Workspace Management

Effective team management is crucial for maintaining a secure and organized working environment. This section provides step-by-step instructions for adding, removing, and editing users in two different workflows, depending on the level of security and oversight needed.

  1. Option 1: Direct Admin Control
    In this default mode, administrators have full authority to directly manage users. This option is ideal for scenarios where fast and straightforward user management is necessary, without the need for additional approval.
  2. Option 2: Governance Vault via MPC-TSS Technology
    For enhanced security, this option introduces a multi-party approval process. Here, any user management action (such as adding and removing a user) must be validated and approved by multiple designated validators. This process ensures that sensitive changes are reviewed and agreed upon by trusted team members before being enacted.

Before using the multi-party validation option, a governance vault must be created to define who will serve as validators and how many approvals are required. This guide covers both user management workflows, along with detailed instructions on setting up governance for the MPC-TSS process.

3.1 User Roles and Permissions

Admin: The Admin role is the most powerful role within the system. Admins have the authority to add, edit, or deactivate other users.

User: Regular users have limited access/permissions compared to Admins and Validators. They typically do not have the authority to manage other users or perform any administrative actions.

3.2 Governance Setup for MPC-TSS Validation

This section explains how to set up the governance structure for the MPC-TSS validation process.

Governance Vault Capabilities - more options will be available in future releases

  • Invite / Deactivate users and admins  
  • Adding or Removing admins to the Governance Vault

Please note: Once this feature is enabled, users will not be able to turn it off. Make sure the selected threshold aligns with your business needs.

3.2a To create a new Governance Vault:

Process Ref.

Process Step

1

On the web dashboard, click on "Settings"

2

Underneath the “Settings” tab, click on “Governance Vault” 

3

Click the “Set Up Your Governance Vault” button

4

On the "Create Governance Vault" page, specify the vault threshold


  • The amount of signing power required to complete a transaction or reshare request.

Please Note - Threshold can be updated after creation, via a reshare

5

Select the users who will be a member of the Governance Vault signing party, and specify the signing power to be allocated to each user's signing device..

  • Signing power will determine the number of secret shares a user controls with their specified signer.

Please note -  Only Admins can be added as signers in the Governance Vault

Please note - If you wish to participate in the signing process, ensure that you are added as a signer

Please note - The user list will only show individuals who have registered a signer; virtual signers will not be included in this list

6

After selecting the signer(s), click on "review" to examine the details of the vault creation and the signing power allocated for the Governance vault

7

Click “Submit for Approval” to send the vault creation request or if you need to amend / update the details, click “edit”

8

Once submitted, you can return to the settings page by clicking on "Back to Settings" or track the progress of the vault creation by clicking on "track progress"

9

Each user specified as a member of the Governance Vault signing party must approve the request on their device and participate in the Governance Vault creation process

  • A reshare request must be approved and completed within 10 minutes, after which the request will expire.

10

After successful completion, the vault will be visible on the dashboard, and users will be able to invite team members under the “My Team” section of the settings page.

Please Note - The name of the vault will always be Governance Vault

Please Note - A request must be approved and completed within the 10 minutes time-out limit 

Please note - All signing parties must be online and logged in with their registered devices at the same time to approve the request, unless background signing is enabled (see section 4.3a.  for details)

3.2b Review or edit a Governance Vault:

Process Ref.

Process Step

1

You can review the details of your Governance Vault, including the threshold and signers, by navigating to the 'Settings' page.

2

Then selecting the 'Governance Vault' tab and clicking the settings gear icon in the top left corner.

3

This will take you to the Vault Settings page, where you can request a reshare to edit the threshold and signers.

4

At this stage, you can still cancel any changes by clicking the “Cancel Edits” button or or proceed with the modifications by clicking the “Request Reshare” button.

You will follow the same signing process for this action as with any other within the vault product.

3.3 Adding, deactivating or editing team members

3.3a Add a team member 

Process Ref

Process Step

1

On the web dashboard, click on "Settings"

2

Underneath the “Settings” subtab, click on “Invite User” in the top right-hand side

3

You will then be prompted to input the invite’s details;

  • Full Name
  • Email Address
  • What role they will have (Admin or User)

4

Click “Invite” to send the invitation 

5a

For option 1 “Direct Admin Control”: This process is now complete

5b

For option 2 “Governance Vault Validation”: The request will proceed to validation via MPC-TSS. See section 3.4 for additional steps.

6

At this stage, the invited team mate will receive an email invitation containing their username (which is the same as their email) and a temporary password

  • The invitation remains valid for 7 days, during which the user must log in before the invite expires

7

Once the invited user logins using the temporary password within the invite email and inputs a permanent  password, they will be automatically added to the Users section in the “My Team” sub-tab

8

If the user fails to login within the 7-day period, you can resend the invitation by navigating to the "Invites" subtab in the “Settings” tab at the top of the screen. From there, select the specific user, and click on "Resend Invitation" located in the top-right corner.

Please Note - You can review the status of pending invites by clicking on the "Invites" subtab at the top of the screen

Please Note - If you’d like to add multiple users you will need to add them individually

3.3b Edit a team member

Process Ref.

Process Step

1

On the web dashboard, click on "Settings"

2

Click on the specific user from the list of active users

3

Once selected, click “Edit Details” in the right-hand side

4

You will then be prompted to edit the updated user’s details;

  • Full Name
  • What role they have (Admin or User)

5

Click “Save”

  • At this point you have the option to either “Cancel Edit” or “Save” the new details

6a

For option 1 “Direct Admin Control” : This process is now complete

6b

For option 2 : “Governance Vault  Validation”: This functionality is currently unavailable and will be introduced in a future update.

6

Once saved you will receive a notification confirming that the update was successful

Please Note - If you need to make edits for multiple users, you must individually select and update each user's details.

3.3c Deactivate a team member

Process Ref.

Process Step

1

On the web dashboard, click on "Settings"

2

Select the specific user you wish to deactivate from the list of active users

3

Once selected, click “Deactivate User” in the top right-hand side

4

You will then be prompted to confirm the deactivation. If you wish to proceed click “Deactivate”

Please note: deactivating this user's access is immediate. Please ensure to update their signing authority in relevant vaults beforehand.

5a

For option 1 :  “Direct Admin Control” : This process is now complete

5b

For option 2 : “Governance Vault  Validation”: The request will proceed to validation via MPC-TSS. See section 3.4 for additional steps.

6

Once saved you will receive a notification confirming that the deactivation was successful

Please Note - You can review the list of deactivated users by clicking on the “Deactivated” tab under the “My Team” section

Please Note - If multiple requests are necessary, you will need to add users individually, one by one

3.3d Revoke an invite

Process Ref.

Process Step

1

On the web dashboard, click on "Settings"

2

Navigate to the "Invites" subtab via the top of the screen

3

Select an invitee. Once selected, click “Revoke Invite” in the top right-hand side

4

You will then be prompted to confirm the action. Either confirm or cancel the action

5a

For option 1:  “Direct Admin Control” : This process is now complete

5b

For option 2: “Governance Vault  Validation” : This functionality is currently unavailable and will be introduced in a future update. 

6

Once saved you will receive a notification informing you that the revoking was successful

Please Note - Revoking an invite is not permanent. You can resend an invite to the same user even after revoking that specific user’s invite previously. 

3.4 Governance Vault Validation via MPC-TSS Technology

Process Ref.

Process Step

After clicking the appropriate button to add, deactivate a user, the request is forwarded to the registered signers for approval

2

Open the app on your registered signer

3

Select the pending transaction request you want to review

4

Review transaction details

5

Using the sliding bar, slide across the screen to approve the transaction

6

Successfully authenticate via FaceID

Please Note

The vault threshold must be reached by any combination of users with devices that have sufficient signing power to approve the transaction