The Trade Desk Remove User Access | OpsBlu Docs

The Trade Desk Remove User Access

Checklist for revoking access to a Trade Desk seat while keeping campaigns intact.

Remove User Access

Use this process to offboard users from The Trade Desk seat. Properly removing access protects your seat from unauthorized activity, maintains compliance, and ensures business continuity for programmatic campaigns.

Removing a user is permanent and cannot be undone. Always transfer asset ownership and revoke API tokens before removal.

When to Remove Users

Remove The Trade Desk access when:

  • Employee leaves the organization
  • Agency contract ends or agency no longer manages specific advertisers
  • User changes roles and no longer requires Trade Desk access
  • Security or compliance teams request removal due to policy violation or audit
  • Temporary contractor's project concludes (seasonal campaign, product launch, etc.)
  • User has been inactive for 90+ days per access policy
  • Finance or legal requests removal for billing or compliance reasons
  • Consolidating access to different seat or role change
  • User needs downgrade to analyst/read-only rather than full removal

Deactivation Triggers

Common triggers for immediate removal:

  • Employee termination: Revoke access same day as termination date
  • Agency contract termination: Remove within 24 hours of contract end
  • Role change: If transitioning to non-advertising role, assess removal vs. read-only
  • Security incident: Immediately remove if credentials compromised or policy violated
  • Quarterly access review: Remove users inactive for 90+ days per governance policy
  • Policy violations: Remove per security team or compliance request
  • Duplicate accounts: Remove redundant user accounts or old email addresses
  • API token compromise: Immediate removal and token revocation if security breach

Pre-Removal Assessment

Before removing a user, complete the following assessment:

Identify access level

Determine if user has:

  • Seat-level access: Removal clears access to all advertisers under seat
  • Advertiser-specific access: Can remove completely or reduce advertiser list
  • Billing visibility: Removal affects who can see invoices and payment details
  • API credentials: Removal may break automated integrations and bulk tools
  • Pixel and audience ownership: Removal transfers or orphans conversion pixels and audiences

Identify owned assets

Campaign assets:

  • Campaigns and ad groups they created or manage
  • Creative assets they uploaded
  • Saved audience segments and targeting templates
  • Custom bidding strategies and pacing rules
  • Saved reports and dashboards

Configuration assets:

  • Conversion pixels and tracking tags they configured
  • Audience segments they created
  • Deal IDs and private marketplace (PMP) setups
  • Data integrations and third-party connections

API and integration assets:

  • User Access Tokens (API credentials)
  • Automated reporting scripts and ETL jobs
  • Bulk campaign management tools
  • Server-to-server (S2S) integrations

Transfer ownership

For each asset identified:

  1. Identify new owner (must be another Seat Admin for pixel/API ownership)
  2. Transfer pixel and audience ownership in platform settings
  3. Document transfer in handoff notes
  4. Notify new owner of transferred responsibilities
  5. Verify new owner can access and manage assets

Critical: Pixels, audiences, and API tokens require explicit ownership transfer. If user is only Seat Admin with pixel ownership, transfer before removal.

Confirm approval

Obtain written approval from:

  • User's manager or seat owner
  • Finance or HR if due to termination
  • Security or compliance if part of audit or incident response
  • Legal if contractual or vendor-related removal

Save approval in ticketing system or access log for audit trail.

Removal Steps

Step 1: Access user management

  1. Sign in to The Trade Desk platform
  2. Navigate to the correct Seat
  3. Go to Admin menu → Users or User Management
  4. Verify you have Seat Admin access before proceeding

Step 2: Review current access

  1. Locate user in the active users list
  2. Review their:
    • Current role (Seat Admin, Trader/Full Access, Analyst, Finance/Billing)
    • Advertiser assignments and scope
    • Billing visibility status
    • API token status
  3. Screenshot user details for compliance and audit record
  4. Document in access log or ticket

Step 3: Transfer pixel and audience ownership (if applicable)

If user is Seat Admin with pixels or audiences:

  1. Navigate to Admin → Pixels or Data Management
  2. Identify pixels and audiences owned by the user
  3. Transfer ownership to another active Seat Admin
  4. Verify transfer successful
  5. Document ownership change

Step 4: Revoke API credentials (if applicable)

If user has User Access Tokens (API credentials):

  1. Navigate to Admin → API or API Tokens
  2. Identify all tokens tied to the user
  3. Deactivate or delete all User Access Tokens
  4. Notify teams using those tokens that rotation is needed immediately
  5. Update any scripts, ETL jobs, or integrations with new credentials
  6. Test integrations after credential rotation

Critical: Revoking API tokens will break any bulk tools, reporting scripts, or integrations using those credentials. Coordinate with teams before deactivation.

Step 5: Remove or reduce user access

For full removal:

  1. Find user in User Management
  2. Click Remove, Deactivate, or Delete
  3. Confirm removal when prompted
  4. User immediately loses access to all advertisers in the seat

For advertiser-specific reduction:

  1. Click Edit for the user
  2. Remove specific advertisers from their access list
  3. Keep user active but reduce scope
  4. Save changes
  5. Verify advertiser list updated

For role downgrade instead of removal:

  1. Click Edit for the user
  2. Change role to Analyst/View Only if they need reporting access only
  3. Adjust advertiser scope if needed
  4. Save changes

Step 6: Verify removal

  1. Refresh User Management page
  2. Confirm user no longer appears in active users list (or has updated role/advertisers)
  3. Screenshot updated list for audit trail
  4. Verify API tokens no longer appear in API management
  5. Verify billing access removed if applicable

Post-Removal Tasks

Update documentation

Update the following:

  • Access log or ticketing system:
    • User email and name
    • Date removed
    • Reason for removal (e.g., "Employee termination," "Contract ended," "Quarterly review")
    • Approver name and approval date
    • Advertisers removed (list specific advertisers)
    • Role removed (Seat Admin, Trader, Analyst, Finance)
    • Assets transferred and new owners
    • API tokens revoked
    • Screenshots attached
  • SSO/IAM directory: Remove user from Trade Desk access groups
  • Internal roster: Update team roster, org charts, or RACI matrices
  • Pixel and audience documentation: Update ownership records
  • API documentation: Update credentials and integration ownership

Notify stakeholders

  • Inform user of removal if appropriate (non-termination scenarios)
  • Alert team members who collaborated with removed user on campaigns
  • Notify new asset owners of their new responsibilities
  • Update documentation or runbooks referencing the removed user
  • Inform finance team if user had billing access
  • Alert engineering teams if API tokens were revoked

Audit remaining users

Post-removal audit checklist:

  • Verify user fully removed from seat
  • Check for duplicate accounts or old email addresses for same user
  • Review other users' access for similar cleanup needs
  • Flag Seat Admins who no longer need that role for downgrade
  • Identify inactive users for next review cycle
  • Verify pixel and audience ownership distributed among multiple Seat Admins

Rotate credentials and integrations

If removed user had sensitive access:

  • Rotate API tokens for affected integrations
  • Update bulk campaign tools with new credentials
  • Change shared passwords if any were in use (not recommended practice)
  • Review audit logs for user activity before removal
  • Notify security team if removal was due to incident
  • Test all integrations after credential rotation

Schedule next review

  • Add removal to quarterly access review log
  • Set reminder to review all users in 90 days
  • Document any access patterns to improve future onboarding/offboarding

Troubleshooting

Cannot remove user because they own pixels or audiences:

  • Transfer pixel and audience ownership first in Data Management
  • If blocked, contact The Trade Desk support
  • Ensure new owner is a Seat Admin

User removed but can still access:

  • Verify removed from correct seat
  • Check if user has access through different seat
  • User may be cached - have them log out and clear browser cache
  • Contact The Trade Desk support if access persists after 24 hours

Need to restore removed user:

  • Removal is permanent; cannot restore or undo
  • Re-invite user through Add User workflow if needed
  • User will receive new invitation and must re-accept
  • Rebuild advertiser assignments and role

User had billing access and invoices no longer accessible:

  • Ensure another Seat Admin or Finance/Billing user has billing visibility enabled
  • Verify billing permissions enabled for remaining users
  • Add new billing user if needed
  • Contact The Trade Desk support if invoices inaccessible

User had API credentials and integrations broke:

  • Integrations using user's API tokens will fail immediately after removal
  • Rotate API credentials to new user before removal to prevent downtime
  • Update scripts, ETL jobs, and reporting tools with new credentials
  • Test integrations after credential rotation
  • Coordinate with engineering teams managing integrations

User was only Seat Admin with pixel ownership:

  • Must transfer ownership before removal or pixels may become inaccessible
  • Promote another user to Seat Admin first if needed
  • Transfer ownership, then proceed with removal
  • Keep at least 2 Seat Admins to prevent lockouts

Removing advertiser access but user still sees all advertisers:

  • Verify you edited advertiser list and saved changes
  • Check if user has seat-level access (they see all advertisers)
  • Must change to advertiser-specific access and select specific advertisers
  • Have user log out and back in to see updated access

Best Practices

  • Remove access same day as termination or contract end date
  • Always transfer ownership of pixels, audiences, and API tokens before removing
  • Screenshot before and after removal for compliance and audit trails
  • Run quarterly access reviews to identify and remove inactive users
  • Document every removal with date, reason, approver, and transferred assets
  • Revoke API tokens immediately upon removal to prevent unauthorized access
  • Rotate credentials proactively before removal to prevent integration downtime
  • Keep at least 2 Seat Admins to prevent seat lockout scenarios
  • Use analyst/read-only role instead of removal if user needs reporting access
  • Maintain access matrix showing all users, roles, and advertiser assignments
  • Save approval documentation for compliance and audit purposes
  • Notify affected teams when removing users with shared responsibilities
  • Test pixels and integrations after ownership transfer to ensure continuity
  • Review billing access to ensure invoices remain accessible after removal
  • Coordinate with engineering before revoking API tokens to prevent downtime

Common Use Cases

Employee termination:

  1. Receive termination notice from HR
  2. Transfer pixels, audiences, and campaigns to manager
  3. Rotate API credentials if user was Seat Admin or had tokens
  4. Remove user same day as termination
  5. Screenshot and document removal
  6. Update internal rosters and access logs
  7. Test integrations after token revocation

Agency contract ends:

  1. Confirm contract end date with procurement or legal
  2. Transfer campaigns back to internal team or new agency
  3. Transfer pixel ownership if agency managed conversion tracking
  4. Revoke API tokens used by agency
  5. Remove agency users within 24 hours of contract end
  6. Update vendor contact list and access documentation

Role change to non-digital:

  1. Confirm role change with manager
  2. Assess if Analyst/View Only access needed for reporting or oversight
  3. If no access needed, transfer assets and remove completely
  4. If read-only needed, edit user to downgrade to Analyst role
  5. Document change and reason

Quarterly access review cleanup:

  1. Export user list from User Management
  2. Cross-reference against HR roster and project assignments
  3. Identify users who left organization or haven't logged in for 90+ days
  4. Transfer assets and remove inactive users
  5. Document batch cleanup in access log

Security incident or API token compromise:

  1. Receive removal request from security or compliance team
  2. Immediately revoke all User Access Tokens
  3. Remove user to prevent further access
  4. Document incident and removal
  5. Transfer ownership after removal (unless security team advises otherwise)
  6. Rotate all API credentials and notify affected teams
  7. Report completion to security team
  8. Review audit logs for unauthorized activity

Contractor project completion:

  1. Confirm project completion date with project manager
  2. Transfer deliverables and campaign ownership to internal team
  3. Revoke any API tokens contractor used
  4. Remove contractor access within 48 hours of project end
  5. Document removal and project completion
  6. Archive contractor documentation
返回顶部