The Trade Desk Add User Access | OpsBlu Docs

The Trade Desk Add User Access

Steps to invite users to The Trade Desk seat with appropriate roles and advertiser scopes.

Add User Access

Follow this process to grant access to The Trade Desk platform. The Trade Desk uses a seat-based access model with advertiser-level scoping, supporting different roles and permissions for programmatic advertising operations. Determine the appropriate role and advertiser scope before proceeding.

When to Add Users

Add users to The Trade Desk when:

  • New trader or campaign manager needs to build or optimize programmatic campaigns
  • External agency contracted to manage campaigns for specific advertisers
  • Client requests read-only access to monitor campaign performance and reporting
  • Finance or billing teams need invoice visibility and payment management
  • Data analyst requires reporting access for performance dashboards
  • Temporary contractor needs access for product launch or seasonal campaign
  • API developer requires access for automated campaign management or bulk operations
  • Pixel administrator needs to manage conversion tracking and audience creation

Prerequisites

Before inviting a user, gather:

  • Seat Administrator permissions on The Trade Desk seat
  • User's business email address (they will create or use existing Trade Desk login)
  • Which role they need: Admin, Trader/Full Access, Analyst/View Only, or Finance/Billing
  • Which advertisers they should access within the seat
  • Partner scope if managing multiple partners within the seat
  • Approval from seat owner or finance team for billing-related access
  • API requirements if user needs programmatic API access

Role selection guidance:

Seat Admin (Administrator):

  • For users managing user permissions, billing, API tokens, and seat configuration
  • Has full access to all seat settings and advertisers
  • Can create and manage other users
  • Required for pixel ownership, API credential generation, and data integrations
  • Most privileged role - limit to essential personnel only
  • Keep at least 2 Admins to prevent seat lockouts

Trader/Full Access:

  • For campaign managers creating and optimizing campaigns and ad groups
  • Can manage campaigns, creatives, audiences, and targeting settings
  • Can view reporting and performance data
  • Most common role for traders and campaign specialists
  • Cannot access billing, user management, or API credentials

Analyst/View Only:

  • For analysts, clients, or stakeholders needing reporting access
  • Can view campaigns, performance data, and generate reports
  • Cannot edit campaigns or access sensitive settings
  • Cannot create new campaigns or modify targeting
  • Ideal for oversight and monitoring purposes

Finance/Billing:

  • For accounts payable teams needing invoice and payment access
  • Can view and manage billing information and invoices
  • Limited or no campaign visibility depending on configuration
  • Some seats may not have this role enabled
  • Best for finance teams without campaign management responsibilities

Invite Workflow

Step 1: Access user management

  1. Sign in to The Trade Desk platform
  2. Navigate to the correct Seat
  3. Go to Admin menu → Users or User Management
  4. Verify you have Seat Admin access before proceeding

Step 2: Initiate invitation

  1. Click Add User or Invite User button
  2. User invitation form will appear

Step 3: Enter user information

  1. Email address: Enter user's business email
    • User will receive invitation at this address
    • They may already have Trade Desk account or will create one
  2. First and Last Name: Enter user's full name
  3. Role: Select from available roles:
    • Seat Admin (requires justification and approval)
    • Trader/Full Access (most common for campaign managers)
    • Analyst/View Only (for reporting access)
    • Finance/Billing (if available and approved)

Step 4: Configure advertiser access

  1. Advertiser scope: Choose advertiser access level
    • Specific advertisers: Select individual advertisers from list (recommended)
    • All advertisers: Grants access to all current and future advertisers (requires approval)
    • Partner-based access: Select specific partners if seat uses partner organization
  2. Select advertisers:
    • Click Select Advertisers or similar option
    • Check boxes for each advertiser the user should access
    • Avoid "All advertisers" unless explicitly approved by seat owner
    • Document which advertisers were granted in access log

Step 5: Configure additional permissions (if applicable)

  1. Billing visibility: Enable if user needs invoice or payment access (requires finance approval)
  2. Partner permissions: Set partner-level access if applicable
  3. Data permissions: Configure audience or pixel access if needed
  4. Reporting access: Verify reporting permissions match role

Step 6: API and integration access

Do not provision API tokens during initial setup:

  • API tokens (User Access Tokens) should only be generated after user accepts invitation
  • Only Seat Admins can generate and manage API tokens
  • Document if user will need API access for future provisioning
  • API tokens are tied to individual users and should be rotated when users leave

Step 7: Send invitation

  1. Review all selections for accuracy
  2. Click Send Invitation, Invite User, or Save
  3. User appears in the user list with Pending or Invited status
  4. The Trade Desk sends email invitation to the specified address
  5. Invitation typically expires in 7-14 days if not accepted

Step 8: Verify invitation sent

  1. Confirm user appears in pending invitations or user list
  2. Note the invitation date for follow-up tracking
  3. Verify the role and advertiser scope are displayed correctly

Post-Invite Follow-Up

User communication

  • Notify user invitation sent to their email address
  • Provide acceptance deadline (recommend 72 hours, but note actual expiration)
  • If user doesn't have Trade Desk account, explain they'll create account during acceptance
  • Share onboarding materials:
    • Campaign naming conventions
    • Advertiser-specific guidelines and brand safety rules
    • Creative specifications and approval processes
    • Deal ID access and private marketplace (PMP) guidelines
    • The Trade Desk training resources or internal SOPs

Documentation

  • Capture invitation details in access log or ticketing system:
    • User email and name
    • Role assigned (Admin, Trader, Analyst, Finance)
    • Advertisers granted (list specific advertisers)
    • Partner scope (if applicable)
    • Date invited
    • Approver name
    • Business justification
    • API access requirements (for future provisioning)
  • Screenshot pending invitation for compliance audit trail

Validation

  • Once user accepts invitation, verify they can:
    • All users: Access The Trade Desk platform and see the correct seat
    • Advertiser access: See only assigned advertisers in the advertiser selector
    • Trader/Full Access: Create campaigns, ad groups, and manage targeting
    • Analyst/View Only: View reports and campaigns but cannot edit
    • Seat Admin: Access User Management, billing (if enabled), and API settings
    • Finance/Billing: Access invoices and payment methods
  • Have user log in within 72 hours to confirm access is working
  • Ask user to create test campaign or report to verify functional access

API token provisioning (if needed)

If user requires API access:

  1. Wait until user accepts invitation and logs in successfully
  2. Navigate to Admin → API or API Tokens
  3. Generate User Access Token for the user
  4. Provide token securely (never via email - use secure password manager or vault)
  5. Document token generation date and purpose
  6. Set expiration reminder for token rotation (recommend 90 days)

Tracking and review

  • Set quarterly access review reminder
  • If contractor or temporary user, document planned removal date
  • Update internal roster, SSO directory, or access matrix
  • Add to any compliance or security review schedules

Troubleshooting

User can't find invitation email:

  • Check spam/junk/promotions folders in email client
  • Resend invitation from User Management interface
  • Verify correct email address was entered
  • Confirm email address is not already associated with different Trade Desk account

User accepted but can't see expected advertisers:

  • Verify advertiser permissions were set correctly during invitation
  • Confirm advertisers are still active and not archived
  • Have user refresh browser or clear cache
  • Check if advertisers were moved to different seat or partner

User accepted but has "no access" errors:

  • Verify role was assigned correctly (not blank)
  • Confirm seat access is still active
  • Have user log out completely and log back in
  • Verify user accepted correct invitation (check for duplicate accounts)

Wrong role assigned:

  • Edit user from User Management immediately
  • Update role to correct level
  • Role changes take effect on next login or after browser refresh
  • Document the correction in access log

User needs access to advertisers in different seats:

  • User must be added separately to each seat
  • Cannot share access across multiple seats with single invitation
  • User will use same Trade Desk account for multiple seat access

Billing visibility issues:

  • Billing permissions must be explicitly enabled during invitation
  • Finance/Billing role provides billing access
  • Seat Admin role includes billing access by default
  • Verify seat has billing configured and accessible

API token not working:

  • Verify token was generated after user accepted invitation
  • Confirm token has not expired
  • Check token permissions match user's role and advertiser scope
  • Regenerate token if compromised or corrupted

Invitation expired before user accepted:

  • Resend invitation from User Management
  • User will receive new invitation email
  • Old invitation link will no longer work
  • Verify email address is still correct

Common Use Cases

Onboarding agency for programmatic campaigns:

  • Role: Trader/Full Access
  • Access: Specific advertisers covered by contract
  • Follow-up: Provide campaign naming conventions, deal IDs, creative specs, brand safety guidelines

Adding client stakeholder for reporting:

  • Role: Analyst/View Only
  • Access: Specific advertiser for their brand only
  • Follow-up: Show reporting interface, create custom dashboards, emphasize read-only limitations

Onboarding seat administrator:

  • Role: Seat Admin
  • Access: All advertisers or specific advertisers based on responsibilities
  • Follow-up: Document pixel ownership, API credential generation process, user management procedures

Adding finance team member:

  • Role: Finance/Billing (or Seat Admin with billing only)
  • Access: All advertisers for invoice consolidation
  • Follow-up: Confirm invoice download access, payment method visibility, set up billing alerts

Temporary contractor for seasonal campaign:

  • Role: Trader/Full Access
  • Access: Specific advertisers for seasonal campaigns only
  • Follow-up: Document contract end date, set removal reminder, limit to seasonal advertiser scope

API developer for automation:

  • Role: Seat Admin (required for API token generation)
  • Access: All advertisers or specific advertisers based on automation scope
  • Follow-up: Generate API token after acceptance, provide API documentation, set up service account best practices

Multi-advertiser campaign manager:

  • Role: Trader/Full Access
  • Access: Specific advertisers they manage (avoid All advertisers)
  • Follow-up: Provide advertiser list, campaign portfolio overview, optimization guidelines

Data analyst for cross-advertiser reporting:

  • Role: Analyst/View Only
  • Access: All advertisers or specific advertisers for reporting scope
  • Follow-up: Set up reporting templates, provide data export guidelines, schedule report delivery

Best Practices

  • Verify email address before inviting to avoid delays
  • Start with minimal permissions and expand if needed (principle of least privilege)
  • Document every invitation with approver, business justification, and review date
  • Set review reminders for all users, especially temporary contractors
  • Use specific advertiser access instead of "All advertisers" whenever possible for better security
  • Separate billing from campaign roles to maintain financial controls
  • Screenshot pending invitations for compliance and audit trails
  • Verify acceptance within 72 hours and follow up if not accepted
  • Test user access immediately after acceptance to catch issues early
  • Provision API tokens only after user acceptance and document token generation
  • Maintain access matrix showing all users, roles, and advertiser assignments
  • Keep at least 2 Seat Admins to prevent seat lockouts and ensure business continuity
  • Review pixel and audience ownership when adding or removing Seat Admin users
  • Rotate API tokens regularly (recommend 90-day rotation)
  • Schedule quarterly access reviews to remove inactive or unnecessary users
  • Use clear business justifications in access requests for audit compliance
  • Limit Seat Admin role to essential personnel managing users, billing, and API access
  • Document API access requirements during invitation for tracking purposes
Back to top