Remove the collaborator from Adobe Analytics | OpsBlu Docs

Remove the collaborator from Adobe Analytics

How to revoke user access and offboard team members from Adobe Analytics. Covers account deletion, API key revocation, partial access removal, and.

Deactivate access promptly when a project completes or legal/compliance requests a suspension. Adobe Analytics access removal requires careful attention to product profiles, Experience Cloud integrations, and API credentials.

When to Remove Access

Engagement Completion

  • Project or contract ends and Analytics access is no longer required
  • Deliverables completed and transition to client-managed analytics finalized
  • Temporary implementation support period expires
  • Client terminates services or changes providers

Scope Reduction

  • Specific report suites removed from engagement coverage
  • Partial offboarding where access to some profiles continues but others end
  • Account consolidation where multiple service accounts merge into one

Security and Compliance Events

  • Compromised credentials requiring immediate access revocation
  • Unauthorized data access or data exfiltration detected
  • Compliance violation requiring access suspension
  • Security audit findings mandating removal

Organizational Changes

  • Collaborator leaves organization or changes roles
  • Service account decommissioning or retirement
  • Identity provider migration requiring removal and re-provisioning
  • Credential rotation requiring fresh invitation under new identity model

Pre-Removal Planning

Identify All Access Points

  1. List all Adobe Analytics product profiles where the collaborator has access
  2. Document report suites accessible through each profile
  3. Identify related Experience Cloud product access (Launch, Target, Audience Manager)
  4. Review API credentials and OAuth integrations tied to the account
  5. Check for SSO/Federated ID provisioning that may auto-restore access

Transfer Configuration Ownership

  • Calculated Metrics and Segments: Reassign ownership to client administrators
  • Scheduled Reports: Migrate or cancel reports sent from the collaborator's account
  • Data Warehouse Requests: Transfer ownership of recurring exports
  • Report Builder Workbooks: Update Excel workbook credentials
  • Adobe Launch Libraries: Publish libraries with new ownership before removing Analytics access
  • Processing Rules: Document configurations created by the account
  • Classifications: Transfer ownership of classification uploads and data sources

Document Current State

  • Capture screenshots of Admin Console showing current product profile assignments
  • Export list of report suites and tools accessible
  • Record API integrations and OAuth client IDs associated with the account
  • Note active projects, scheduled tasks, or configurations in progress

Removal Steps

Remove from Product Profiles

  1. Sign in to adminconsole.adobe.com
  2. Navigate to Users and locate the collaborator's service account
  3. Click the user to open their detail page
  4. Under Products, review all assigned Adobe Analytics product profiles
  5. For each Analytics product profile:
    • Click the X or Remove button next to the profile name
    • Confirm the removal in the dialog
  6. Repeat for all product profiles across all Adobe organizations if applicable
  7. Verify the Products section shows no remaining Adobe Analytics assignments

To avoid orphaned rights and residual access:

Adobe Launch (Tags)

  1. Navigate to Products → Adobe Experience Platform Data Collection
  2. Remove the user from all Launch property profiles
  3. Verify they can no longer access any Launch properties

Adobe Target

  1. Open Products → Adobe Target
  2. Remove from all Target product profiles
  3. Cancel any active A/B tests or personalization activities owned by the account

Adobe Audience Manager

  1. Remove from Audience Manager product profiles
  2. Transfer ownership of segments, destinations, or data sources

Adobe Journey Optimizer, Customer Journey Analytics, etc.

  • Remove from all related product profiles to ensure complete offboarding

Revoke API and Developer Access

Adobe API credentials persist independently of UI access:

  1. Navigate to developer.adobe.com/console
  2. Review Projects for OAuth Server-to-Server or JWT integrations tied to the account
  3. For each project:
    • Remove the technical account from product profile assignments
    • Rotate or delete client secrets and credentials
    • Update all automation scripts, ETL pipelines, or integrations using those credentials
  4. If the account owned projects, transfer ownership or delete obsolete integrations
  5. Document credential rotation in your security log with date and reason

Cancel Pending Invitations

If invitations were sent but never accepted:

  1. Go to Users → Pending Invitations
  2. Locate the collaborator's email in the pending list
  3. Click Cancel Invitation
  4. Document the cancellation to avoid confusion

Delete User (Optional)

After removing all product access:

  • Click Remove User on the user detail page to delete the account entirely
  • Or leave the account with no products assigned for audit trail purposes
  • Deleted users cannot be recovered - ensure all transfers are complete first
  • For Federated IDs, coordinate deletion with your identity provider

Federated ID and SSO Considerations

If the collaborator uses Federated ID:

  1. Remove the user from authorized directory groups in your identity provider (Okta, Azure AD, ADFS)
  2. Verify they cannot authenticate via SSO after group removal
  3. Manual removal in Adobe without IdP changes may allow re-authentication if directory sync is active
  4. Test SSO login to confirm access denial
  5. Document both IdP and Adobe removal steps

For organizations using User Sync Tool or UMAPI:

  • Update source files (CSV, LDAP queries) to remove the user
  • Run sync to propagate removal to Adobe
  • Manual removals may be overridden by next automated sync - coordinate with IT team

Documentation and Evidence

Capture Audit Trail

  • Screenshot Admin Console user detail showing removal of all products
  • Export Admin Console Audit Log showing removal events with timestamps
  • Archive Developer Console showing revocation of API credentials
  • Record removal timestamp and performing administrator's name

Update Access Records

Log removal in your IAM tracker with:

  • Removal request ticket ID or reference number
  • Approver name and approval date
  • Actual removal date and time
  • Product profiles removed
  • Report suites that were accessible
  • API credentials rotated or deleted
  • Experience Cloud products where access was revoked
  • Transition or handoff notes

Communicate Removal

  • Notify the collaborator's engagement lead that Adobe Analytics access has been fully revoked
  • Send formal confirmation email documenting removal
  • Update contracts or SOW documentation to reflect offboarding
  • Inform client stakeholders if the collaborator had direct interaction with them

Post-Removal Clean-Up

Configuration Ownership

  • Calculated Metrics: Client administrators should now own all custom metrics
  • Segments: Transfer or document segments created by the collaborator
  • Virtual Report Suites: Update VRS curators to remove the account
  • Dashboards and Projects: Reassign Analysis Workspace projects or delete if no longer needed
  • Scheduled Reports: Cancel or reassign email subscriptions
  • Alerts: Update or delete intelligent alerts configured by the account

Integration Management

  • Adobe Launch: Publish libraries with new user ownership; remove from publish workflows
  • Data Warehouse: Cancel or reassign recurring Data Warehouse requests
  • Report Builder: Update Excel workbooks with new credentials
  • Data Feeds: Transfer ownership of S3/FTP data feed configurations
  • Data Sources: Update SFTP credentials and ownership for classification uploads

Downstream Systems

  • Remove from BI tools, Tableau, Power BI, or Looker accessing Analytics data
  • Revoke access to BigQuery, Snowflake, or data warehouse integrations consuming Analytics exports
  • Update ETL pipelines or reverse ETL tools using Analytics API
  • Remove from internal wikis, Confluence pages, or documentation describing Analytics implementations

Credential Rotation

  • Rotate any shared secrets, FTP credentials, or integration passwords the collaborator accessed
  • Update S3 bucket policies if data feeds were delivered to collaborator-managed storage
  • Regenerate API keys for integrations the collaborator may have accessed
  • Review exported reports or data files shared with the collaborator and reclassify if necessary

Compliance and Audit

Regulatory Requirements

  • If GDPR, CCPA, HIPAA, SOC 2, or other regulations apply, document removal as part of data access audit
  • Retain evidence for compliance framework duration (typically 3-7 years)
  • Update data processing agreements (DPAs) to reflect removal from data access
  • Include removal in quarterly access reviews and recertification reports

Client Notifications

  • Notify client that the collaborator no longer has access to their Adobe Analytics data
  • Provide removal confirmation in writing if requested by client or required by contract
  • Update data access disclosures or privacy notices if collaborator was explicitly mentioned

Internal Audit Trail

  • Archive removal evidence in IAM system or document repository
  • Track offboarding completion in project management or ticketing system
  • Schedule follow-up reviews to verify no residual access remains

Emergency Removal Procedures

For immediate access revocation due to security incidents:

  1. Act Immediately: Remove from all product profiles without waiting for approvals
  2. Revoke API Access: Delete OAuth credentials and rotate client secrets
  3. Disable SSO: Remove from IdP groups to prevent authentication
  4. Document Incident: Record reason, timestamp, actions taken, and incident reference
  5. Notify Security Team: Alert information security team for investigation
  6. Monitor Activity: Review Audit Log for recent logins, report runs, or data exports
  7. Follow Up: Complete standard offboarding documentation after emergency response
  8. Client Notification: Inform clients if data breach or unauthorized access occurred

Troubleshooting Removal Issues

Can't find collaborator in Admin Console

  • Verify you're viewing the correct Adobe organization (check organization switcher)
  • Check Pending Invitations if they never accepted
  • Confirm email address or account identifier is correct
  • Review Audit Log to see if already removed

Remove button unavailable or grayed out

  • Ensure you have System Administrator privileges
  • Product Administrators can only remove users from their specific profiles
  • You cannot remove yourself - ask another administrator
  • Contact Adobe Support if technical issues prevent removal

API access continues after removal

  • API credentials are independent of product profile membership
  • Delete credentials explicitly in Adobe Developer Console
  • Verify deletion by testing with old credentials (should fail with 401/403 errors)
  • Review API logs to confirm access ceased

Collaborator reports still seeing data

  • Confirm they logged out and cleared browser cache
  • They may have access through different email or personal Adobe ID
  • Check if they still have access to different Adobe organization
  • Verify SSO authentication is blocked if Federated ID

Automated provisioning restores access

  • User Sync Tool or UMAPI may re-provision based on directory groups
  • Update source of truth (LDAP, CSV files, IdP groups) to prevent restoration
  • Coordinate with IT team on authoritative identity source
  • Document manual exceptions for audit purposes

Launch libraries or data feeds break

  • Transfer ownership before removal to prevent disruption
  • Publish new Launch library versions with updated user assignments
  • Reassign data feed configurations and test delivery
  • Restore access temporarily if critical configurations affected, then migrate properly

Security Best Practices

  • Remove access immediately upon engagement completion - don't leave expired accounts active
  • Perform offboarding during business hours when support available for issues
  • Use checklist to ensure all product profiles, APIs, and integrations addressed
  • Archive removal evidence systematically for audit and compliance
  • Schedule quarterly reviews to identify and remove overlooked accounts
  • Implement automated alerts for dormant accounts requiring review
  • Rotate all shared credentials after removing user access

After removal, consider:

  • Updating internal documentation to remove references to collaborator access
  • Reviewing other Adobe Experience Cloud products for residual access
  • Conducting access recertification for remaining active accounts
  • Updating onboarding/offboarding runbooks if gaps identified
  • Scheduling post-removal validation after 30 days to confirm no access restoration
Nach oben