Mediamath User Management | OpsBlu Docs

Mediamath User Management

Centralized access management workflows for Mediamath, covering invitations, removals, and role maintenance for cross-team engagements.

User Management Overview

MediaMath access lives at the Seat level. Roles commonly used are Admin (full control, billing, user management), Standard/Trader (campaign management), Reporting (read-only), and Billing (invoice and payment details). Assign users to the smallest set of Advertisers within a seat to avoid overexposure.

MediaMath's permission model is built around seats that house multiple advertisers. Each seat operates independently with its own billing arrangements, user roster, and API credentials. Understanding this hierarchy is critical when managing access, as users granted seat-level visibility can see every advertiser, campaign, and invoice within that seat - even if they don't actively manage them.

Access model & roles

MediaMath structures access around seats and advertisers. When you invite someone to a seat, you must decide whether they need visibility to all advertisers or just a subset. Most organizations limit users to specific advertisers to reduce the risk of accidental campaign changes or data exposure.

Core roles in MediaMath:

  • Admin: Full control over the seat including user invitations, API token generation, billing settings, pixel management, and advertiser creation. Admins can also modify global data taxonomies (e.g., segments, DMP connections). This role should be restricted to senior managers, finance leads, or IT/data ops personnel who require seat-wide visibility.

  • Standard/Trader: Can create, edit, pause, and activate campaigns within assigned advertisers. Traders manage audiences, bidding strategies, creative associations, and day-to-day optimizations. They cannot invite users, edit billing, or generate API tokens. This is the most common role for media buyers and campaign managers.

  • Reporting: Read-only access to campaigns, reports, and dashboards. Reporting users can export data and build custom reports but cannot change campaign settings, budgets, or targeting. Ideal for analysts, client stakeholders, or finance teams who need visibility without editing rights.

  • Billing: Limited to invoice and payment details. Billing users can download invoices, review payment history, and update billing contacts, but they cannot view or edit campaigns. Some organizations assign this role to accounts payable teams who don't need media access.

  • API-only profiles: Some seats create dedicated service accounts tied to an Admin for programmatic integrations. These profiles should have strong passwords, rotation schedules, and audit logging enabled.

Data controls:

  • Segments and pixels can be scoped to specific advertisers. When onboarding agencies, explicitly assign which advertisers they can associate with pixel fires and audience uploads.
  • DMP integrations (e.g., Salesforce DMP, Lotame) are typically managed at the seat level by Admins. Traders inherit segment visibility based on advertiser assignment.
  • Always document which third-party data providers are authorized per advertiser to avoid unexpected data costs.

Common use cases

Agency onboarding: When bringing on an external agency, assign them Standard/Trader access limited to the advertisers they will manage. Never grant seat-wide access unless they are managing your entire account. If they need reporting for client presentations, consider adding a separate Reporting user for their stakeholders instead of elevating trader permissions.

Client access: Clients typically need Reporting access to monitor campaign performance. Avoid giving clients Admin or Trader roles to prevent accidental changes. If a client insists on editing access, create a dedicated test advertiser for training and limit their production access.

Internal team members: Campaign managers should receive Standard/Trader with advertiser-specific access. Finance teams should get Billing only. Data scientists or BI teams who need raw reporting data should receive Reporting or leverage the API with a service account.

Contractor or temporary access: For short-term contractors, use Standard/Trader with a defined expiration date. Document the removal date in your ticketing system and set a calendar reminder. MediaMath does not automatically expire users, so manual review is required.

Adding users

When adding a new user to MediaMath, you'll need Admin rights and the user's work email. MediaMath sends an email invitation that expires after 7 days, so coordinate timing with the new user.

Step-by-step process:

  1. Sign in to MediaMath as an Admin and navigate to Admin → User Management from the top navigation bar.
  2. Click Add User and enter the user's email address. Use their work email for audit trail purposes.
  3. Select the appropriate role: Admin, Standard/Trader, Reporting, or Billing. If uncertain, default to Standard/Trader and adjust later.
  4. Choose which Advertiser(s) the user should access. You can select individual advertisers from the dropdown or check "All advertisers" (not recommended unless they truly need seat-wide visibility).
  5. If the user needs billing access, toggle the Billing option. This is independent of the primary role, so a Trader can also have billing visibility if required.
  6. Review your selections, then click Send Invite. The user will receive an email with a link to accept and set their password.
  7. Verify the user appears in the User Management table with a status of "Pending."

After sending the invite, notify the user to check their inbox and spam folder. If they don't accept within 7 days, you'll need to resend the invitation.

Updating roles

Role adjustments in MediaMath are instant and do not require the user to log out and back in. Changes take effect on the next page load or action. This is useful when you need to temporarily elevate or restrict someone's permissions.

When to update roles:

  • A trader is being promoted to Admin because they now manage billing or need to onboard other users.
  • An Admin is stepping down and should be downgraded to Standard/Trader to reduce risk.
  • A campaign manager is transitioning to analytics and only needs Reporting access going forward.
  • An agency's contract scope changed, and they now manage additional advertisers or fewer advertisers.

Update process:

  1. Go to Admin → User Management and locate the user in the table.
  2. Click the user's name or the Edit icon to open their profile.
  3. Modify the role dropdown and/or adjust the Advertiser assignments.
  4. If you're downgrading an Admin, review any API tokens they created. Tokens remain active even after role changes, so revoke tokens if they're no longer needed.
  5. Update segment/pixel access if the user is moving between advertisers. This prevents them from seeing another advertiser's audience data.
  6. Save your changes and verify the updated role appears in the user table.

Best practice: When downgrading someone from Admin to Trader, immediately audit their API tokens and revoke any that were used for integrations they no longer own. Orphaned tokens can be a security risk.

Removing & offboarding

Removing a user from MediaMath is irreversible. Once deleted, you cannot restore their login or activity history, so always transfer ownership of critical assets before removal.

Offboarding checklist:

  1. Identify any pixels, algorithms, custom audiences, or saved reports the user created. Transfer ownership to an active Admin or assign a new owner from the asset settings.
  2. Go to Admin → User Management, find the user, and click Remove or Delete.
  3. If the user has API tokens, revoke them from Admin → API Management before or immediately after deletion.
  4. Capture a screenshot of the user's final permissions (role, advertisers, billing status) for your access log and compliance records.
  5. Update your internal roster, SSO directory, or identity management system to reflect the removal.
  6. If the user was an Admin, ensure at least one other Admin remains active on the seat to prevent lockout scenarios.

After removal:

  • Run a quick audit of the seat's User Management page to confirm no orphaned accounts or unexpected "Pending" invitations.
  • Document the removal in your ticketing system with the date, approver, and reason (e.g., "Left company," "Agency contract ended").
  • Schedule a reminder for your next quarterly access review to ensure the seat roster stays current.

Available Guides

Change Control Checklist

  • Confirm the Seat and Advertiser list before inviting or updating a user.
  • Separate Billing access from trading roles unless the same person owns finance.
  • Capture evidence from Admin → User Management after each change.
  • Sync changes with your SSO roster or access tracker.
Nach oben