Before removing a user
Before you remove someone, consider:- Pending approvals — Are they waiting to approve an operation? Get approvals completed first
- Operations in progress — Are they in the middle of any operations? Let them finish
- Off-boarding workflow — Use your organization’s standard off-boarding procedure
- Reason documentation — Record why the user is being removed for compliance
Remove from organization
Removing a user from the organization revokes all their access immediately.1
Open settings
From the home screen, tap Settings.
2
Select team or users
Go to Team, Users, or Participants.
3
Find the user
Tap the user you want to remove. You can search by name or email.
4
Tap remove
Select Remove user, Remove from organization, or Delete.
5
Confirm removal
You’ll be asked to confirm that you want to remove this user. Review their name and email to ensure it’s correct.
6
Provide reason (optional)
Some organizations allow or require you to note why the user is being removed (e.g., “Left company,” “Transferred to different team”).
7
Submit for approval (if required)
If your policies require it, submit the removal for administrator approval.
8
Biometric authentication
Complete Face ID or Touch ID to authorize the removal. This is a sensitive action.
Remove from specific vault
If you want to keep a user in your organization but remove their access to a specific vault:1
Open vault settings
Go to the vault and tap Settings.
2
Select users or team
Tap Users, Team, or Participants.
3
Find the user
Select the user you want to remove from this vault only.
4
Tap remove
Select Remove from vault, Revoke access, or Delete.
5
Confirm removal
Verify that you’re removing them from this specific vault (not the organization).
6
Submit for approval
Depending on your policies, this may require vault policy approval.
7
Biometric authentication
Complete Face ID or Touch ID to authorize.
After removal
When a user is removed: Immediate effects:- Their session is ended — they’re logged out of all devices
- Their API keys or access tokens become invalid
- They can no longer see vaults or assets
- Pending approvals they hadn’t completed are cancelled
- All their historical activity remains in the audit trail
- Past approvals they provided are recorded with their name
- Transaction history shows their involvement
- Compliance records remain intact
- They can request a copy of their activity history if needed
- Their historical transactions and approvals are unchangeable record
Removing admins
If you need to remove an admin user:- Ensure there’s another admin — You must always have at least one active admin
- Transfer ownership — The admin may need to transfer vault ownership before removal
- Get another admin’s approval — Removing an admin often requires approval from another admin
- Off-boarding procedure — Your organization may have specific admin off-boarding steps
Removing yourself
If you accidentally remove yourself from an organization or vault:- Contact another admin — An admin must re-invite you
- Provide your email — Give them the email associated with your Porto account
- Accept re-invitation — You’ll receive an invitation to rejoin; accept it
- Set up security — Re-enable biometric authentication and other security settings
Reactivating a removed user
If you need to give someone access again after removal:- Invite them again — Use the standard add participant or add user to vault process
- Assign role — Choose their role (Viewer, Operator, Initiator, Approver, Admin)
- Add to vaults — Select which vaults they should access
- Send invitation — They’ll receive a new invitation and must accept it
Compliance and audit trail
User removals are tracked for compliance: Recorded in audit trail:- When the user was removed
- Who requested the removal
- Who approved (if approval was required)
- Any reason provided
- Their final status before removal
- All user access changes are logged
- Removal dates are recorded per user
- Historical approvals from removed users are timestamped
- Activity remains auditable even after removal
Role change as alternative
Before removing a user, consider whether changing their role might be better:
Role changes are reversible; removal is permanent.
Best practices for removing users
- Follow off-boarding — Use your organization’s standard procedure
- Coordinate timing — Remove access right at the end of their work day
- Revoke credentials — If they had generated API keys, revoke those first
- Notify security — Let your security team know when accounts are deactivated
- Document reason — Keep records of why users were removed
- Verify permissions — Confirm you have admin permissions before attempting removal
- Check for pending work — Don’t remove someone mid-approval or mid-transaction