Skip to main content
Admin policies control who can make administrative changes to your organization — like adding or removing users, changing user roles, and modifying vault settings. By customizing your admin policy, you ensure critical changes require appropriate oversight.

What admin policy controls

Admin policies define approval requirements for:
  • User management — Adding, removing, or changing user roles
  • Organization settings — Changing organization name, contact info, etc.
  • Vault creation — Creating new vaults (may require approval)
  • Security settings — Enabling/disabling features, changing recovery options
  • Policy changes — Modifying other policies themselves
  • Trusted destinations/counterparties — Adding or removing pre-approved addresses
Not all operations require admin policy approval — see Admin policies for a complete list.

Access admin policy settings

1

Open settings

From the home screen, tap Settings.
2

Select policies or admin settings

Go to Policies, Admin policy, or Administration.
3

View current policy

You’ll see:
  • Current approval requirements
  • Who is designated as an approver
  • Any quorum or multi-signature requirements
  • When the policy was last modified
4

Tap edit or customize

Select Edit policy or Customize to make changes.

Customization options

Single approver requirement

Require one designated approver for admin changes:
  • Simplest model — One person (often the CEO or CFO) approves all admin changes
  • Speed — Approvals are fast
  • Risk — Less oversight if that person is unavailable or compromised

Multi-approver (quorum) requirement

Require multiple approvers, such as 2 of 3 administrators:
  • More oversight — Multiple people must approve critical changes
  • Security — Harder for unauthorized changes to occur
  • Slower — Takes longer to get approvals
  • Redundancy — If one approver is unavailable, others can still approve
Example: “2 of {CEO, CFO, Legal Officer}” or “All administrators must approve”

Role-based requirements

Different requirements based on the change type:
  • Minor changes — (e.g., updating contact info) may need 1 approver
  • User management — (adding/removing users) may need 2 approvers
  • Critical changes — (policy changes, security settings) may need all admins

Create or edit admin policy rules

1

Open admin policy

Go to Settings > Policies > Admin policy.
2

Tap add rule or create policy

Select Add rule or Create new policy.
3

Define the rule

Specify:
  • What action is this rule for? (user management, policy changes, vault creation, etc.)
  • Who can approve? (specific users, roles, or groups)
  • How many approvers are required? (1, 2, all, etc.)
  • Time window for approval (how long until request expires)
4

Set thresholds if applicable

For some operations, approval might depend on scope:
  • Adding 1 user = 1 approver
  • Adding 5+ users = 2 approvers
  • Or based on role change level
5

Save the rule

Tap Save or Create rule.
6

Submit policy for approval

Tap Submit policy or Save changes. Admin policy changes themselves may require approval.
7

Approve policy change

If required by current admin policy, the change must be approved before taking effect.

Admin policy templates

Your organization can choose from common templates:

Centralized (single approver)

  • Approver: CEO or designated administrator only
  • Use case: Small teams, startup, strong trust in leader
  • Approval time: Fast
  • Risk level: Medium (depends on that person’s availability and security)

Distributed (2 of 3 required)

  • Approvers: 3 administrators, any 2 can approve
  • Use case: Mid-size organizations wanting checks and balances
  • Approval time: Medium (faster than all-required, slower than single)
  • Risk level: Low (requires consensus among multiple people)

Consensus (all required)

  • Approvers: All administrators must approve
  • Use case: High-security orgs, joint custody, important decisions
  • Approval time: Slow (depends on everyone’s availability)
  • Risk level: Very low (highest oversight)

Role-based admin rules

You can set different rules by change type: Different changes can have different requirements based on sensitivity.

Designating approvers

To change who can approve admin changes:
1

Open admin policy

Go to Settings > Policies > Admin policy.
2

Select approvers

Select which users can approve (usually your admin team).
3

Set approval structure

Choose how many approvers are required (1, 2, all, etc.).
4

Save changes

Tap Save. Changes to admin policy itself may require approval.
All admins don’t automatically get approval power — you must explicitly designate them as approvers in your policy.

Approval timeouts

Admin policy changes require approval within a certain timeframe:
  • Typical timeout: 24-72 hours
  • Shorter timeout: Good for urgent situations (higher risk)
  • Longer timeout: Good for less urgent matters (gives people time to review)
If an admin policy change isn’t approved by the timeout, it expires and must be resubmitted.

Common admin policy scenarios

Scenario 1: Small team (3 people)
  • All are admins
  • Policy: “All 3 must approve” admin changes
  • Result: Highest security, slightly slower approvals
Scenario 2: Medium organization (10 people, 3 admins)
  • Only 3 designated admins
  • Policy: “2 of 3 admins must approve”
  • Result: Faster than consensus, still multiple eyes
Scenario 3: Large organization (100+ people, 5 admins)
  • 5 admins, some designated as “Super Admins”
  • Policy: “For user add/remove: 1 super admin + 1 regular admin. For policy changes: all super admins”
  • Result: Scalable, different levels of oversight
Scenario 4: Distributed/DAO structure
  • 7 members in a decentralized organization
  • Policy: “Any 4 of 7 members must approve admin changes”
  • Result: Democratic, distributed approval

Monitoring admin activities

Even though policy approvals control admin changes, you should still monitor:
  1. View audit log — See all admin changes and who approved them
  2. Review user access — Regularly verify who has access and their roles
  3. Check policy changes — Ensure policies haven’t been unexpectedly modified
  4. Monitor approvals — See who’s approving changes and when
This helps catch unauthorized or suspicious activities.

Emergencies and exceptions

If your admin policy prevents necessary changes (e.g., all approvers are unavailable):
  1. Contact Porto support — Explain the situation
  2. Provide verification — Porto may verify your identity or ownership
  3. Emergency override — In extreme cases, Porto may help with recovery
  4. Adjust policy afterward — Consider policy changes to avoid future emergencies
Note: Emergency overrides leave an audit trail and should be rare.

Best practices for admin policy

  • Require multiple approvers — Especially for sensitive changes
  • Separate roles — Different people should submit and approve changes
  • Document policy — Record why your policy is structured this way
  • Review regularly — Quarterly review of admin policy and approvals
  • Avoid single points of failure — Always have backup approvers
  • Test the flow — Make a low-risk change to ensure your policy works as expected
  • Communicate policy to admins — All admins should know the approval requirements