Never used it. Good luck with that, but from what I've seen, usually when you get someone to do some pentesting on your org, they get as much info as they can from you, then make sure they have some paperwork to prove they're doing the pentest. That way, if they get caught, they can explain themselves. Make sure you have one of those agreements or something written from your boss before you start. This way, there's no confusion and you don't get fired by mistake.
Secondly, whenever they do pentests, I've seen that the easiest way is to send a phishing email to everyone in the company and hopefully get some bites so you can get some account information, then use that user's acct to break in. In your case, you may not need to go as far as using their account. Getting their account info via the phishing email should suffice that you have some weakness. Good luck!