Criteo User Management | Blue Frog Docs

Manage team access to Criteo Management Center, including user roles, permissions, and account administration.

Criteo Management Center provides comprehensive user management capabilities to control team access to your advertising account. This guide covers user roles, permissions, and best practices for account administration.

Overview

User management in Criteo allows you to:

Grant team members access to your account
Assign role-based permissions
Control what users can view and edit
Manage multiple advertisers under one organization
Track user activity and changes
Maintain security and compliance

Accessing User Management

Navigate to User Settings

Log in to Criteo Management Center
Click your profile icon in the top-right corner
Select Organization Settings
Navigate to Users & Permissions

User Management Dashboard

The dashboard displays:

Active Users - Currently active team members
Pending Invitations - Sent but not yet accepted
User Roles - Distribution of roles across team
Recent Activity - Latest user management actions

User Roles and Permissions

Criteo provides predefined roles with specific permission levels:

Administrator

Full account access with all permissions

Can:

Manage users and permissions
Create and edit campaigns
Manage budgets and billing
Configure account settings
View all reports
Access API credentials
Manage product feeds
Configure integrations

Use For:

Account owners
Senior marketing managers
Agency leads

Access Level:

✓ Create/edit/delete campaigns
✓ Manage budgets
✓ User management
✓ Billing and payments
✓ API access
✓ Account settings

Campaign Manager

Campaign creation and management without financial controls

Can:

Create and edit campaigns
Manage campaign settings
Pause/resume campaigns
View performance reports
Configure targeting
Optimize bids within set budgets

Cannot:

Modify budgets
Access billing
Manage users
Change account settings
Access API credentials

Use For:

Marketing managers
Campaign specialists
Day-to-day account managers

Access Level:

✓ Create/edit campaigns
✓ View reports
✓ Configure targeting
✗ Modify budgets
✗ User management
✗ Billing access

Analyst

Read-only access focused on reporting and analysis

Can:

View all campaigns
Access all reports
Export performance data
View account settings
Create custom reports

Cannot:

Edit campaigns
Create new campaigns
Modify settings
Manage budgets
Access billing
Manage users

Use For:

Data analysts
Reporting specialists
Executive stakeholders
Finance teams

Access Level:

✓ View campaigns
✓ View all reports
✓ Export data
✗ Edit campaigns
✗ Modify settings
✗ User management

Creative Manager

Focused on creative assets and content

Can:

Upload creative assets
Manage ad templates
Configure dynamic ads
View creative performance
A/B test creatives

Cannot:

Edit campaign budgets
Manage targeting
Access billing
Manage users
Modify account settings

Use For:

Design teams
Creative directors
Content managers

Access Level:

✓ Manage creatives
✓ View creative reports
✓ Upload assets
✗ Campaign settings
✗ Budget management
✗ User management

API User

Programmatic access for integrations

Can:

Access Criteo APIs
Pull reporting data
Create automated workflows
Integrate with external systems

Cannot:

Access web interface (typically)
Manage campaigns via UI
Access billing
Manage users

Use For:

API integrations
Automated reporting
Custom dashboards
Data pipelines

Access Level:

✓ API access
✓ Programmatic reporting
✗ Web interface access
✗ User management

Permission Matrix

Permission	Admin	Campaign Manager	Analyst	Creative	API User
View campaigns	✓	✓	✓	✓	✓
Create campaigns	✓	✓	✗	✗	✓*
Edit campaigns	✓	✓	✗	✗	✓*
Delete campaigns	✓	✗	✗	✗	✗
Manage budgets	✓	✗	✗	✗	✗
View reports	✓	✓	✓	✓	✓
Export data	✓	✓	✓	✓	✓
Manage creatives	✓	✓	✗	✓	✗
User management	✓	✗	✗	✗	✗
Billing access	✓	✗	✗	✗	✗
API credentials	✓	✗	✗	✗	✓
Account settings	✓	✗	✗	✗	✗

*Via API only

Multi-Advertiser Access

Organization Structure

Organization (Agency or Parent Company)
├── Advertiser Account 1
│   ├── User A (Admin)
│   ├── User B (Campaign Manager)
│   └── User C (Analyst)
├── Advertiser Account 2
│   ├── User A (Admin)
│   └── User D (Campaign Manager)
└── Advertiser Account 3
    ├── User E (Admin)
    └── User F (Analyst)

Cross-Account Access

Users can have different permissions across multiple advertisers:

Example:

User A: Administrator on Advertiser 1 & 2, no access to Advertiser 3
User B: Campaign Manager on Advertiser 1 only
User C: Analyst across all three advertisers

Manage Multi-Account Access

Navigate to Organization Settings > Users
Select user to modify
Click Manage Advertiser Access
For each advertiser:
- Toggle access on/off
- Select role
- Set permissions
Save changes

User Management Best Practices

1. Principle of Least Privilege

Grant minimum necessary permissions:

✓ Good: Campaign Manager for day-to-day operators
✗ Bad: Administrator for everyone "just in case"

2. Regular Access Reviews

Monthly:

Review active users
Remove inactive accounts
Verify role assignments

Quarterly:

Audit permission levels
Update based on role changes
Review API access

Annually:

Comprehensive security audit
Update access policies
Refresh user training

3. Separation of Duties

Separate responsibilities to prevent conflicts:

Campaign creation - Campaign Managers
Budget approval - Administrators
Financial reporting - Analysts
Creative uploads - Creative Managers

4. Document Access Policies

Maintain documentation:

# Criteo Access Policy

## Administrator Access
- CMO: Full admin access
- Marketing Director: Full admin access
- Agency Partner Admin: Limited admin (no billing)

## Campaign Manager Access
- Digital Marketing Managers (3 users)
- Campaign Specialists (5 users)
- Agency Account Managers (2 users)

## Analyst Access
- Data Analytics Team (4 users)
- Finance (2 users)
- Executive Dashboards (3 users)

5. Onboarding Checklist

When adding new users:

Verify employment/contractor status
Determine appropriate role level
Set up multi-factor authentication
Provide training materials
Document access grant
Schedule 30-day access review

6. Offboarding Process

When removing users:

Remove Criteo access immediately
Document removal date and reason
Transfer ownership of campaigns/assets
Revoke API credentials if applicable
Update team documentation

Security Features

Multi-Factor Authentication (MFA)

Enable MFA for Enhanced Security:

Navigate to Profile Settings
Select Security
Click Enable Two-Factor Authentication
Choose method:
- Authenticator app (Google Authenticator, Authy)
- SMS verification
- Email verification
Complete setup

MFA Requirements:

Mandatory for Administrator roles
Highly recommended for Campaign Managers
Optional for Analyst and Creative roles

IP Whitelisting

Restrict access to specific IP addresses:

Organization Settings > Security
Click IP Whitelist

Add allowed IP addresses or ranges:

Office: 203.0.113.0/24
VPN: 198.51.100.50

Save configuration

Best Practice:

Whitelist office IPs
Include VPN endpoints
Avoid overly broad ranges

Single Sign-On (SSO)

Enterprise accounts can configure SSO:

Supported Providers:

Okta
Azure AD
Google Workspace
OneLogin
Custom SAML 2.0

Configuration:

Contact Criteo support for SSO setup
Provide identity provider metadata
Configure attribute mapping
Test with pilot user
Roll out to organization

API Security

Secure API access:

API Credentials:

Unique per user/integration
Rotate credentials quarterly
Never share credentials
Use environment variables (never hardcode)

API Monitoring:

Track API usage per user
Set up alerts for unusual activity
Review API logs monthly

Activity Tracking

Audit Logs

View user activity:

Organization Settings > Audit Logs
Filter by:
- User
- Action type
- Date range
- Advertiser account

Tracked Actions:

User logins
Campaign modifications
Budget changes
User management actions
Setting updates
API requests

Change History

Review campaign changes:

Open campaign
Click History tab
View:
- Who made changes
- What was changed
- When changes occurred
- Previous values

Troubleshooting Access Issues

User Cannot Log In

Check:

Email address is correct
Account is active (not pending or disabled)
Password meets requirements
MFA is configured correctly
IP is whitelisted (if applicable)

Solutions:

1. Resend invitation if pending
2. Reset password
3. Verify MFA setup
4. Check IP whitelist
5. Contact Criteo support if issues persist

User Missing Permissions

Verify:

User role assignment
Advertiser account access
Custom permission settings
Organization-level restrictions

Fix:

Review role permissions
Grant advertiser access
Adjust custom permissions
Contact administrator for org restrictions

API Access Issues

Common Issues:

Expired credentials
Insufficient permissions
Rate limiting
IP restrictions

Resolution:

Regenerate API credentials
Verify API User role
Check rate limits
Verify IP whitelist

Getting Help

Internal Resources

Admin Users - First point of contact
IT/Security Team - For SSO and security issues
Documentation - User management guides

Criteo Support

Contact Methods:

Help Center: https://help.criteo.com
Support Ticket: Via Criteo Management Center
Account Manager: Direct contact for enterprise accounts
Email: support@criteo.com

Before Contacting Support:

Document the issue
Note error messages
List affected users
Describe expected vs. actual behavior

Next Steps

Add User Access - Invite new team members
Update Access - Modify user permissions
Remove Access - Deactivate user accounts

Additional Resources

Criteo Help Center: https://help.criteo.com
Security Best Practices: https://help.criteo.com/security
API Documentation: https://developers.criteo.com
Training Materials: Available in Criteo Management Center