SettleMint
User management

User onboarding

Understand how invited users, admin-created users, administrators, and investors complete DALP onboarding.

DALP onboarding links a platform account to the wallet, ONCHAINID, and verified status a user needs to hold or manage regulated assets. The path you follow depends on how the profile was created and whether the user holds assets, administers the platform, or both.

Choose the right onboarding path

User typeHow the account startsWhat the user completesBest next page
Invited userAn administrator sends an invitation.Password setup, invitation acceptance, wallet setup, ONCHAINID creation, and profile or KYC details.Invite users
Admin-created userAn administrator creates the account directly.Password reset before initial login. The account already has an automatically generated wallet and on-chain identity.Create users
First administratorThe first operator starts a new platform instance.Wallet, identity, system deployment, asset factories, and add-ons when needed.First administrator setup
Investor or asset holderThe user joins without system access-control roles.Identity progress, profile details, and KYC checks required by the operating model.Verify KYC

New user login page for first-time onboarding

Invited user onboarding

Invited users control their own password, wallet, ONCHAINID setup, and profile or KYC details. You can defer wallet verification and recovery-code configuration until the user initiates a protected wallet operation.

Receive the invite

The user receives an invite by email or direct sharing. It names the organization they are joining.

Set up the account

The user opens the link, enters the invited email address, and chooses a password. The email address must match the one the administrator used when sending it.

Accept the organization invite

The user reviews the tenant details and accepts the invite. This step confirms which tenant the account belongs to before continuing.

Create the wallet

The platform creates a blockchain wallet for the user and displays the address. The user cannot change this wallet address through account settings.

Attach the ONCHAINID

DALP creates or attaches the ONCHAINID during the invite workflow and links the identity contract to the user's wallet so trusted issuers can add verifications later.

Complete profile or KYC details

The user can add profile and KYC details during onboarding or complete them later, depending on the operating model.

Admin-created user onboarding

Admin-created users skip the invite wizard. The administrator creates the account, wallet, and on-chain identity before the user logs in.

Reset the initial password

The user opens the platform sign-in page and uses Forgot password for the email address the administrator created. The reset email lets the user set credentials before first login.

Review account security

After login, the user should review security settings and save any recovery information the operator provided. This path suits demos and passive holders because the wallet and identity are already set up.

Post-onboarding access

DALP routes each account after onboarding based on platform permissions and identity status. Those with administrator roles reach a different starting page than investors or passive holders.

Administrative users

Users with platform roles see the admin dashboard and the pages their permissions allow. If the user's identity is registered and the wallet holds assets, the home page can also show portfolio context before the admin tiles.

Grant administrator access only when the user needs to operate the platform, manage participants, configure compliance, deploy assets, or perform another privileged task.

Before an administrative user can start work, confirm:

  • The user joined the organization.
  • The wallet and identity exist.
  • You assigned the required platform role.
  • The user can reach the admin page needed for the task.

See Add administrators for role assignment.

Investors and asset holders

Investors use the investor-facing portal without platform administrator roles. You can invite or create the user as a member. Leave the account without system access-control roles unless the same person also operates the platform.

DALP displays the investor view when an account has no administrator role. The home page shows identity progress until the identity is registered. After that, the home page displays portfolio cards, allocation charts, performance charts, and next steps.

Before you let an investor receive restricted assets, confirm:

  • The user joined the organization.
  • The wallet and identity exist.
  • The profile and verification steps required by the operating model are complete.
  • The trusted-issuer claims required by the asset rules exist on the identity.

See Verify KYC for verification.

Wallet binding after onboarding

After onboarding, the wallet binds to the on-chain identity. Restricted asset flows verify that registered identity and its trusted-issuer claims, and block the holder from receiving or moving assets until those checks pass. A user cannot replace the registered wallet address through a normal profile edit.

If a wallet is lost or compromised, an Identity manager runs the recovery workflow. The flow previews the user's current status and balances and waits for explicit confirmation.

The recovery flow creates a replacement wallet path, links the replacement identity, and marks the lost wallet as replaced. It resets active sessions and verification methods. For EOAs with a paired smart wallet, both balances can be recovered. Review the user's holdings and confirm each step.

Use Recover a user's identity when wallet access cannot be restored. Use Verify KYC to issue the claims that let the recovered identity resume regulated activity.

Read advanced accounts wallet columns

When advanced accounts is enabled for the organization, DALP separates the user-list wallet view into two addresses:

ColumnWhat it means
Transaction walletThe address DALP uses as the execution wallet for routed platform operations.
Signing walletThe participant's EOA used for signing, access, and identity ownership.

When advanced accounts is not enabled, the Users table keeps the normal single wallet column. Use the split view to confirm which address will execute a routed operation and which EOA remains tied to the participant's key-management path. Role status can still show as pending while DALP is waiting for the transaction wallet to resolve.

Use these pages for more context:

Troubleshooting

IssueWhat to check
The invite link is invalid or expired.Ask an administrator to send a new invite and verify the email address matches the account used to sign up.
The email address already exists.Check whether the user already has an account or a previous invite. Use password reset when the account exists.
The user cannot create an ONCHAINID.Check that wallet setup is complete, system contracts are deployed, and the network has enough gas for the transaction.
The user has not set wallet verification.Ask the user to open account security or retry the protected wallet operation. DALP can prompt for wallet verification and recovery-code setup when signing is required.
The investor cannot receive a restricted asset.Check that the identity is registered and has the trusted-issuer claims required by the asset rules.

On this page