# Recover a user's identity
Source: https://docs.settlemint.com/docs/user-guides/user-management/recover-user-identity
Use the console identity recovery workflow when a user loses access to the wallet linked to their identity.
Use identity recovery when a user loses access to the wallet linked to their on-chain identity. The console workflow checks whether the user can be recovered, shows the affected identity and token balances, then creates replacement wallet and identity records when an Identity manager confirms the recovery.
Identity recovery is for lost or compromised wallet access. It is not a general transfer tool, a custody service, or a replacement for KYC review.
## Before you start [#before-you-start]
You need:
* An administrator account with the Identity manager role.
* The user record for the person whose wallet access is lost.
* Enough operational evidence to confirm that recovery is the right action for that user.
Recovery links the user to a replacement identity path. Trusted issuers may still need to issue fresh claims for the
recovered identity before the user can pass compliance checks again.
## Recover the user [#recover-the-user]
### Open the user's security details [#open-the-users-security-details]
Go to the user's profile from the participants or user management area, then open the security section. The recovery action appears only for Identity managers and only when the selected user has a wallet.
### Start identity recovery [#start-identity-recovery]
Click **Recover identity**. DALP loads a recovery preview before it allows execution.
The preview shows the user, the wallet being recovered, the current identity status, token balances that may need recovery, and any blocking reasons.
### Resolve blockers before continuing [#resolve-blockers-before-continuing]
If the preview says the user cannot be recovered, stop and resolve the listed blocker. Move balances manually only when your operating procedure explicitly requires a different workflow.
### Review the impact summary [#review-the-impact-summary]
Confirm the impact before execution. The workflow can create a new wallet, create a replacement identity, revoke active sessions, reset MFA, and attempt token recovery for balances shown in the preview.
### Confirm and execute [#confirm-and-execute]
Enter the confirmation text shown in the dialog, then submit the recovery. After execution starts, the wizard locks forward progress and shows recovery phases instead of letting the operator navigate back into the decision steps.
### Wait for completion [#wait-for-completion]
Watch the progress list until the workflow completes, fails, or completes with token-level failures. Token recovery progress shows how many affected token balances have been recovered out of the total balances in scope.
## After recovery [#after-recovery]
Check the final summary before closing the dialog. It can show the replacement wallet, the replacement identity, and the number of recovered token balances.
If recovery completes with token-level failures, treat the identity recovery as partially successful. The user is linked to the replacement identity path, but the listed token balances still need operator follow-up. Common failure reasons include a paused token, missing custodian permissions, no recoverable tokens, an RPC error, or an unknown token recovery error.
Recheck the user's identity and claim state after the workflow completes. If the user needs KYC, accreditation, or other trusted-issuer claims, issue or request those claims on the recovered identity before the user resumes regulated activity.
## Related [#related]
* [Identity recovery API](/docs/developer-guides/api-integration/identity-recovery)
* [User onboarding](/docs/user-guides/user-management/user-onboarding)
* [Create users](/docs/user-guides/user-management/create-users)
* [Verify KYC](/docs/user-guides/compliance/verify-kyc)