# Configure devices and quorums

Wallet-as-a-Service (Palisade) uses Multi-Party Computation (MPC) to protect wallet private keys. Instead of storing a complete key in one place, MPC splits the key into shards distributed across multiple devices. To sign a transaction, a minimum number of those devices must participate.

Before you can create a wallet, you must:

1. Add and pair at least 2 devices.
2. Create an MPC quorum from those devices.


HSM wallets in sandbox
Sandbox environments also support HSM-based wallets, which don't require devices or quorums. If you want to skip this step and test basic platform features in sandbox first, you can select HSM when you [create your first wallet](/products/wallet/getting-started/create-your-first-wallet). For production, MPC is required.

## Understand device types

Wallet-as-a-Service (Palisade) supports two types of signing device. You can use either type or a mix of both.

|  | Mobile (Palisade Mobile) | CloudSign |
|  --- | --- | --- |
| **How it signs** | Manual — you review and approve each transaction on your phone | Automatic — signs programmatically without manual review |
| **Best for** | Low-volume wallets that need human oversight per transaction | High-volume or API-driven wallets that need fast throughput |
| **Can approve transactions?** | Yes | No (signing only) |
| **Platform** | iOS (Android coming soon) | Any cloud instance (AWS, GCP, Azure, on-premises) |


See [Types of devices](/products/wallet/user-interface/devices/types-of-devices) for a full comparison.

Recommendation for sandbox
For sandbox testing, a CloudSign-only quorum is the fastest path to your first transaction. You can set up mobile devices later when you move to production.

## Step 1: Add devices

Add at least 2 devices to your organization. You can mix mobile and CloudSign devices.

Internal and External devices
The Devices page has two tabs: **Internal** for devices owned by your organization, and **External** for devices shared with you by other organizations.

1. Navigate to the **Devices** section in the Wallet-as-a-Service (Palisade) console.
2. Click **Add new device**.
3. Select the device type (**Mobile** or **Cloud**).
4. In the **Name this device** field, enter a name that identifies the device (for example, "CFO Mobile" or "CloudSign Node 1").
5. Click **Save and continue**.
6. Repeat until you have at least 2 devices.


## Step 2: Pair each device

New devices start in an **Unpaired** state. You must pair each device before it can join a quorum.

### Pair a mobile device

1. After you add the mobile device, the console displays a QR code.
2. Open the Wallet-as-a-Service (Palisade) Mobile app on your phone.
3. Scan the QR code.
4. The device status changes to **Waiting for approval**.
5. An admin approves the device pairing in the console.
6. The device status changes to **Paired**.


Sandbox mobile app
If you want to test with mobile devices in sandbox, contact the Wallet-as-a-Service (Palisade) team to receive a sandbox version of the app.

### Pair a CloudSign device

1. After you add the CloudSign device, the console displays a **pairing key**.
2. Copy the pairing key.
3. [Set up and run your CloudSign node](/products/wallet/user-interface/devices/set-up-and-run-cloudsign) and enter the pairing key when prompted.
4. The device status changes to **Waiting for approval**.
5. An admin approves the device pairing in the console.
6. The device status changes to **Paired**.


Complete all pairings before proceeding
You need at least 2 fully paired devices to create a quorum. Make sure all devices show a **Paired** status before you continue to Step 3.

## Step 3: Create an MPC quorum

An MPC quorum defines which devices hold key shards and how many must participate to sign a transaction.

1. Navigate to **Controls** > **MPC Quorums**.
2. Click **Create quorum**.
3. Select the quorum type:
  - **Mobile** — all devices are mobile.
  - **Cloud** — all devices are CloudSign.
4. Enter a name and description for the quorum.
5. (Optional) Configure a **Backup and recovery kit** strategy.
6. Under **Key shard holders**, select at least 2 paired devices.
7. Set the **minimum number of required signatories**.


Avoid requiring all devices to sign
Always set the minimum signatories to at least one fewer than the total number of devices. If you require all devices (for example, 2 of 2), losing or decommissioning a single device means you permanently lose the ability to sign transactions from wallets using that quorum. For example, if your quorum has 3 devices, set the minimum to 2. This gives you fault tolerance — you can still sign even if one device is unavailable, lost, or compromised.

1. Click **Create**.
2. Review the quorum details and click **Create quorum** to confirm.
3. Each device in the quorum receives a notification to approve. All devices must approve within 60 minutes.
4. After all devices approve, the quorum status changes to **Confirmed**.


60-minute approval window
If any device rejects the notification or the 60-minute window expires, the quorum is not created and you must start over. Coordinate with all device owners before you create the quorum so they're ready to approve promptly.

## Common quorum configurations

### CloudSign-only (recommended for high-volume wallets)

Use 3 or more CloudSign devices. Transactions sign automatically within seconds. Pair this configuration with [approval groups](/products/wallet/user-interface/security-controls/approvals) to add human oversight without slowing down signing.

### Mobile-only (recommended for high-value wallets)

Use 3 or more mobile devices. Every transaction requires manual review and approval on each signer's phone. This provides maximum oversight but limits throughput.

Signing timeout
Mobile devices must sign within 5 minutes of receiving a transaction notification. If too few devices respond in time, the transaction fails.

See [MPC quorums](/products/wallet/user-interface/security-controls/mpc-quorums) for advanced configuration, [key resharing](/products/wallet/user-interface/security-controls/key-resharing), and [key restructuring](/products/wallet/user-interface/security-controls/key-restructuring).

## Next step

Create a vault to organize your wallets:

- [Create your first vault](/products/wallet/getting-started/create-your-first-vault)