Prime

Add a New Onchain Signer

Prerequisites

To complete this you must have: 

  • A Onchain wallet with an existing Onchain signer with a valid Onchain key shard.

  • New Onchain signer needs to have:

    • access to Prime with a registered mobile Yubikey.

    • a mobile phone with the Prime Approvals mobile app installed.

    • biometrics must be enabled on your mobile device.

Onchain signers will hold a shard of the Onchain wallet’s key on their mobile device. They will use this to sign transactions after they reach consensus and can clone their shard for new Onchain Signers. 

Onchain Signer is an added permission on top of a designated user role, and only Administrators, Authorized Signatories, Approvers, Initiators and Full Traders can have this access. 

The steps below outline how to add additional Onchain Signers to your portfolio.

Administrator: Add the Onchain Signer permission for new signers 

  1. Log into Prime on your desktop/web browser.

  2. Open Settings by clicking the gear icon.

  3. Navigate to the Onchain Settings by clicking the Onchain planet icon.

  4. Click Add Onchain Signer.

  5. Designate the chosen user to have Onchain signer permissions.

    • The user must be a Authorized Signatory, Approver, Admin, Initiator or Full Trader

  6.  Approve this request through consensus.

New Onchain Signers & Device Recovery User: start the Enroll Device Request process

  1. In the Prime mobile app navigate to the Tasks tab.

  2. Open the Onchain Signer Device Enrollment activity.

  3. Click Complete Onchain Device Enrollment and Continue.

  4. Enable biometrics (Face ID). Note that biometrics must be enabled on the iphone to complete this step, which can be changed in your iphone Settings > Face ID & Passcode.

  5. Click Done.

  6. Click Request in the Request Access to the Onchain Private Key window.

Existing Onchain Signer: approve the Enroll Device Request

  1. In the Prime mobile app navigate to the Tasks tab.

  2. Open the Onchain Signer Device Enrollment activity. 

  3. Click Review Request and review the details.

  4. Click Approve & Sign and verify with Face ID to approve the new device.

New Onchain Signer & Device Recovery User: Open the app and approve activity

  1. In the Prime mobile app navigate to the Tasks tab.

  2. Accept the Onchain activity.

  3. Once accepted, the new Onchain Signer’s device will be enrolled and they can sign transactions.


After completing the device enrollment, the device will now hold a valid shard of the Onchain key.

Be aware that in the event you lose access to all key shards and your recovery passphrase, access to your wallet and any funds will be permanently lost.

Before removing an Onchain Signer, ensure that another Onchain Signer has access to their key shard and that you have access to the Recovery Passphrase.

An Administrator or Team Manager is required to remove the Onchain Signer permission for a user.

To remove a Onchain Signer’s access to a wallet, follow these steps:

  1. In Prime, go to Settings.

  2. Choose the Onchain tab and locate the user.

  3. Select the 3 vertical dots and click Remove Onchain Signer Role

  4. Verify with your YubiKey.

  5. Reach consensus to complete the Onchain Signer permission removal action.