Remove User Access from Criteo | Blue Frog Docs

Remove User Access from Criteo

Step-by-step guide to deactivating users, revoking access, and offboarding team members from Criteo Management Center.

This guide covers the process of removing user access from your Criteo account, including full account removal and partial access revocation.

When to Remove Access

Remove or restrict user access when:

  • Employee leaves the company
  • Contractor or agency engagement ends
  • User changes roles and no longer needs access
  • Security incident requires immediate access revocation
  • User no longer works with specific advertisers
  • Compliance audit requires access reduction
  • User account is compromised

Prerequisites

Before removing access:

  • Administrator permissions in Criteo Management Center
  • User identification (email or name)
  • Approval for access removal (if required)
  • Transition plan for user's campaigns/assets
  • Documentation requirements reviewed

Types of Access Removal

Complete Account Removal

Removes user entirely from organization:

  • User loses all advertiser access
  • Cannot log into Criteo Management Center
  • All permissions revoked
  • User removed from organization roster

Partial Access Removal

Removes access to specific advertisers:

  • User retains access to other advertisers
  • Can still log into account
  • Permissions maintained for remaining advertisers

Temporary Suspension

Disables access temporarily:

  • Account deactivated but not deleted
  • Can be reactivated later
  • Preserves user history and settings

Complete User Removal

Step 1: Access User Management

  1. Log in to Criteo Management Center
  2. Click your profile icon in the top-right corner
  3. Select Organization Settings
  4. Click Users & Permissions

Step 2: Locate User

  1. Search for user by name or email
  2. Or scroll through user list
  3. Click on user's name to open profile

Step 3: Transfer Ownership

Before removing, transfer ownership of:

Campaigns:

  • Active campaigns user manages
  • Scheduled campaigns
  • Draft campaigns

Audiences:

  • Custom audience segments
  • Retargeting lists

API Credentials:

  • API keys user owns
  • Automated integrations
  • Scheduled reports

Creative Assets:

  • Ad templates
  • Creative sets
  • Product feeds

Step 4: Remove User

  1. In user profile, click More Actions (⋯)
  2. Select Remove User
  3. Review warning message about data/access loss
  4. Confirm removal by:
    • Typing user's email address
    • Checking confirmation box
  5. Click Remove User Permanently

Step 5: Verification

  1. User disappears from user list
  2. Check Audit Log for removal record
  3. Verify user cannot log in
  4. Confirm ownership transfers completed

Step 6: Documentation

Document the removal:

## User Removal Record

**User:** john.doe@company.com
**Removed:** 2024-10-20 14:30 UTC
**Removed By:** admin@company.com
**Reason:** Employment terminated
**Advertisers Affected:** A, B, C
**Campaigns Transferred To:** jane.smith@company.com
**API Credentials:** Revoked
**Approval:** HR Ticket #12345

Partial Access Removal

Remove Advertiser Access

Remove access to specific advertisers while keeping user active:

Step 1: Open User Profile

  1. Navigate to Users & Permissions
  2. Find and open user's profile
  3. Go to Advertiser Access section

Step 2: Remove Specific Advertisers

  1. Find advertiser(s) to remove
  2. Click X or Remove next to advertiser name
  3. Confirm removal
  4. Repeat for additional advertisers

Step 3: Verify Remaining Access

  1. Check user still has access to other advertisers
  2. Verify user can still log in
  3. Confirm permissions on remaining advertisers

Example:

Before:
- Advertiser A: Campaign Manager
- Advertiser B: Campaign Manager
- Advertiser C: Analyst

After (removed B):
- Advertiser A: Campaign Manager
- Advertiser C: Analyst

Downgrade to Read-Only

Revoke editing permissions while maintaining visibility:

  1. Open user profile
  2. Change role to Analyst for specific advertiser(s)
  3. Or change role globally across all advertisers
  4. User retains reporting access but cannot edit

Use Cases:

  • User transitioning to different role
  • Temporary restriction during investigation
  • Contractor moving to advisory role

Temporary Suspension

Suspend User Account

Disable access temporarily:

  1. Open user profile
  2. Click Account Status
  3. Select Suspend Account
  4. Specify:
    • Suspension reason
    • Expected reactivation date (optional)
    • Notification settings
  5. Click Suspend

During Suspension:

  • User cannot log in
  • All access frozen
  • Data and settings preserved
  • Can be reactivated anytime

Reactivate Suspended Account

To restore access:

  1. Navigate to Users & Permissions
  2. Filter by Suspended status
  3. Select user
  4. Click Reactivate Account
  5. Confirm reactivation
  6. User can log in immediately

Emergency Access Revocation

Immediate Removal for Security

For security incidents:

Quick Removal Process

  1. Immediate Actions:

    1. Navigate to user profile (30 seconds)
2. Click Remove User (10 seconds)
3. Confirm removal (5 seconds)
4. Total time: ~45 seconds

  2. Verify Removal:

    • User logged out immediately
    • Active sessions terminated
    • API credentials revoked
    • Access to all advertisers removed

  3. Additional Security Steps:

    • Change shared passwords user had access to
    • Review recent user activity in audit log
    • Check for unauthorized changes
    • Revoke API keys user may have saved
    • Alert security team

Post-Incident Checklist

After emergency removal:

  • User access confirmed revoked
  • Sessions terminated
  • API credentials disabled
  • Recent activity reviewed
  • Unauthorized changes identified
  • Security team notified
  • Incident documented
  • Management informed
  • Recovery plan initiated

API Access Revocation

Revoke API Credentials

When removing user with API access:

  1. Before removing user, navigate to API Credentials
  2. Find credentials owned by user
  3. Click Revoke for each credential
  4. Document revoked credentials
  5. Update any integrations using those credentials
  6. Then proceed with user removal

Important:

  • Revoke API access before removing user
  • Update automated systems using those credentials
  • Monitor for broken integrations
  • Test replacement credentials

Transfer API Ownership

To preserve integrations:

  1. Create new API credentials under different user
  2. Update integrations with new credentials
  3. Test integrations work with new credentials
  4. Revoke old credentials
  5. Remove original user

Bulk User Removal

Remove Multiple Users

For offboarding multiple users:

Step 1: Prepare List

Create CSV of users to remove:

email,removal_date,reason
john.doe@company.com,2024-10-20,Termination
jane.smith@company.com,2024-10-20,Contract ended
bob.johnson@company.com,2024-10-20,Role change

Step 2: Bulk Remove

  1. Users & Permissions > Bulk Actions
  2. Select Remove Users
  3. Upload CSV or select multiple users
  4. Review users to be removed
  5. Confirm bulk removal
  6. Monitor progress

Step 3: Verification

  1. Check all users removed successfully
  2. Review audit log entries
  3. Verify ownership transfers
  4. Document bulk removal

Offboarding Process

Complete Offboarding Checklist

For employee departure:

Week Before Departure:

  • Identify user's Criteo access
  • List campaigns/assets user owns
  • Assign transition owner
  • Schedule knowledge transfer
  • Document access removal plan

Last Day:

  • Transfer campaign ownership
  • Transfer audience ownership
  • Revoke API credentials
  • Download user's activity report
  • Remove user access
  • Verify removal successful

Post-Departure:

  • Confirm no access remains
  • Update team documentation
  • Archive user records
  • Update contact lists
  • Close related service tickets

Knowledge Transfer

Before removal:

  1. Document User's Work:

    • Active campaigns and strategies
    • Optimization approaches
    • Custom audiences and segments
    • Reporting templates

  2. Transfer Ownership:

    • Assign new campaign owner
    • Share custom reports
    • Transfer creative assets
    • Update documentation

  3. Train Replacement:

    • Review campaign strategies
    • Explain optimization logic
    • Share access credentials
    • Provide context

Data Retention

When removing users:

What's Retained:

  • Audit log of user actions
  • Campaign history created by user
  • User-generated reports (if saved)
  • Attribution data

What's Removed:

  • User login credentials
  • Personal profile information
  • Private settings
  • Saved views/preferences

If user under legal hold:

  1. Do NOT remove user account
  2. Suspend access instead
  3. Preserve all user data
  4. Contact legal department
  5. Document hold reason
  6. Set reminder for hold review

GDPR/Data Privacy

For data subject requests:

Right to Erasure:

  1. User requests data deletion
  2. Verify identity
  3. Remove account
  4. Delete personal data
  5. Retain business records (as required)
  6. Confirm deletion to user

Data Export: Before removal, user can request:

  • Campaign data
  • Performance reports
  • Personal settings
  • Activity history

Monitoring After Removal

Verify Removal Effectiveness

Immediate Checks (Day 1):

  • User cannot log in
  • Email notifications stopped
  • API calls fail with authentication error
  • User removed from all advertiser access lists

Follow-up Checks (Week 1):

  • No unauthorized access attempts
  • Transferred ownership functioning correctly
  • No broken integrations
  • Team aware of user removal

Long-term Monitoring (Month 1):

  • Review audit logs for anomalies
  • Confirm no orphaned assets
  • Verify replacement user successful
  • Update access documentation

Troubleshooting

Cannot Remove User

Error: User owns critical resources

Solution:

  1. Transfer campaign ownership first
  2. Reassign API credentials
  3. Move creative assets
  4. Then retry removal

Error: Insufficient permissions

Solution:

  1. Verify you have Administrator role
  2. Check organization-level permissions
  3. Contact another administrator
  4. Contact Criteo support if needed

User Still Has Access

Check:

  1. Browser cache (user should clear)
  2. Active sessions (may take minutes to expire)
  3. Removal was saved successfully
  4. Check audit log for confirmation

Solutions:

  1. Force user logout from admin panel
  2. Wait for session expiration (15 minutes)
  3. Have user clear cookies and try again
  4. Contact Criteo support

Removed User Can Still Access

Immediate Actions:

  1. Verify removal in user list
  2. Check audit log for removal record
  3. Force session termination
  4. Change account passwords if shared
  5. Contact Criteo support urgently

Best Practices

1. Regular Access Audits

Monthly:

  • Review inactive users
  • Check for unused accounts
  • Verify all users still employed
  • Remove departed users promptly

Quarterly:

  • Comprehensive access review
  • Remove stale accounts
  • Verify appropriate permission levels
  • Update documentation

2. Timely Removal

✓ Good: Remove access on last day of employment
✗ Bad: Delay removal for weeks/months
✓ Good: Immediate removal for security issues
✗ Bad: Wait for approval in emergencies

3. Documentation

Maintain removal log:

## User Removal Log 2024

### October 20: John Doe
- Reason: Termination
- Advertisers: A, B, C
- Transferred to: Jane Smith
- Removed by: admin@company.com

### October 22: Bob Johnson
- Reason: Contractor end
- Advertisers: D
- Removed by: admin@company.com

4. Communication

Notify Stakeholders:

  • User's manager
  • Team members
  • Dependent teams
  • Finance (for billing changes)

Email Template:

Subject: Criteo Access Removed - [User Name]

Team,

Criteo access has been removed for [User Name] effective [Date].

Campaigns transferred to: [New Owner]
API credentials: Revoked
Questions: Contact [Admin Name]

[Your Name]

5. Security Hygiene

After removal:

  • Change shared passwords
  • Rotate API keys if shared
  • Review recent activity
  • Check for suspicious changes
  • Update security documentation

Getting Help

Common Questions

Q: Can I recover a removed user? A: No, removal is permanent. You must invite user again as new account.

Q: What happens to user's campaigns? A: Campaigns remain active. Transfer ownership before removal.

Q: Do removed users count against user limit? A: No, only active users count toward any limits.

Q: Can user's email be reused? A: Yes, after removal you can invite same email as new user.

Support Resources

  • Criteo Help Center: https://help.criteo.com
  • Support Ticket: Via Management Center
  • Security Team: For emergency removals
  • Account Manager: For policy questions

Next Steps

↑ Back to top
// SYS.FOOTER