User onboarding
Understand how invited users, admin-created users, administrators, and investors complete DALP onboarding.
DALP onboarding links a platform account to the wallet, ONCHAINID, and verified status a user needs to hold or manage regulated assets. The path you follow depends on how the profile was created and whether the user holds assets, administers the platform, or both.
Choose the right onboarding path
| User type | How the account starts | What the user completes | Best next page |
|---|---|---|---|
| Invited user | An administrator sends an invitation. | Password setup, invitation acceptance, wallet setup, ONCHAINID creation, and profile or KYC details. | Invite users |
| Admin-created user | An administrator creates the account directly. | Password reset before initial login. The account already has an automatically generated wallet and on-chain identity. | Create users |
| First administrator | The first operator starts a new platform instance. | Wallet, identity, system deployment, asset factories, and add-ons when needed. | First administrator setup |
| Investor or asset holder | The user joins without system access-control roles. | Identity progress, profile details, and KYC checks required by the operating model. | Verify KYC |

Invited user onboarding
Invited users control their own password, wallet, ONCHAINID setup, and profile or KYC details. You can defer wallet verification and recovery-code configuration until the user initiates a protected wallet operation.
Receive the invite
The user receives an invite by email or direct sharing. It names the organization they are joining.
Set up the account
The user opens the link, enters the invited email address, and chooses a password. The email address must match the one the administrator used when sending it.
Accept the organization invite
The user reviews the tenant details and accepts the invite. This step confirms which tenant the account belongs to before continuing.
Create the wallet
The platform creates a blockchain wallet for the user and displays the address. The user cannot change this wallet address through account settings.
Attach the ONCHAINID
DALP creates or attaches the ONCHAINID during the invite workflow and links the identity contract to the user's wallet so trusted issuers can add verifications later.
Complete profile or KYC details
The user can add profile and KYC details during onboarding or complete them later, depending on the operating model.
Admin-created user onboarding
Admin-created users skip the invite wizard. The administrator creates the account, wallet, and on-chain identity before the user logs in.
Reset the initial password
The user opens the platform sign-in page and uses Forgot password for the email address the administrator created. The reset email lets the user set credentials before first login.
Review account security
After login, the user should review security settings and save any recovery information the operator provided. This path suits demos and passive holders because the wallet and identity are already set up.
Post-onboarding access
DALP routes each account after onboarding based on platform permissions and identity status. Those with administrator roles reach a different starting page than investors or passive holders.
Administrative users
Users with platform roles see the admin dashboard and the pages their permissions allow. If the user's identity is registered and the wallet holds assets, the home page can also show portfolio context before the admin tiles.
Grant administrator access only when the user needs to operate the platform, manage participants, configure compliance, deploy assets, or perform another privileged task.
Before an administrative user can start work, confirm:
- The user joined the organization.
- The wallet and identity exist.
- You assigned the required platform role.
- The user can reach the admin page needed for the task.
See Add administrators for role assignment.
Investors and asset holders
Investors use the investor-facing portal without platform administrator roles. You can invite or create the user as a member. Leave the account without system access-control roles unless the same person also operates the platform.
DALP displays the investor view when an account has no administrator role. The home page shows identity progress until the identity is registered. After that, the home page displays portfolio cards, allocation charts, performance charts, and next steps.
Before you let an investor receive restricted assets, confirm:
- The user joined the organization.
- The wallet and identity exist.
- The profile and verification steps required by the operating model are complete.
- The trusted-issuer claims required by the asset rules exist on the identity.
See Verify KYC for verification.
Wallet binding after onboarding
After onboarding, the wallet binds to the on-chain identity. Restricted asset flows verify that registered identity and its trusted-issuer claims, and block the holder from receiving or moving assets until those checks pass. A user cannot replace the registered wallet address through a normal profile edit.
If a wallet is lost or compromised, an Identity manager runs the recovery workflow. The flow previews the user's current status and balances and waits for explicit confirmation.
The recovery flow creates a replacement wallet path, links the replacement identity, and marks the lost wallet as replaced. It resets active sessions and verification methods. For EOAs with a paired smart wallet, both balances can be recovered. Review the user's holdings and confirm each step.
Use Recover a user's identity when wallet access cannot be restored. Use Verify KYC to issue the claims that let the recovered identity resume regulated activity.
Read advanced accounts wallet columns
When advanced accounts is enabled for the organization, DALP separates the user-list wallet view into two addresses:
| Column | What it means |
|---|---|
| Transaction wallet | The address DALP uses as the execution wallet for routed platform operations. |
| Signing wallet | The participant's EOA used for signing, access, and identity ownership. |
When advanced accounts is not enabled, the Users table keeps the normal single wallet column. Use the split view to confirm which address will execute a routed operation and which EOA remains tied to the participant's key-management path. Role status can still show as pending while DALP is waiting for the transaction wallet to resolve.
Use these pages for more context:
- Advanced accounts control center explains the infrastructure setting behind this view.
- Advanced accounts concept explains the transaction-wallet and signing-wallet model.
Troubleshooting
| Issue | What to check |
|---|---|
| The invite link is invalid or expired. | Ask an administrator to send a new invite and verify the email address matches the account used to sign up. |
| The email address already exists. | Check whether the user already has an account or a previous invite. Use password reset when the account exists. |
| The user cannot create an ONCHAINID. | Check that wallet setup is complete, system contracts are deployed, and the network has enough gas for the transaction. |
| The user has not set wallet verification. | Ask the user to open account security or retry the protected wallet operation. DALP can prompt for wallet verification and recovery-code setup when signing is required. |
| The investor cannot receive a restricted asset. | Check that the identity is registered and has the trusted-issuer claims required by the asset rules. |
Related guides
- Invite users: invitation-based onboarding.
- Create users: direct account creation.
- Register user: identity registry registration after onboarding.
- Provide KYC data: profile and KYC submission.
- Recover a user's identity: lost or compromised wallet access.
- First administrator setup: platform initialization.
- Add administrators: role assignment.
The account onchain identity page
Read the Onchain identity page on your DALP account. Understand your onchain identity address, your on-chain registration status, and the verifications that let you transact under a compliance policy.
Recover a user's identity
Recover a user who lost wallet access, review the console preview, confirm recovery, and re-issue claims on the replacement identity.