Mediamath Remove User Access | OpsBlu Docs

Mediamath Remove User Access

How to revoke user access and offboard team members from MediaMath. Covers account deletion, API key revocation, partial access removal, and security.

Remove User Access

Follow this process when a user no longer needs MediaMath access. Properly offboarding users protects your account from unauthorized access, reduces licensing costs, and maintains compliance with access control policies.

Removing a user from MediaMath is permanent. Once deleted, you cannot restore their login credentials or access history. Always transfer ownership of critical assets and document the removal before proceeding.

When to Remove Users

Remove MediaMath access when:

  • An employee leaves the organization (resignation, termination, or retirement).
  • An agency contract ends or the agency no longer manages specific advertisers.
  • A user changes roles and no longer requires MediaMath access (e.g., moving from media buying to a non-digital role).
  • Security or compliance teams request removal due to policy violations or audit findings.
  • A temporary contractor's project concludes and their access is no longer needed.
  • The user has been inactive for 90+ days and your organization enforces periodic access reviews.
  • Finance or legal requests removal to reduce liability or enforce least-privilege principles.

Deactivation Triggers

Common triggers that should prompt immediate user removal:

  • Employee termination: Revoke access on the same day to prevent unauthorized activity.
  • Agency contract termination: Remove agency users within 24 hours of contract end to prevent continued campaign management.
  • Role change: If a media buyer transitions to a non-advertising role, remove their trader access but consider offering read-only reporting access if they still need visibility.
  • Security incident: If a user's credentials are compromised, immediately remove access and force a password reset if re-provisioning is planned.
  • Quarterly access review: During periodic audits, remove users who haven't logged in for 90+ days or whose access is no longer justified.

Pre-Removal Assessment

Before removing a user, complete this assessment to avoid disrupting campaigns or losing critical assets:

Identify owned assets

Check whether the user owns or created any of the following:

  • Campaigns: Active or paused campaigns they built. Note the advertiser and campaign IDs.
  • Pixels: Conversion pixels they deployed. Verify who should own these going forward.
  • Audiences: Custom segments, lookalike audiences, or DMP connections they configured.
  • Algorithms: Custom bidding algorithms or optimization scripts tied to their account.
  • Saved reports: Dashboard templates or scheduled exports other team members rely on.
  • API tokens: Service account tokens they generated for integrations or bulk uploads.

Transfer ownership

For each asset identified above:

  1. Go to the asset settings (e.g., campaign details, pixel management, audience library).
  2. Change the Owner field to an active Admin or another appropriate user.
  3. Document the transfer in your ticketing system so the new owner is aware of their responsibilities.

Critical: Do not skip asset transfer. If you delete a user who owns active pixels, those pixels may stop firing or reporting, causing data loss.

Confirm approval

Obtain written approval for the removal from:

  • The user's manager or the seat owner.
  • Finance or HR if the removal is due to termination or contract end.
  • Security or compliance if the removal is part of an audit or investigation.

Save the approval email or ticket reference for your access log.

Removal Steps

Once you've completed the pre-removal assessment, follow these steps to remove the user:

Step 1: Access user management

  1. Sign in to MediaMath as an Admin.
  2. Navigate to Admin → User Management from the top menu.
  3. Locate the user in the table. You can use the search box to find them by email or name.

Step 2: Review current access

  1. Click on the user's name to open their profile or click the Edit icon.
  2. Review their current role, assigned advertisers, and billing permissions.
  3. Screenshot this page for your access log before making any changes. This serves as a compliance record of what access they had.

Step 3: Remove advertiser scopes (optional partial removal)

If the user should lose access to some advertisers but remain active on others:

  1. In the Advertisers section, uncheck the advertisers they should no longer access.
  2. Leave the advertisers they still need checked.
  3. Save the changes and notify the user of the updated scope.

This is useful when an agency's contract narrows but doesn't fully terminate.

Step 4: Disable billing access (optional)

If the user only needs to lose billing visibility but should retain campaign access:

  1. Toggle the Billing option to "Off."
  2. Save the change.
  3. The user will still be able to manage campaigns but won't see invoices or payment details.

Step 5: Full user deletion

If the user should be completely removed from the seat:

  1. From the user's profile or the User Management table, click Remove User.
  2. MediaMath may prompt you to confirm the deletion. Read the warning carefully - this action is irreversible.
  3. Confirm the deletion.
  4. The user will immediately lose access and will be removed from the User Management table.

Step 6: Revoke API tokens

If the user had Admin access and generated API tokens:

  1. Navigate to Admin → API Management (or similar, depending on your MediaMath version).
  2. Look for any tokens created by or associated with the removed user.
  3. Revoke each token by clicking Revoke or Delete.
  4. Document which tokens were revoked and notify any teams relying on those integrations to update their API credentials.

Important: API tokens remain active even after a user is deleted. Always revoke tokens manually to prevent orphaned credentials.

Post-Removal Tasks

After removing the user, complete these follow-up tasks:

Verify removal

  1. Refresh the User Management page and confirm the user no longer appears (or appears with updated, restricted access if you only removed advertisers).
  2. If the user was fully deleted, search for their email to ensure no duplicate accounts exist.

Update documentation

  • Access log: Record the removal with the following details:
    • User email and name
    • Date removed
    • Reason for removal (e.g., "Employee termination," "Agency contract ended")
    • Approver name
    • Assets transferred and new owners
  • SSO/IAM system: Remove the user from any MediaMath groups in your Single Sign-On or identity management platform.
  • Internal roster: Update your team roster, org chart, or vendor contact list to reflect the removal.

Notify stakeholders

  • Inform the user (if appropriate) that their access has been revoked. If they were terminated, this notification may come from HR instead of you.
  • Alert the new asset owners that they now own campaigns, pixels, or audiences previously managed by the removed user.
  • Update any shared documentation (e.g., runbooks, escalation lists) that referenced the removed user as a point of contact.

Audit remaining users

  • While in User Management, scan the rest of the user table for other accounts that may need removal (e.g., contractors who finished projects months ago, agency users whose contracts ended).
  • Flag any users with Admin access who no longer require it and schedule a follow-up to downgrade them.

Schedule next review

  • Add the removal to your quarterly access review log so you can report on access changes during the next audit.
  • Set a calendar reminder to review all MediaMath users in 90 days to catch any other stale accounts.

Troubleshooting

Cannot delete user because they own active campaigns:

  • MediaMath may block deletion if the user owns assets that are currently running.
  • Transfer ownership of all active campaigns to another user, then retry the deletion.
  • If the platform still blocks deletion, contact MediaMath support with the user email and asset list.

User was deleted but can still log in:

  • Check if the user has accounts on multiple seats. You may have deleted them from one seat but they still have access to another.
  • Verify the correct email address was used. Typos can result in deleting the wrong user.
  • If the issue persists, contact MediaMath support to verify the deletion was processed.

API tokens are still working after user deletion:

  • Tokens are independent of user accounts and must be manually revoked.
  • Go to Admin → API Management, find the token(s), and revoke them.
  • Update any integrations relying on those tokens with new credentials.

Need to restore a deleted user:

  • Deletion is permanent. You cannot restore a deleted user.
  • If the user needs access again, send a new invitation through Add User and reconfigure their role and advertiser scopes.

Best Practices

  • Remove access on the same day as termination or contract end. Delays create security risks.
  • Always transfer asset ownership before deleting a user. Don't rely on post-deletion recovery.
  • Screenshot before and after every removal for compliance and dispute resolution.
  • Revoke API tokens immediately to prevent orphaned credentials from being exploited.
  • Run quarterly access reviews to catch stale accounts before they become security liabilities.
  • Document every removal with date, reason, and approver for audit trails.
  • Separate billing from campaign roles so finance users can be removed without affecting media buyers.

Common Use Cases

Employee termination:

  1. Confirm termination date with HR.
  2. Transfer all owned campaigns and pixels to the user's manager.
  3. Delete the user from MediaMath on their last day.
  4. Revoke any API tokens.
  5. Document removal and notify the team.

Agency contract ends:

  1. Confirm end date with your procurement or legal team.
  2. Transfer owned campaigns back to internal team or new agency.
  3. Remove agency users within 24 hours of contract end.
  4. Update vendor contact list and notify internal stakeholders.

Role change (media buyer to non-digital role):

  1. Confirm the role change with the user's manager.
  2. Assess if the user needs read-only reporting access instead of full removal.
  3. If reporting access is needed, change role to Reporting. If no access is needed, delete the user.
  4. Document the change and update internal roster.

Quarterly access review cleanup:

  1. Export the user list from User Management.
  2. Cross-reference against HR roster or active employee list.
  3. Identify users who left the company, changed roles, or haven't logged in for 90+ days.
  4. Remove each user and document the batch cleanup in your access log.
शीर्ष पर वापस जाएँ