What admin policy controls
Admin policies define approval requirements for:- User management — Adding, removing, or changing user roles
- Organization settings — Changing organization name, contact info, etc.
- Vault creation — Creating new vaults (may require approval)
- Security settings — Enabling/disabling features, changing recovery options
- Policy changes — Modifying other policies themselves
- Trusted destinations/counterparties — Adding or removing pre-approved addresses
Access admin policy settings
1
Open settings
From the home screen, tap Settings.
2
Select policies or admin settings
Go to Policies, Admin policy, or Administration.
3
View current policy
You’ll see:
- Current approval requirements
- Who is designated as an approver
- Any quorum or multi-signature requirements
- When the policy was last modified
4
Tap edit or customize
Select Edit policy or Customize to make changes.
Customization options
Single approver requirement
Require one designated approver for admin changes:- Simplest model — One person (often the CEO or CFO) approves all admin changes
- Speed — Approvals are fast
- Risk — Less oversight if that person is unavailable or compromised
Multi-approver (quorum) requirement
Require multiple approvers, such as 2 of 3 administrators:- More oversight — Multiple people must approve critical changes
- Security — Harder for unauthorized changes to occur
- Slower — Takes longer to get approvals
- Redundancy — If one approver is unavailable, others can still approve
Role-based requirements
Different requirements based on the change type:- Minor changes — (e.g., updating contact info) may need 1 approver
- User management — (adding/removing users) may need 2 approvers
- Critical changes — (policy changes, security settings) may need all admins
Create or edit admin policy rules
1
Open admin policy
Go to Settings > Policies > Admin policy.
2
Tap add rule or create policy
Select Add rule or Create new policy.
3
Define the rule
Specify:
- What action is this rule for? (user management, policy changes, vault creation, etc.)
- Who can approve? (specific users, roles, or groups)
- How many approvers are required? (1, 2, all, etc.)
- Time window for approval (how long until request expires)
4
Set thresholds if applicable
For some operations, approval might depend on scope:
- Adding 1 user = 1 approver
- Adding 5+ users = 2 approvers
- Or based on role change level
5
Save the rule
Tap Save or Create rule.
6
Submit policy for approval
Tap Submit policy or Save changes. Admin policy changes themselves may require approval.
7
Approve policy change
If required by current admin policy, the change must be approved before taking effect.
Admin policy templates
Your organization can choose from common templates:Centralized (single approver)
- Approver: CEO or designated administrator only
- Use case: Small teams, startup, strong trust in leader
- Approval time: Fast
- Risk level: Medium (depends on that person’s availability and security)
Distributed (2 of 3 required)
- Approvers: 3 administrators, any 2 can approve
- Use case: Mid-size organizations wanting checks and balances
- Approval time: Medium (faster than all-required, slower than single)
- Risk level: Low (requires consensus among multiple people)
Consensus (all required)
- Approvers: All administrators must approve
- Use case: High-security orgs, joint custody, important decisions
- Approval time: Slow (depends on everyone’s availability)
- Risk level: Very low (highest oversight)
Role-based admin rules
You can set different rules by change type:
Different changes can have different requirements based on sensitivity.
Designating approvers
To change who can approve admin changes:1
Open admin policy
Go to Settings > Policies > Admin policy.
2
Select approvers
Select which users can approve (usually your admin team).
3
Set approval structure
Choose how many approvers are required (1, 2, all, etc.).
4
Save changes
Tap Save. Changes to admin policy itself may require approval.
Approval timeouts
Admin policy changes require approval within a certain timeframe:- Typical timeout: 24-72 hours
- Shorter timeout: Good for urgent situations (higher risk)
- Longer timeout: Good for less urgent matters (gives people time to review)
Common admin policy scenarios
Scenario 1: Small team (3 people)- All are admins
- Policy: “All 3 must approve” admin changes
- Result: Highest security, slightly slower approvals
- Only 3 designated admins
- Policy: “2 of 3 admins must approve”
- Result: Faster than consensus, still multiple eyes
- 5 admins, some designated as “Super Admins”
- Policy: “For user add/remove: 1 super admin + 1 regular admin. For policy changes: all super admins”
- Result: Scalable, different levels of oversight
- 7 members in a decentralized organization
- Policy: “Any 4 of 7 members must approve admin changes”
- Result: Democratic, distributed approval
Monitoring admin activities
Even though policy approvals control admin changes, you should still monitor:- View audit log — See all admin changes and who approved them
- Review user access — Regularly verify who has access and their roles
- Check policy changes — Ensure policies haven’t been unexpectedly modified
- Monitor approvals — See who’s approving changes and when
Emergencies and exceptions
If your admin policy prevents necessary changes (e.g., all approvers are unavailable):- Contact Porto support — Explain the situation
- Provide verification — Porto may verify your identity or ownership
- Emergency override — In extreme cases, Porto may help with recovery
- Adjust policy afterward — Consider policy changes to avoid future emergencies
Best practices for admin policy
- Require multiple approvers — Especially for sensitive changes
- Separate roles — Different people should submit and approve changes
- Document policy — Record why your policy is structured this way
- Review regularly — Quarterly review of admin policy and approvals
- Avoid single points of failure — Always have backup approvers
- Test the flow — Make a low-risk change to ensure your policy works as expected
- Communicate policy to admins — All admins should know the approval requirements