Identity allow-list
Configure the DALP identity allow-list module so an asset accepts only the specific identities explicitly authorised by the compliance operator.
The identity allow-list compliance module restricts an asset to a specific set of authorised identities. Every regulated operation checks whether the involved identities are present on the asset's allow-list; the module rejects the operation if any participant is missing.
Use the allow-list when the holder base is small, explicitly approved, and managed case-by-case (private placements, club deals, investor-class lists).
For the architecture reference, see Identity lists.
Prerequisites
- The asset already exists (configure during creation) or you have the Asset administrator role on the deployed asset.
- Every prospective holder has a registered OnchainID in the identity registry.
- The approved holder list is signed off by your operating team. Each entry references the OnchainID address, not the wallet address.
Configure during asset creation
In the Asset Designer compliance step, pick the identity allow-list module. Add OnchainID addresses for the initial authorised holders. An empty allow-list rejects every transfer once the module is enabled, so populate the list before the asset goes live or before enabling the module.
Configure on an existing asset
From the asset detail workspace, open the compliance tab and enable the identity allow-list module. Add or remove OnchainID addresses through the list editor. The platform queues an on-chain transaction per change; multiple additions can usually batch into one transaction.
Operating considerations
- The allow-list checks the OnchainID, not the wallet. A holder with multiple wallets registered under the same OnchainID passes for all of those wallets.
- Adding an OnchainID to the allow-list does not give the wallet tokens; it only permits future operations involving that identity.
- Removing an OnchainID does not move existing tokens; coordinate forced transfer or burn through the asset operating runbook when removal must take effect on existing balances.
- Per-asset allow-lists are independent. Adding an OnchainID to one asset's list has no effect on other assets.
What stays external
Approval of new holders, periodic review of the authorised list, and the off-chain due-diligence that justifies adding or removing an OnchainID stay with your compliance team.
Troubleshooting
| What you see | What to check |
|---|---|
| Transfer rejected for an approved holder | Confirm the holder's wallet maps to a registered OnchainID and that OnchainID is on the allow-list. |
| New OnchainID added but the holder still cannot transact | Confirm the on-chain transaction that added the entry has confirmed; the allow-list edit is asynchronous. |
| All transfers blocked after enabling the module | The allow-list is empty. Add the authorised OnchainIDs and wait for the transaction to confirm. |
Read next
- Compliance overview
- Identity block-list for the inverse module.
- Identity lists architecture
Country restrictions
Configure DALP country allow-list and block-list compliance modules so an asset accepts holders only from approved jurisdictions or rejects sanctioned ones.
Identity block-list
Configure the DALP identity block-list module so an asset rejects specific identities for sanctions, fraud, or per-case compliance action.