Adobe Experience Platform

ExeK · 1/7/26

Our client is trying to activate audiences to Google Ads via the native Customer Match connector, using email as the primary identity.
Setup:

Source email field is plain text (not hashed).
In segment mapping, we enable "Apply transformation" (target namespace: Email_LC_SHA256).

Observed behavior:

Using Google Ads MCC ID in the destination:
- AEP reports successful activation (identities activated in flow runs).
- Audiences do not appear in Google Ads (neither MCC nor child accounts).
Using Child/Customer Account ID:
- Activation fails directly in AEP (identities rejected).

We've confirmed:

Segments have valid emails and sufficient size (>1,000 profiles).
OAuth authentication uses a Google Ads Admin user.
"Apply transformation" is correctly enabled.

Has anyone encountered this recently and resolved it?
Is manual whitelisting still required with Google despite docs saying it's automatic?
Any specific Google Ads account settings we're missing?

Thanks for any insights!

Tof_Jossic · 1/7/26

@ExeK

Regarding point #1, our documentation states:

If you manage ads via a Manager Account (MCC), confirm you are authenticating with a user that has Standard or higher access to the target customer account and that the Account ID configured in the destination is the customer account ID (not the MCC ID).

Regarding point#2:

- You mean you can actually activate / map a segment to this destination without getting an error?

- Do you see dataflow runs going through?

- If you have played around with multiple accounts, are you sure the Google account has the necessary Marketo permission enabled? (should be in 'Third-party apps and services')

ExeK · 1/7/26

Hi @Tof_Jossic ,

Thanks for your quick response.

Regarding point #1: Yes, we're following the documentation, but since the Account ID wasn't working, we tried the MCC ID as a workaround. It was just a hunch, and it behaves slightly differently from other Account IDs.

Point #2: We confirmed Marketo permissions were enabled when setting up the connection with a Google Ads admin account.
Dataflows run and show "completed" status, but throw this error when activating identities:
"ACTSVC-8104-401: Authentication error reported while pushing events to the destination. Please check authentication credentials and try again."

We have already verified that the credentials are correct and, furthermore, this error does not appear for the destination configured with the MCC ID.

Tof_Jossic · 1/7/26

@ExeK Thanks for the error code (ACTSVC-8104-401), which we have seen in the past.

What we see for that specific error message (Authentication error) is usually typically the following (I've removed obvious details) :

WARN com.google.ads.googleads.lib.request.summary - FAILURE REQUEST SUMMARY. Method: google.ads.googleads.v19.services.OfflineUserDataJobService/CreateOfflineUserDataJob, Endpoint: googleads.googleapis.com:443, CustomerID: xxxxxxxx, RequestID: xxxxxxxxx, ResponseCode: PERMISSION_DENIED, Fault: The caller does not have permission.

The caller in this case is AEP making the API call to the Google endpoint, however we are using/impersonating the 'CustomerID' which is the Google Account ID you type in when creating the destination.

Have you been able to confirm with Google whether or not the account has the necessary permissions or if there are any pending checks at their end? (out of curiosity, when was the destination created?)

Adobe Experience Platform

Google Customer Match Destination configuration

Learn

Documentation

Events

Community

Support

Resources

Adobe account

Adobe