c306ca2366776865a2b6258b7fcd283a4de1fbda..685a063269307c9a5cdf8ed0992c6a0a1225680b 100644
--- a/docs/api/openapi.yaml
+++ b/docs/api/openapi.yaml
@@ -1908,10 +1908,13 @@ definitions:
     properties:
       created_by:
         type: string
-        description: The trusted app id .
+        description: The trusted app id.
       created_date:
         type: string
         description: The create date and time.
+      user:
+        type: string
+        description: The impersonated user.
       resources:
         type: array
         items:
diff --git a/src/services/impersonation_token/handler.ts b/src/services/impersonation_token/handler.ts
index c233a4f170975cbb4d7b66e6cbd9b91e7bab0a16..065dbf446aa2ff084993522802708eb3dd168c5c 100644
--- a/src/services/impersonation_token/handler.ts
+++ b/src/services/impersonation_token/handler.ts
@@ -57,6 +57,8 @@ export class ImpersonationTokenHandler {
         const tenantName = requestBody.resources[0].resource.split('/')[0];
         const tenant = await TenantDAO.get(tenantName);
         const subject = Utils.getSubFromPayload(req.headers.authorization);
+        const user = Utils.getSubIDFromPayload(req.headers['user-token'] as string) ||
+            Utils.getSubFromPayload(req.headers['user-token'] as string) || undefined;
 
         // check if the caller is a trusted application (subject, email(obsolete), emailV2(obsolete))
         try {
@@ -123,6 +125,7 @@ export class ImpersonationTokenHandler {
         const data = {
             created_by: subject,
             created_date: new Date().toString(),
+            user,
             metadata: requestBody.metadata,
             resources: requestBody.resources,
             signature: this.computeSignature(impersonationToken.impersonation_token)
diff --git a/src/services/impersonation_token/model.ts b/src/services/impersonation_token/model.ts
index 409621308b496c520729fc0858d4f500904c5952..9341b0d73c6eb91ddd34c173249543509a7a720e 100644
--- a/src/services/impersonation_token/model.ts
+++ b/src/services/impersonation_token/model.ts
@@ -41,4 +41,5 @@ export interface ImpersonationTokenDataModel {
     metadata: object;
     created_by: string;
     created_date: string;
+    user: string;
 }
diff --git a/src/shared/utils.ts b/src/shared/utils.ts
index 8c1dde11990bedc6e7667061164d178ec27dabed..774e8b3f22527049883c44b842a0bb17bab01f03 100644
--- a/src/shared/utils.ts
+++ b/src/shared/utils.ts
@@ -1,5 +1,5 @@
 // ============================================================================
-// Copyright 2017-2019, Schlumberger
+// Copyright 2017-2021, Schlumberger
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -16,17 +16,15 @@
 
 import { Config } from '../cloud';
 
-
 export class Utils {
 
-    public static getPropertyFromTokenPayload(base64jwtpayload: string, property: string): string {
-        const payload = this.getPayloadFromStringToken(base64jwtpayload);
+    public static getPropertyFromTokenPayload(base64JwtPayload: string, property: string): string {
+        const payload = this.getPayloadFromStringToken(base64JwtPayload);
         return property in payload ? payload[property] : undefined;
     }
 
-
     // This method is temporary required by slb during the migration of sauth from v1 to v2
-    // The method replace slb.com domain name with delfiserviceaccount.com.t
+    // The method replace slb.com domain name with delfiserviceaccount.com
     // Temporary hardcoded can be removed on 01/22 when sauth v1 will be dismissed.
     // Others service domain won't be affected by this call
     public static checkSauthV1EmailDomainName(email: string): string {
@@ -34,20 +32,24 @@ export class Utils {
             email.replace('slbservice.com@slb.com', 'slbservice.com@delfiserviceaccount.com') : email;
     }
 
-    public static getIssFromPayload(base64jwtpayload: string): string {
-        return this.getPayloadFromStringToken(base64jwtpayload).iss;
+    public static getIssFromPayload(base64JwtPayload: string): string {
+        return this.getPayloadFromStringToken(base64JwtPayload).iss;
+    }
+
+    public static getExpTimeFromPayload(base64JwtPayload: string): number {
+        return Number(this.getPayloadFromStringToken(base64JwtPayload).exp);
     }
 
-    public static getExpTimeFromPayload(base64jwtpayload: string): number {
-        return Number(this.getPayloadFromStringToken(base64jwtpayload).exp);
+    public static getAudienceFromPayload(base64JwtPayload: string): string {
+        return this.getPayloadFromStringToken(base64JwtPayload).aud
     }
 
-    public static getAudienceFromPayload(base64jwtpayload: string): string {
-        return this.getPayloadFromStringToken(base64jwtpayload).aud
+    public static getSubIDFromPayload(base64JwtPayload: string): string {
+        return this.getPayloadFromStringToken(base64JwtPayload).subid;
     }
 
-    public static getSubFromPayload(base64jwtpayload: string): string {
-        return this.getPayloadFromStringToken(base64jwtpayload).sub;
+    public static getSubFromPayload(base64JwtPayload: string): string {
+        return this.getPayloadFromStringToken(base64JwtPayload).sub;
     }
 
     public static makeID(len: number): string {
@@ -59,22 +61,22 @@ export class Utils {
         return id;
     }
 
-    public static getPayloadFromStringToken(base64jwtpayload: string): any {
+    public static getPayloadFromStringToken(base64JwtPayload: string): any {
 
-        if (base64jwtpayload === undefined) { return undefined; }
+        if (base64JwtPayload === undefined) { return undefined; }
 
-        base64jwtpayload = base64jwtpayload.replace(' ', '');
-        base64jwtpayload = base64jwtpayload.replace('Bearer', '');
-        const base64jwtpayloadtokens = base64jwtpayload.split('.');
+        base64JwtPayload = base64JwtPayload.replace(' ', '');
+        base64JwtPayload = base64JwtPayload.replace('Bearer', '');
+        const base64JwtPayloadTokens = base64JwtPayload.split('.');
 
-        base64jwtpayload = base64jwtpayloadtokens.length === 3 ? base64jwtpayloadtokens[1] : base64jwtpayload;
+        base64JwtPayload = base64JwtPayloadTokens.length === 3 ? base64JwtPayloadTokens[1] : base64JwtPayload;
 
-        const missingPadding = base64jwtpayload.length % 4;
+        const missingPadding = base64JwtPayload.length % 4;
         if (missingPadding !== 0) {
-            base64jwtpayload += '='.repeat(4 - missingPadding);
+            base64JwtPayload += '='.repeat(4 - missingPadding);
         }
 
-        return JSON.parse(Buffer.from(base64jwtpayload, 'base64').toString());
+        return JSON.parse(Buffer.from(base64JwtPayload, 'base64').toString());
 
     }