{"templateId":"markdown","sharedDataIds":{"sidebar":"sidebar-products/wallet/sidebars.yaml"},"props":{"metadata":{"markdoc":{"tagList":["admonition"]},"type":"markdown"},"seo":{"title":"Manage users and roles","description":"User guides, API reference, and support resources.","siteUrl":"https://docs.ripple.com","lang":"en-US","llmstxt":{"hide":false,"sections":[{"title":"Table of contents","includeFiles":["**/*"],"excludeFiles":[]}],"excludeFiles":[]}},"dynamicMarkdocComponents":[],"compilationErrors":[],"ast":{"$$mdtype":"Tag","name":"article","attributes":{},"children":[{"$$mdtype":"Tag","name":"Heading","attributes":{"level":1,"id":"manage-users-and-roles","__idx":0},"children":["Manage users and roles"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["As an owner or administrator, you control who can access your Wallet-as-a-Service (Palisade) organization and what they can do. This guide covers the admin perspective on user management — when and why to use each action — and links to the ",{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/products/wallet/user-interface/users-and-roles/manage-users"},"children":["Manage users"]}," reference for step-by-step procedures."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["To access user management, go to ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Settings"]}," > ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["User management"]},"."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"understand-user-roles","__idx":1},"children":["Understand user roles"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Palisade provides six roles. Assign each user the role with the least privilege needed for their responsibilities. See ",{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/products/wallet/user-interface/users-and-roles/user-roles-and-permissions"},"children":["User roles and permissions"]}," for the full permission matrix."]},{"$$mdtype":"Tag","name":"div","attributes":{"className":"md-table-wrapper"},"children":[{"$$mdtype":"Tag","name":"table","attributes":{"className":"md"},"children":[{"$$mdtype":"Tag","name":"thead","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Role"},"children":["Role"]},{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Purpose"},"children":["Purpose"]},{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Typical team member"},"children":["Typical team member"]}]}]},{"$$mdtype":"Tag","name":"tbody","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Owner"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Full access, including organization-level settings"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["CTO, Head of Operations"]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Administrator"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Full access except organization-level settings"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Operations lead, security lead"]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Proposer"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Manage wallets, initiate transactions"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Treasury analyst, operations team"]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Approver"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Review and approve transactions, addresses, policies"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Compliance officer, senior manager"]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Viewer"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Read-only access"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Finance team, reporting"]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Auditor"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Read-only audit access"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Internal/external auditors"]}]}]}]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"user-lifecycle","__idx":2},"children":["User lifecycle"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["The table below summarizes every user management action, when to use it, and where to find the procedure."]},{"$$mdtype":"Tag","name":"div","attributes":{"className":"md-table-wrapper"},"children":[{"$$mdtype":"Tag","name":"table","attributes":{"className":"md"},"children":[{"$$mdtype":"Tag","name":"thead","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Action"},"children":["Action"]},{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"When to use"},"children":["When to use"]},{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Reversible?"},"children":["Reversible?"]},{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Reference"},"children":["Reference"]}]}]},{"$$mdtype":"Tag","name":"tbody","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Invite"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Onboard a new team member"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["No (invitation can't be unsent)"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/products/wallet/user-interface/users-and-roles/manage-users#invite-a-new-user"},"children":["Invite a new user"]}]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Edit profile"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Change a user's name or role"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Yes"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/products/wallet/user-interface/users-and-roles/manage-users#settings-edit-another-users-profile"},"children":["Edit another user's profile"]}]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Reset password"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["User loses access or you suspect password compromise"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Yes (user sets a new password)"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/products/wallet/user-interface/users-and-roles/manage-users#reset-password"},"children":["Reset password"]}]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Reset 2FA"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["User lost access to their authenticator app"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Yes (user re-enrolls)"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/products/wallet/user-interface/users-and-roles/manage-users#reset-2fa"},"children":["Reset 2FA"]}]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Block"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Revoke access immediately while preserving the account"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Yes (unblock restores access)"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/products/wallet/user-interface/users-and-roles/manage-users#block-user"},"children":["Block user"]}]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Unblock"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Restore a previously blocked user's access"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Yes"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/products/wallet/user-interface/users-and-roles/manage-users#block-user"},"children":["Block user"]}]}]}]}]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["To invite a user, select ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Invite a user"]}," on the User management page. To manage an existing user, you have two options:"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["From the user list"]},": open the ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Actions"]}," menu (three dots) in their row, which provides: ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Update"]},", ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Reset 2FA"]},", ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Reset password"]},", and ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Block user"]},"."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["From the user profile"]},": select a user's name to open their profile. The sidebar tabs — ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Personal details"]},", ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Roles"]},", ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Password reset"]},", ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["2FA"]},", ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["API credentials"]},", ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Devices"]},", and ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Control access"]}," — provide the same actions plus a ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Block access"]}," button on the Control access tab."]}]},{"$$mdtype":"Tag","name":"Admonition","attributes":{"type":"warning","name":"Authentication method is permanent"},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["You can't change a user's authentication method after the invitation is sent. If your organization uses SSO, configure it before inviting users. See ",{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/products/wallet/admin-guide/configure-sso"},"children":["Configure single sign-on"]},"."]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"governance-decisions","__idx":3},"children":["Governance decisions"]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"when-to-block","__idx":4},"children":["When to block"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Palisade doesn't support deleting active users — use blocking to revoke access while preserving the user's audit trail. You can delete users after approvers reject their invitation or creation approval."]},{"$$mdtype":"Tag","name":"div","attributes":{"className":"md-table-wrapper"},"children":[{"$$mdtype":"Tag","name":"table","attributes":{"className":"md"},"children":[{"$$mdtype":"Tag","name":"thead","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Scenario"},"children":["Scenario"]},{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Action"},"children":["Action"]},{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Why"},"children":["Why"]}]}]},{"$$mdtype":"Tag","name":"tbody","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Team member leaves the organization"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Block"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Preserves audit trail and prevents access."]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Suspected account compromise"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Block"]}," immediately"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Stops access while you investigate."]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Temporary leave or role change"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Block"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Restores access easily when the user returns."]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":["You created a user in error (never activated)"]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Block"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["The account remains but has no access."]}]}]}]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"credential-reset-security","__idx":5},"children":["Credential reset security"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Before resetting a user's password or 2FA, verify their identity through an out-of-band channel (phone call, in-person confirmation). Resetting credentials based on email requests alone creates a social engineering risk."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"minimum-admin-redundancy","__idx":6},"children":["Minimum admin redundancy"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Always maintain at least ",{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["2 owners or administrators"]},". If one admin loses access or leaves, you need another admin to reset credentials or manage the organization."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"access-review-checklist","__idx":7},"children":["Access review checklist"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Perform this review on a regular cadence (monthly or quarterly):"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"input","attributes":{"checked":false,"type":"checkbox","readOnly":true},"children":[]}," Every user has the minimum role required for their current responsibilities."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"input","attributes":{"checked":false,"type":"checkbox","readOnly":true},"children":[]}," No inactive users remain with active access (block them)."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"input","attributes":{"checked":false,"type":"checkbox","readOnly":true},"children":[]}," At least 2 owners or administrators are active."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"input","attributes":{"checked":false,"type":"checkbox","readOnly":true},"children":[]}," Users who changed teams or responsibilities have updated roles."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"input","attributes":{"checked":false,"type":"checkbox","readOnly":true},"children":[]}," You documented and justified all Owner and Administrator role assignments."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"input","attributes":{"checked":false,"type":"checkbox","readOnly":true},"children":[]}," You reviewed users whose devices you removed from quorums for continued access."]}]},{"$$mdtype":"Tag","name":"Admonition","attributes":{"type":"info","name":"Approval groups for user invitations"},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["You can require approval before new user invitations are sent. This prevents any single admin from unilaterally adding users to the organization. See ",{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/products/wallet/admin-guide/configure-approval-flows"},"children":["Configure approval flows"]},"."]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"related-guides","__idx":8},"children":["Related guides"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/products/wallet/user-interface/users-and-roles/user-roles-and-permissions"},"children":["User roles and permissions"]}," — Full permission matrix"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/products/wallet/user-interface/users-and-roles/manage-users"},"children":["Manage users"]}," — Step-by-step procedures"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/products/wallet/admin-guide/configure-sso"},"children":["Configure single sign-on"]}," — Set up SSO before inviting users"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/products/wallet/admin-guide/configure-approval-flows"},"children":["Configure approval flows"]}," — Require approval for new user invitations"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"MarkdownLink","attributes":{"href":"/products/wallet/admin-guide/configure-audit-logging"},"children":["Configure audit logging"]}," — Track user management actions"]}]}]},"headings":[{"value":"Manage users and roles","id":"manage-users-and-roles","depth":1},{"value":"Understand user roles","id":"understand-user-roles","depth":2},{"value":"User lifecycle","id":"user-lifecycle","depth":2},{"value":"Governance decisions","id":"governance-decisions","depth":2},{"value":"When to block","id":"when-to-block","depth":3},{"value":"Credential reset security","id":"credential-reset-security","depth":3},{"value":"Minimum admin redundancy","id":"minimum-admin-redundancy","depth":3},{"value":"Access review checklist","id":"access-review-checklist","depth":2},{"value":"Related guides","id":"related-guides","depth":2}],"frontmatter":{"title":"Manage users and roles","seo":{"title":"Manage users and roles"}},"lastModified":"2026-05-26T12:21:11.000Z","pagePropGetterError":{"message":"","name":""}},"slug":"/products/wallet/admin-guide/manage-users-and-roles","userData":{"isAuthenticated":false,"teams":["anonymous"]},"isPublic":true}