Meet Cortex - AI Powered, Expertise Refined Decision EngineYour AI Optimization Engine
Live
PLATFORM: Google Ads

Google Ads Multi-Party Approval: A Second-Admin Lock on Sensitive Actions


Google's response to the 2025 MCC hijack wave: adding users, removing users, and changing roles now require a second administrator's approval. Coverage is narrower than the press makes it sound.

TL;DR
  • Google Ads multi-party approval (MPA) is live as of early February 2026 - a second account administrator must now approve adding users, removing users, or changing user roles before the change takes effect.
  • MPA activates automatically whenever an account has at least two admins - there is no toggle, no opt-in, no setting to flip. Solo-admin accounts get no protection at all and remain fully exposed to single-credential takeover.
  • Only three actions are gated - new user invitations, user removals, and role/permission changes. Budget changes, campaign edits, bidding strategies, and billing remain reachable by anyone holding a valid admin credential.
  • Notifications are in-product only, with no email or webhook - if your team manages workflow through inbox alerts, you will miss MPA requests entirely. Google support cannot approve or deny a request on behalf of an unresponsive admin.
  • Pending requests auto-reject after 20 days - and the requester cannot revoke a request once the other admin has acted on it, so internal communication protocols around approvals are no longer optional for agencies.

What MPA actually gates and how it works

Multi-party approval is a dual-authorization control for user-management actions inside a Google Ads account or manager (MCC) hierarchy. Compromising a single admin credential - the typical outcome of phishing - is no longer sufficient to add a backdoor user, remove a legitimate admin, or escalate privileges.

Multi-party approval (MPA) is a security feature for Google Ads designed to protect your account from unauthorized activity by requiring a second account administrator to verify sensitive changes. Sensitive actions like adding users or changing user roles will prompt other administrators of your account to approve these changes. Google Ads Help - support.google.com/google-ads/answer/16891189

The covered surface is narrow and explicit. Three actions trigger an approval request: adding a new user to the account, removing an existing user, and changing user roles or permissions. Nothing else. Bidding, budget, campaign edits, billing changes, and reporting access remain reachable by any admin holding valid credentials. MPA is a hijack-resistance layer, not a comprehensive account-fraud control.

The workflow has four moving parts. First, an admin initiates a sensitive change through the standard interface. Second, Google Ads automatically generates a pending approval request and pushes in-product notifications to eligible admins in the hierarchy - direct administrators and owner managers of the requester receive individual notifications, while others get a combined digest. Third, a second admin reviews and either approves or denies the request from the Access and security menu. Fourth, the request resolves in one of three ways: complete (approved and applied), denied (blocked), or expired (no action taken within 20 days, auto-rejected).

Two operational details practitioners should internalize now. Emails are not sent for MPA requests - notifications surface only inside the Google Ads UI, which means teams that work primarily from inbox or chat will miss them. And if your other admins are unresponsive, Google Ads support cannot approve or deny a request on your behalf. There is no escalation path. Internal communication discipline becomes the dependency.

When it took effect and how activation works

Google launched MPA in early February 2026, in direct response to the 2025 surge in MCC takeovers. The most important detail many writeups miss: activation is automatic. There is no admin switch. The feature turns on the moment your account has at least two administrators.

  • Announced: Early February 2026, via Google Ads Help and confirmed in industry coverage on February 5, 2026.
  • Rollout begins: Live for all Google Ads accounts globally on launch; no regional staging.
  • Activation threshold: Automatic for any account with two or more administrators. Solo-admin accounts have no MPA protection.
  • Expiration window: Pending requests auto-reject after 20 days of inaction.
  • Future scope: Google has signaled additional actions may require approval as security needs evolve, but the current list is fixed.

That means the most important configuration step is not flipping a switch - it is auditing your admin count on every account you manage. If you are the only admin on a client account, MPA is inert there and the account is fully exposed to single-point-of-compromise attacks. Adding a second trusted admin is what activates the protection.

Who this changes the calculus for

MPA's leverage scales with the size of the access surface you manage. Agency MCC operators get the most direct value; single-account in-house teams get less mechanically but still benefit. Solo-admin accounts get nothing until a second admin is added.

Segment Severity Why
Agencies running MCC hierarchies with many sub-accounts High This is the segment that got hit hardest in 2025 - one compromised admin credential was enough to seize an entire hierarchy. MPA forces an attacker to compromise two accounts to add a backdoor user. The trade-off: every legitimate user provisioning now needs internal coordination, so SOPs and notification monitoring become non-optional.
Solo-admin client accounts High MPA does nothing on accounts with only one administrator - the feature is dormant until a second admin exists. These accounts remain fully exposed to single-credential takeover. Adding a second trusted admin is the action that activates protection, and it should precede strategy or campaign work on any new client.
In-house teams managing one or a few brand accounts Medium The blast radius of a single hijack is smaller, but the gating logic is the same. The bigger change is offboarding: removing a departing employee now requires a second admin's approval, which means HR-to-marketing handoff documentation needs updating.
Teams relying on email or Slack for account alerts Medium MPA notifications are in-product only. Teams that manage operational workflow through inbox or chat will miss approval requests entirely unless someone is assigned to monitor the Google Ads UI directly. This is a process gap, not a tooling gap.
Read-only users and API-only integrations Low Read-only roles are exempt because they cannot initiate sensitive changes. API users are also exempt from the approval process, which is operationally convenient but means automation scripts with elevated permissions remain a separate attack surface that MPA does not address.

One nuance worth flagging: MPA is also an operational safeguard against internal errors, not just external attackers. Accidentally removing a critical user or granting excessive permissions to a contractor triggers the same review workflow - errors get caught before they create access problems. For agencies with junior staff doing provisioning, this is meaningful.

What to do this week

Priority order: audit admin counts across every account you touch, fix the solo-admin gaps first, then put a notification-monitoring routine in place so pending requests do not rot for 20 days.

  1. Audit your admin count on every account. Pull a list of every Google Ads account you have access to. For each, check the administrator count. Any account with fewer than two admins gets a second trusted admin added today - that is what activates MPA. Google's own short on MPA recommends three administrators rather than two, so that a single admin's absence does not block legitimate changes.
  2. Build a notification-monitoring routine. Since emails are not sent for MPA approvals, assign at least one person per workday to check in-product notifications in the Google Ads UI. Build it into the daily ops checklist. Go to Access and security in the Admin menu, then Pending invitations, then Review request - that is where pending, completed, denied, and expired requests live.
  3. Designate MPA responders across time zones. If your agency operates across regions, distribute admin roles so an approval request never sits pending because the only other admin is asleep. Document who covers which window.
  4. Document the approval chain in your SOPs. When a new client onboards or a new hire needs account access, who initiates the request? Who approves it? Write it down before someone gets stuck. New hires should know the process before they touch a single account.
  5. Set an internal SLA for approval turnaround. The 20-day window is generous, but it is not a target. Aim for same-business-day review during business hours. Treat the in-product notification as the formal record, but use Slack or a direct message to flag urgent requests - do not rely on the notification alone for time-sensitive changes.

What to do this quarter

The strategic point: MPA is one ring of defense, not the perimeter. It blocks the specific actions that enable long-term account takeover - adding backdoor users, removing legitimate admins, escalating roles. It does not prevent an attacker with valid admin credentials from launching fraudulent campaigns, modifying bidding, changing billing, or burning budget within a single session. Build the rest of the stack.

Layer MPA into a multi-ring defense

Five concentric controls Google already provides should now be reviewed in sequence. Ring one is identity verification: enforce 2-Step Verification across every user, not just admins, and migrate to passkeys or hardware security keys where possible since SMS-based 2FA is now bypassable through near-perfect phishing. Ring two is domain restrictions: the Allowed Email Domains setting blocks the common attack pattern of hijackers inviting random Gmail addresses as admins. Ring three is manager account security mandates: cascade 2FA and domain rules across every sub-account from the MCC level. Ring four is access hygiene: quarterly access reviews to remove inactive users and revoke admin rights from anyone who has changed role or left. Ring five is phishing-resistant authentication: passkeys are Google's central recommendation and they eliminate the credential-harvesting vulnerability that drives most account takeovers.

Adjust hiring, offboarding, and revocation workflows

Every employee with admin access now affects two processes - the work they do and the approvals they give. When someone leaves, you are not just removing one user; you are potentially dropping below the two-admin threshold on certain accounts, which silently disables MPA. Offboarding checklists need to verify admin count after removal. On the revocation side: if you initiate a request in error, you can only revoke it if the other admin has not yet approved or denied it - so document the revocation path and use it immediately rather than hoping the second admin will catch the mistake.

Plan for the single-admin client onboarding case

Some client accounts arrive with only one admin. Before strategy, before campaign builds, before anything else, add a second admin. Without that step MPA is inert and the account remains fully vulnerable to the same single-point-of-compromise attacks that defined 2025. This is the cheapest, highest-leverage security action available right now.

What we're seeing in real accounts

The 2025 hijack wave is the context for everything in this dispatch. Coverage tracked sophisticated phishing campaigns that mimicked Google's account-access invitations near-perfectly, including the "great Google Ads heist" cluster reported by security researchers in early 2025. The pattern was consistent: attackers impersonated Google Ads, harvested credentials from fake login pages, added themselves as admins to MCCs, and either resold the access on black-hat forums or launched fraudulent high-budget campaigns. Two-step verification did not stop the wave on its own - one agency owner reported on LinkedIn that his entire MCC was hijacked at 12:30 a.m. with 2FA enabled.

From the audit notes
On a multi-client agency MCC we reviewed during the late-2025 spike, the dominant failure pattern was not the security control - it was the admin structure. Multiple sub-accounts had only the agency lead listed as administrator, which would have made MPA dormant on those accounts even after the February 2026 launch. The remediation was straightforward: add a second trusted admin (an internal account director, not a contractor) to every sub-account, set the Allowed Email Domains to the agency's own domain on every account that supported it, and migrate the agency's primary admin logins to passkeys. None of these are new controls. The change is that MPA now ties them together: once two admins exist, the second-admin requirement creates a structural barrier that single-credential phishing cannot defeat.

Counterpoint worth noting: MPA does not address the immediate-damage scenario. Reports from 2025 included a performance-advertising agency that saw $180,000 in overspend overnight from a single compromised credential, and other agencies that racked up "tens of thousands" within 24 hours. An attacker with valid admin credentials can still launch fraudulent campaigns, change bidding, and modify billing inside a single session - MPA does not gate any of that. The deterrent is structural over time, not immediate. That is why the multi-ring defense matters more than the single feature.

What we're still watching

Four open questions are driving how we sequence Google Ads security audit work for the next two quarters.

  • Email or webhook notifications for MPA: The exclusive reliance on in-product notifications is the biggest adoption friction point. Teams that operate from inbox and chat tools will miss requests. Whether Google adds an email channel, a webhook, or a third-party integration would change the operational calculus significantly.
  • Scope expansion to budget and billing changes: Google has signaled that additional actions may require approval as security needs evolve. The most useful expansion would be billing-payment-method changes and large daily budget edits - the actions an attacker with valid credentials uses to cause immediate financial damage. Whether Google extends MPA to those actions is the most important question for the next iteration.
  • API user gating: API users are currently exempt from the approval process. For teams using automation scripts with admin-equivalent permissions, this is a separate attack surface. Whether Google adds an MPA-equivalent for sensitive API actions, or whether the burden shifts to OAuth scope review and credential management, is still unresolved.
  • Support escalation for unresponsive co-admins: The current rule is that Google support cannot approve or deny a request on behalf of an unresponsive admin. For agencies where a co-admin departs unexpectedly, this creates a 20-day lockout on legitimate provisioning. Whether Google introduces a verified support-escalation path is worth tracking.

Frequently asked

Do I have to manually turn on multi-party approval?

No. MPA activates automatically on any Google Ads account with at least two administrators. There is no toggle, no setting to flip, and no opt-in step. The configuration action is making sure your account has a second admin - that is what enables the protection. Solo-admin accounts have no MPA coverage until a second admin is added.

Exactly which actions does MPA gate?

Three: adding a new user to the account, removing an existing user, and changing user roles or permissions. That is the complete list at launch. Budget changes, campaign edits, bidding strategies, billing updates, and reporting access are not covered. Google has indicated additional actions may require approval as security needs evolve, but the current scope is fixed.

What if my other administrator does not respond to a request?

Pending requests expire after 20 days with no action taken, at which point the change is rejected and can be re-requested. Google Ads support cannot approve or deny a request on behalf of an unresponsive admin - there is no escalation path. This is why distributing admin coverage across time zones and documenting an approval chain matters operationally.

Are API users and automation scripts subject to MPA?

No. API users are currently exempt from the approval process, as are read-only roles. The exemption for read-only roles makes sense because those users cannot initiate sensitive changes in the first place. The API exemption is operationally convenient for automation but means API-level access remains a separate attack surface that needs its own credential management and OAuth scope review.

Does MPA stop an attacker who already has admin credentials from burning my budget?

No. MPA blocks the actions that enable long-term takeover - adding backdoor users, removing admins, escalating roles. An attacker with valid admin credentials can still launch fraudulent campaigns, modify bidding, change billing, and cause immediate financial damage within a single session. MPA is one ring of defense, not the perimeter. Combine it with 2-Step Verification, passkeys, allowed-email-domain restrictions, and manager account security mandates for full coverage.

References

  1. Google Ads Help. "About Multi-party approval for Google Ads." support.google.com/google-ads/answer/16891189
  2. Search Engine Roundtable. "Google Ads Multi-Party Approval To Stop Hijacking." seroundtable.com/google-ads-multi-party-approval-40882.html
  3. Google Ads. "Secure your Google Ads account with Multi-party approval" (video). youtube.com/watch?v=dPZf1soDcPk
  4. Google Ads. "Multi-Party Approval for Google Ads: Account Security Explained" (tutorial). youtube.com/watch?v=Jyl7LTKZ1B4
  5. Google Ads Help. "What to do if your account is compromised." support.google.com/google-ads/answer/9355975
  6. Google Ads Help. "Account security and safety." support.google.com/google-ads/topic/3121774
  7. Search Engine Roundtable. "Daily Search Forum Recap: February 5, 2026." seroundtable.com/recap-02-05-2026-40883.html