Taboola Remove User Access | OpsBlu Docs

Taboola Remove User Access

How to revoke user access and offboard team members from Taboola. Covers account deletion, API key revocation, partial access removal, and security.

Remove User Access

Follow this process when a user no longer needs Taboola access. Properly offboarding users protects your account from unauthorized activity, maintains compliance, and ensures campaign continuity.

Removing a user from Taboola is permanent. Once deleted, you cannot restore their login credentials or access history. Always transfer ownership of critical assets and document the removal before proceeding.

When to Remove Users

Remove Taboola access when:

  • An employee leaves the organization (resignation, termination, or retirement).
  • An agency contract ends or the agency no longer manages specific sites/advertisers.
  • A user changes roles and no longer requires Taboola access.
  • Security or compliance teams request removal due to policy violations or audit findings.
  • A temporary contractor's project concludes and their access is no longer needed.
  • The user has been inactive for 90+ days and your organization enforces periodic access reviews.
  • Finance or legal requests removal to reduce liability.
  • Their campaigns moved to another site owner and they no longer manage any sites.

Deactivation Triggers

Common triggers that should prompt immediate user removal:

  • Employee termination: Revoke access on the same day to prevent unauthorized activity.
  • Agency contract termination: Remove agency users within 24 hours of contract end.
  • Role change: If a campaign manager transitions to a non-advertising role, remove their Account Manager access but consider offering read-only reporting access if needed.
  • Security incident: If credentials are compromised, immediately remove access.
  • Quarterly access review: Remove users who haven't logged in for 90+ days.
  • Site scope reduction to zero: If a user managed multiple sites but their responsibilities narrow to zero sites, remove the user entirely.

Pre-Removal Assessment

Before removing a user, complete this assessment to avoid disrupting campaigns:

Identify owned assets

Check whether the user owns or created:

  • Campaigns: Active or paused campaigns they built
  • Tracking codes: Taboola pixel configurations they deployed
  • Custom audiences: Audience segments they created
  • Content items: Headlines or creative they authored that are still in use
  • Saved reports: Dashboard templates other team members rely on
  • Budget controls: Spend limits or pacing rules they configured

Transfer ownership

For each asset identified:

  1. Go to the asset settings and change the Owner field to an active Admin or another user.
  2. Document the transfer in your ticketing system.

Critical: Do not skip asset transfer. If you delete a user who owns active tracking codes, those codes may stop firing correctly, causing data loss.

Confirm approval

Obtain written approval from the user's manager or the account owner, Finance or HR if due to termination, or Security if part of an audit. Save the approval for your access log.

Removal Steps

Once you've completed the pre-removal assessment:

Step 1: Access user management

  1. Sign in to Taboola as an Admin.
  2. Navigate to Admin → User Management.
  3. Locate the user in the table.

Step 2: Review current access

  1. Click on the user's name or Edit icon.
  2. Review their current role, assigned sites/advertisers, and billing permissions.
  3. Screenshot this page for your access log before making changes.

Step 3: Remove site scopes (optional partial removal)

If the user should lose access to some sites but remain active on others:

  1. In the Sites/Advertisers section, uncheck the sites they should no longer access.
  2. Save the changes.

This is useful when an agency's contract narrows but doesn't fully terminate.

Step 4: Disable billing access (optional)

If the user only needs to lose billing visibility but should retain campaign access:

  1. Disable the Billing option.
  2. Save the change.

Step 5: Full user deletion

If the user should be completely removed:

  1. From the user's profile or User Management table, click Remove or Delete User.
  2. Confirm the deletion.
  3. The user will immediately lose access.

Step 6: Verify removal

  1. Refresh the User Management page and confirm the user no longer appears.

Post-Removal Tasks

After removing the user:

Update documentation

  • Access log: Record user email, date removed, reason, approver name, assets transferred
  • SSO/IAM system: Remove the user from any Taboola groups
  • Internal roster: Update your team roster

Notify stakeholders

  • Inform the user (if appropriate) that their access has been revoked
  • Alert new asset owners that they now own campaigns or tracking codes
  • Update documentation that referenced the removed user

Audit remaining users

  • Scan the user table for other accounts that may need removal
  • Flag users with Admin access who no longer require it

Schedule next review

  • Add the removal to your quarterly access review log
  • Set a reminder to review all users in 90 days

Troubleshooting

Cannot delete user because they own active campaigns:

  • Transfer ownership of all active campaigns first, then retry deletion
  • If blocked, contact Taboola support

User was deleted but can still log in:

  • Check if they have access to multiple Taboola accounts
  • Verify the correct email was used
  • Contact Taboola support if the issue persists

Need to restore a deleted user:

  • Deletion is permanent; you cannot restore
  • Send a new invitation if needed

Best Practices

  • Remove access on the same day as termination or contract end
  • Always transfer asset ownership before deleting
  • Screenshot before and after every removal
  • Run quarterly access reviews to catch stale accounts
  • Document every removal with date, reason, and approver
  • Verify no orphaned assets after deletion

Common Use Cases

Employee termination:

  1. Confirm termination date with HR
  2. Transfer owned campaigns and tracking codes to manager
  3. Delete the user on their last day
  4. Document removal and update rosters

Agency contract ends:

  1. Confirm end date with procurement
  2. Transfer owned campaigns back to internal team
  3. Remove agency users within 24 hours
  4. Update vendor contact list

Role change to non-digital role:

  1. Confirm the role change
  2. Assess if read-only access is needed
  3. Delete user if no access needed, or change to Read Only
  4. Document the change

Quarterly access review cleanup:

  1. Export user list
  2. Cross-reference against HR roster
  3. Identify users who left or haven't logged in for 90+ days
  4. Remove each user and document

Security incident:

  1. Immediately delete the user if security risk is critical
  2. Document the incident
  3. Transfer asset ownership after removal
  4. Report to security team
Back to top