# Manage users and roles

As an owner or administrator, you control who can access your Wallet-as-a-Service (Palisade) organization and what they can do. This guide covers the admin perspective on user management — when and why to use each action — and links to the [Manage users](/products/wallet/user-interface/users-and-roles/manage-users) reference for step-by-step procedures.

To access user management, go to **Settings** > **User management**.

## Understand user roles

Palisade provides six roles. Assign each user the role with the least privilege needed for their responsibilities. See [User roles and permissions](/products/wallet/user-interface/users-and-roles/user-roles-and-permissions) for the full permission matrix.

| Role | Purpose | Typical team member |
|  --- | --- | --- |
| **Owner** | Full access, including organization-level settings | CTO, Head of Operations |
| **Administrator** | Full access except organization-level settings | Operations lead, security lead |
| **Proposer** | Manage wallets, initiate transactions | Treasury analyst, operations team |
| **Approver** | Review and approve transactions, addresses, policies | Compliance officer, senior manager |
| **Viewer** | Read-only access | Finance team, reporting |
| **Auditor** | Read-only audit access | Internal/external auditors |


## User lifecycle

The table below summarizes every user management action, when to use it, and where to find the procedure.

| Action | When to use | Reversible? | Reference |
|  --- | --- | --- | --- |
| **Invite** | Onboard a new team member | No (invitation can't be unsent) | [Invite a new user](/products/wallet/user-interface/users-and-roles/manage-users#invite-a-new-user) |
| **Edit profile** | Change a user's name or role | Yes | [Edit another user's profile](/products/wallet/user-interface/users-and-roles/manage-users#settings-edit-another-users-profile) |
| **Reset password** | User loses access or you suspect password compromise | Yes (user sets a new password) | [Reset password](/products/wallet/user-interface/users-and-roles/manage-users#reset-password) |
| **Reset 2FA** | User lost access to their authenticator app | Yes (user re-enrolls) | [Reset 2FA](/products/wallet/user-interface/users-and-roles/manage-users#reset-2fa) |
| **Block** | Revoke access immediately while preserving the account | Yes (unblock restores access) | [Block user](/products/wallet/user-interface/users-and-roles/manage-users#block-user) |
| **Unblock** | Restore a previously blocked user's access | Yes | [Block user](/products/wallet/user-interface/users-and-roles/manage-users#block-user) |


To invite a user, select **Invite a user** on the User management page. To manage an existing user, you have two options:

- **From the user list**: open the **Actions** menu (three dots) in their row, which provides: **Update**, **Reset 2FA**, **Reset password**, and **Block user**.
- **From the user profile**: select a user's name to open their profile. The sidebar tabs — **Personal details**, **Roles**, **Password reset**, **2FA**, **API credentials**, **Devices**, and **Control access** — provide the same actions plus a **Block access** button on the Control access tab.


Authentication method is permanent
You can't change a user's authentication method after the invitation is sent. If your organization uses SSO, configure it before inviting users. See [Configure single sign-on](/products/wallet/admin-guide/configure-sso).

## Governance decisions

### When to block

Palisade doesn't support deleting active users — use blocking to revoke access while preserving the user's audit trail. You can delete users after approvers reject their invitation or creation approval.

| Scenario | Action | Why |
|  --- | --- | --- |
| Team member leaves the organization | **Block** | Preserves audit trail and prevents access. |
| Suspected account compromise | **Block** immediately | Stops access while you investigate. |
| Temporary leave or role change | **Block** | Restores access easily when the user returns. |
| You created a user in error (never activated) | **Block** | The account remains but has no access. |


### Credential reset security

Before resetting a user's password or 2FA, verify their identity through an out-of-band channel (phone call, in-person confirmation). Resetting credentials based on email requests alone creates a social engineering risk.

### Minimum admin redundancy

Always maintain at least **2 owners or administrators**. If one admin loses access or leaves, you need another admin to reset credentials or manage the organization.

## Access review checklist

Perform this review on a regular cadence (monthly or quarterly):

- [ ] Every user has the minimum role required for their current responsibilities.
- [ ] No inactive users remain with active access (block them).
- [ ] At least 2 owners or administrators are active.
- [ ] Users who changed teams or responsibilities have updated roles.
- [ ] You documented and justified all Owner and Administrator role assignments.
- [ ] You reviewed users whose devices you removed from quorums for continued access.


Approval groups for user invitations
You can require approval before new user invitations are sent. This prevents any single admin from unilaterally adding users to the organization. See [Configure approval flows](/products/wallet/admin-guide/configure-approval-flows).

## Related guides

- [User roles and permissions](/products/wallet/user-interface/users-and-roles/user-roles-and-permissions) — Full permission matrix
- [Manage users](/products/wallet/user-interface/users-and-roles/manage-users) — Step-by-step procedures
- [Configure single sign-on](/products/wallet/admin-guide/configure-sso) — Set up SSO before inviting users
- [Configure approval flows](/products/wallet/admin-guide/configure-approval-flows) — Require approval for new user invitations
- [Configure audit logging](/products/wallet/admin-guide/configure-audit-logging) — Track user management actions