Skip to main content
You can remove users from your Porto organization or from specific vaults. Removing a user revokes their access to the account while preserving the audit trail of their previous activities.

Before removing a user

Before you remove someone, consider:
  • Pending approvals — Are they waiting to approve an operation? Get approvals completed first
  • Operations in progress — Are they in the middle of any operations? Let them finish
  • Off-boarding workflow — Use your organization’s standard off-boarding procedure
  • Reason documentation — Record why the user is being removed for compliance

Remove from organization

Removing a user from the organization revokes all their access immediately.
1

Open settings

From the home screen, tap Settings.
2

Select team or users

Go to Team, Users, or Participants.
3

Find the user

Tap the user you want to remove. You can search by name or email.
4

Tap remove

Select Remove user, Remove from organization, or Delete.
5

Confirm removal

You’ll be asked to confirm that you want to remove this user. Review their name and email to ensure it’s correct.
6

Provide reason (optional)

Some organizations allow or require you to note why the user is being removed (e.g., “Left company,” “Transferred to different team”).
7

Submit for approval (if required)

If your policies require it, submit the removal for administrator approval.
8

Biometric authentication

Complete Face ID or Touch ID to authorize the removal. This is a sensitive action.
User removal cannot be undone. Once removed, they lose all access and must be re-invited to regain access. Their historical activity remains in the audit trail permanently.

Remove from specific vault

If you want to keep a user in your organization but remove their access to a specific vault:
1

Open vault settings

Go to the vault and tap Settings.
2

Select users or team

Tap Users, Team, or Participants.
3

Find the user

Select the user you want to remove from this vault only.
4

Tap remove

Select Remove from vault, Revoke access, or Delete.
5

Confirm removal

Verify that you’re removing them from this specific vault (not the organization).
6

Submit for approval

Depending on your policies, this may require vault policy approval.
7

Biometric authentication

Complete Face ID or Touch ID to authorize.
The user retains access to all other vaults and the organization; they’re only removed from this specific vault.

After removal

When a user is removed: Immediate effects:
  • Their session is ended — they’re logged out of all devices
  • Their API keys or access tokens become invalid
  • They can no longer see vaults or assets
  • Pending approvals they hadn’t completed are cancelled
What persists:
  • All their historical activity remains in the audit trail
  • Past approvals they provided are recorded with their name
  • Transaction history shows their involvement
  • Compliance records remain intact
What they keep:
  • They can request a copy of their activity history if needed
  • Their historical transactions and approvals are unchangeable record

Removing admins

If you need to remove an admin user:
  • Ensure there’s another admin — You must always have at least one active admin
  • Transfer ownership — The admin may need to transfer vault ownership before removal
  • Get another admin’s approval — Removing an admin often requires approval from another admin
  • Off-boarding procedure — Your organization may have specific admin off-boarding steps
Contact your account manager if you need to remove your last remaining admin.

Removing yourself

If you accidentally remove yourself from an organization or vault:
  1. Contact another admin — An admin must re-invite you
  2. Provide your email — Give them the email associated with your Porto account
  3. Accept re-invitation — You’ll receive an invitation to rejoin; accept it
  4. Set up security — Re-enable biometric authentication and other security settings
If you’re the last admin and remove yourself, you’ve locked yourself out. Contact Porto support for recovery.

Reactivating a removed user

If you need to give someone access again after removal:
  1. Invite them again — Use the standard add participant or add user to vault process
  2. Assign role — Choose their role (Viewer, Operator, Initiator, Approver, Admin)
  3. Add to vaults — Select which vaults they should access
  4. Send invitation — They’ll receive a new invitation and must accept it
Their old activity remains in the audit trail even after re-invitation.

Compliance and audit trail

User removals are tracked for compliance: Recorded in audit trail:
  • When the user was removed
  • Who requested the removal
  • Who approved (if approval was required)
  • Any reason provided
  • Their final status before removal
For regulatory purposes:
  • All user access changes are logged
  • Removal dates are recorded per user
  • Historical approvals from removed users are timestamped
  • Activity remains auditable even after removal

Role change as alternative

Before removing a user, consider whether changing their role might be better: Role changes are reversible; removal is permanent.

Best practices for removing users

  • Follow off-boarding — Use your organization’s standard procedure
  • Coordinate timing — Remove access right at the end of their work day
  • Revoke credentials — If they had generated API keys, revoke those first
  • Notify security — Let your security team know when accounts are deactivated
  • Document reason — Keep records of why users were removed
  • Verify permissions — Confirm you have admin permissions before attempting removal
  • Check for pending work — Don’t remove someone mid-approval or mid-transaction