# Welcome Welcome to the Ledger Enterprise documentation home! Ledger Enterprise is a custody platform that helps businesses and financial institutions safely store, manage, and transfer digital assets. We provide world leading secure hardware and software solutions to protect your crypto from hacks and unauthorized access, while enabling teams to operate efficiently at scale. This site is designed for administrators, operators and developers who want to setup, use and integrate with Ledger Enterprises world leading products. Below, you'll find links to our Help Centre (for day to day users) and our API Tutorials and Documentation (for developers). Version 1 API Documentation is for our current API users who are looking to automate their custody and collateral management workflows. While these flows are incredibly robust, we have also begun to build out Version 2 API's and the associated documentation. This is in response to requests for more complex and performant automation requirements from some of our clients, while maintaining the highest level of security possible. ### Jump right in
Help CenterFor Admins and Operators/files/CpW3cVp50BW5ZolZF9EL/pages/CyH2xJQs9yWJ1S8BYNav
API Documentation V1For all current API users/files/nawiM8pcD9Y97m8GcImp/pages/7aUFmnCMx9m4smGncsXL
API Documentation V2A look to what we're thinking about in the future/files/qv6DUs1OvTzCG20O3Qud/pages/JjjojIyKxaiBPzzLwvtg
Contact SupportRaise a Ledger Enterprise Service Desk request/files/884QCAKhYsqnDcRvIrNh
# Welcome to the Help Center ## Overview Welcome to the Ledger Enterprise Help Center, your dedicated resource for effectively managing and operating your Ledger Enterprise solutions. This comprehensive documentation is specifically designed for **administrators and operators** responsible for the day-to-day management, configuration and operation of your Ledger Enterprise platform. Here, you will find detailed guides, step-by-step instructions, and best practices to ensure the smooth and secure operation of your digital asset infrastructure. Whether you are onboarding new users, managing device deployments, setting up accounts and governance or sending and receiving funds, this Help Center provides the essential information you need to confidently administer and operate your Ledger Enterprise environment. ## Get Started We've put together some helpful guides for you to get setup with our product quickly and easily. {% content-ref url="/pages/X7cMNvNIQ2QFzbyGSVtX" %} [Getting set up](/help-center/fundamentals/getting-set-up) {% endcontent-ref %} {% content-ref url="/pages/HovJzcD07eiHXcs02kCl" %} [For Operators](/help-center/fundamentals/getting-set-up/for-operators) {% endcontent-ref %} {% content-ref url="/pages/wH62GV52W290it1XaD4K" %} [For Administrators](/help-center/fundamentals/getting-set-up/for-administrators) {% endcontent-ref %} # Getting set up This page describes the process of onboarding for Ledger Enterprise clients. ## Quick Start Guides Once you have gone through the process of onboarding, you can follow the steps outlined in the following sections to be fully up and running on the Ledger Enterprise workspace. {% content-ref url="/pages/8YMy2ux3y5cBoLvlXFWc" %} [Sign in and out](/help-center/fundamentals/getting-set-up/sign-in-and-out) {% endcontent-ref %} {% content-ref url="/pages/wH62GV52W290it1XaD4K" %} [For Administrators](/help-center/fundamentals/getting-set-up/for-administrators) {% endcontent-ref %} {% content-ref url="/pages/HovJzcD07eiHXcs02kCl" %} [For Operators](/help-center/fundamentals/getting-set-up/for-operators) {% endcontent-ref %} # Sign in and out Sign into your workspace with your Personal Security Device {% hint style="info" %} Make sure that your Personal Security Device (Ledger Stax) is connected to your computer before trying to sign in. {% endhint %} #### **Sign In** 1. Go to [https://portal.enterprise.ledger.com/](https://vault.ledger.com/). 2. Click `Sign in` . 3. Review the information that appears on your Personal Security Device and then tap **Confirm.** 4. You should now be signed in. #### **Sign Out** Click the button in the bottom left hand corner next to your name and role. # For Administrators {% hint style="success" %} **This page is only for Ledger Enterprise users that have administrator access. Please navigate to the** [**For Operators**](/help-center/fundamentals/getting-set-up/for-operators) **page if you are an Operator.** {% endhint %} An administrator in the Ledger Enterprise platform is responsible for setting up and managing the system. They handle crucial tasks such adding and removing users, configuring groups and whitelists and establishing governance rules. See below how to begin configuring your Vault. #### Step 1: Invite Operators Operators are the daily users of the Ledger Enterprise platform. They can be either within your organisation, or a client of yours that is operating on your workspace. Getting them setup is the first step in getting your workspace operational. 1. Send a Personal Security Device (PSD) to the relevant Operators. The current Personal Security Device is a Ledger Stax. Work with your dedicated Technical Account Manager to get a supply of these that are relevant to your requirements. 2. Ask Operators to: 1. Initialize their PSD 2. Retrieve the User ID displayed on their Vault app dashboard and send it to you using your organization's preferred communication channel (as seen below).
3. Invite users to your workspace using the User ID and send the invitation URL to the Operator using your organization's preferred communication channel. 4. Ask the Operator to connect to the URL and [Register on the workspace](/help-center/core/users/register-on-ledger-enterprise) using their device. 5. Once the operator has registered, a request will be automatically created. The necessary number of users will be defined by your organisations Admin Rule. They will have to approve this request and then the user will be created. #### Step 2: Create groups (optional) Consider using groups to gather Operators together and easily assign them to an account. For example, you might want to have a group of Operators working in the same location or who have the same level of responsibility. * In your workspace, create a [group](https://help.vault.ledger.com/help-center/core/workspace-administration/groups) in the groups section of the dashboard. * A *Create group* request is created and must be approved by Administrators. * Once the request is approved you can start using the group in accounts[. See Approve or reject a request](https://help.vault.ledger.com/help-center/core/managing-requests/approve-or-reject-a-request). #### Step 3: Create Whitelists (optional) Consider creating whitelists to organize public addresses into lists that you can then assign to specific accounts. By doing so, you allow Operators in these accounts to send funds to these addresses only. * In your workspace, Create a [whitelist](https://help.vault.ledger.com/help-center/core/workspace-administration/whitelists/create-a-whitelist) . * A *Create Whitelist* request is created and submitted for approval to Administrators. * Once the request is approved you can start using this whitelist in accounts. See Approve or reject a request . #### Step 4: Create Accounts * Navigate to the accounts page from the dashboard and [Create an account](https://help.vault.ledger.com/help-center/core/workspace-administration/accounts/create-an-account). * A *Create account* request is submitted for approval to Administrators. [See Approve or reject a request](https://help.vault.ledger.com/help-center/core/managing-requests/approve-or-reject-a-request). * Once the request is approved the account is active and ready to be used. * Generate a receiving address for the account and transfer funds. #### Step 5: Keep track of requests Any requests created in your workspace can be tracked from either the dashboard or the [**Requests**](https://help.vault.ledger.com/help-center/core/managing-requests) page. # For Operators {% hint style="success" %} **This page is only for Ledger Enterprise users that have Operator access. Please navigate to the** [**For Administrators**](/help-center/fundamentals/getting-set-up/for-administrators) **page if you are an Operator.** {% endhint %} An Ledger Enterprise operator is responsible for completing actions on the system. They handle tasks such as creating and approving transactions. See below how to begin configuring your workspace. #### Step 1: Accounts * Get started by going to the Accounts page to find out which accounts you've been granted access to. * Open each account and go to the *Rules* tab to find out if you can create and/or approve transactions in the account. Note that if you belong to a group, only the group name is displayed. #### Step 2: Generate a receiving address If your accounts are empty, click Receive in the left panel to Generate a receiving address for each of them and transfer funds. #### Step 3: Create your first transaction request * You can create transaction requests in accounts in which you have been added to the transaction creator step of the transaction rules. * Depending on how the account has been configured by Administrators, you might encounter restrictions to the amount you can send and/or receive. * To find out how transaction rules are configured in an account, go to Accounts > Account dashboard > Rules tab. * Finally, once the request is created, it must be approved by Operators selected in the approval workflow of this rule. #### Step 4: Keep track of transaction requests Once you've created a transaction request, you can follow its status from the Operations page. # Supported Networks ## Mainnets
NetworkSend & ReceiveStakingToken(s)
Arbitrum (ETH)Direct Access-Direct Access
Avalanche C-Chain (AVAX)Direct Access-Direct Access
Base (ETH)Direct Access-Direct Access
Binance Smart Chain (BNB)Full Access-Direct Access
Bitcoin (BTC)*****Full Access--
Bitcoin Cash (BCH)***Full Access--
Bitcoin Gold (BTC)Full Access--
BitLayer (BTC)Direct Access--
Cardano (ADA)*Full AccessFull Access*-
Celo (CELO)Direct Access-Direct Access
Cronos (CRO)Direct Access-Direct Access
Dash (DASH)Full Access--
Digibyte (DGB)Full Access--
Dogecoin (DOGE)Full Access--
Ethereum (ETH)Full AccessFull AccessFull Access
Ethereum Classic (ETC)Direct Access-Direct Access
Fantom (FTM)Direct Access-Direct Access
Flare (FLR)Direct Access-Direct Access
HyperEVM (HYPE)Direct Access--
Kava (KAVA)Direct Access-Direct Access
Klatyn (KLAY)Direct Access-Direct Access
Litecoin (LTC)Full Access--
Mantle (MNT)Direct Access-Direct Access
Monad (MON)Direct Access-Direct Access
Optimism (ETH)Direct Access-Direct Access
Polkadot (DOT)Full AccessFull Access
Polygon (POL)Full AccessFull AccessFull Access
Ripple (XRP)Full Access--
Sei (SEI)Direct Acces--
Shape (ETH)Direct Access--
Solana (SOL)**Full AccessFull Access-
Somnia (SOMI)Direct Access--
Sonic (S)Direct Access-Direct Access
Stellar (XLM)Full Access--
Story (IP)Direct Access--
Tezos (XTZ)****Full AccessFull Access-
Tron (TRX)******Full Access-Full Access
Viction (VIC)Direct Access-Direct Access
0g (0G) - zero gravityDirect Access-Direct Access
{% content-ref url="/pages/HKSTIp7Ph9gy7xEsd1e5" %} [Direct Access EVM Accounts](/help-center/core/workspace-administration/accounts/direct-access-evm-accounts) {% endcontent-ref %} \* Only Shelley addresses are supported for ADA by the Vault, Byron addresses are not supported. \*\* Only Ed25519 addresses are supported for Solana by the Vault. Program Derived Addresses (PDAs) are not supported. \*\*\* BCH addresses in CashAddr format are not supported. Recipient addresses must be in Legacy Format (P2PKH / P2SH). \*\*\*\* Ledger Vault supports all Tezos addresses. The addresses generated from the Vault are only in TZ2 format. \*\*\*\*\*\* You need to send at least 1 TRX to the Tron parent account to activate the children account, otherwise the balance of the child account will not be updated. ## Testnets
NetworkSend & ReceiveStakingToken(s)
Ethereum Hoodi (ETH)Full Access--
Ethereum Sepolia (sETH)Full Access--
Polygon Amoy (POL)Direct Access-
## Supported DApps
dApp*Description
Wallet ConnectWidely adopted protocol to connect to decentralized applications.
Velora swap
(ex Paraswap)		DEX aggregator to swap crypto assets.
Figment
ETH staking		Third-party staking service to stake ETH.
Lido
ETH liquid staking		Third-party staking service to stake ETH on the Ethereum 2.0 network (aka Beacon Chain).
\*Accessible from our dApps page. Additional partnerships include: * **Figment**: Supports staking of SOL, ADA and DOT directly from the account interface, and POL connecting via wallet connect to Polygon Staking Application. * **Kiln**: Supports staking of SOL, ADA and XTZ directly from the account interface, and POL connecting via wallet connect to Polygon Staking Application. * **GlobalStake**: Supports staking of SOL, ADA directly from the account interface * **Luganodes**: Supports staking of SOL directly from the account interface # What's new Learn about the latest features and enhancements.
August 2025 - Ledger Enterprise mobile app and API Admin ### August 2025 - Version 5.11.0 **This is a big month for Ledger Enterprise with two long-awaited features:** 1. **The Ledger Enterprise mobile application -** Designed exclusively for our institutional clients, this app brings the full security and control of the Ledger Enterprise platform to your iPhone. You no longer need to be at your desktop to manage critical operations. By pairing the app with your Ledger Stax device via Bluetooth, you can approve on the go, get notifications, and clear-sign requests. The app also supports biometric authentication (Face ID or Touch ID) for an extra layer of privacy. [Download on the App Store](https://apps.apple.com/us/app/ledger-enterprise/id6741520898). 2. [**API Admin**](/help-center/core/workspace-administration/admin-rule/api-administrator-rules) **-** You can now programmatically create new crypto accounts and instantly assign them to a pre-defined governance Policy. This is perfect for securely scaling your operations with greater efficiency.
July 2025 - Tron, SPL and Multicurrency Policies ### July 2025 - Version 5.10.0 We have added three new features this month to continue to bring the most important features to our clients: 1. **Tron -** We have added native Tron support across Ledger Enterprise. Clients can now safely custody their Tron based assets on the Ledger Enterprise platform. Please speak to your relevant technical account manager to have this functionality enabled. 2. [**SPL Tokens**](/help-center/core/workspace-administration/accounts/solana-spl-token-account) **-** We have also added native SPL support across Ledger Enterprise. Clients can now safely custody their SPL tokens on the Ledger Enterprise platform. Please speak to your relevant technical account manager to have this functionality enabled. 3. [**Multicurrency Policies** ](/help-center/core/workspace-administration/policies)- We have just launched an enhancement to our account policy feature which allows clients to create a currency agnostic policy, meaning you can apply the same rules to multiple accounts across multiple networks, significantly speeding up the time it takes to create multiple accounts.
June 2025 - Tradelink Updates ### June 2025 - Version 5.9.0 **We added some updates to our Tradelink experience to make it smoother and more self serve:** 1. Self Onboarding - Clients can now self onboard certain objects on Tradelink without needing to rely on Ledger Account Managers 2. RBN Support - Tradelink now supports replace by nonce for stuck settlements. 3. Settlement Recovery - Liquidity Providers can now cancel or retry stcuk settlements without Ledger's involvement. 4. Pledge Data - Pledge data is now visible to all relevant custodian accounts, not just asset manager accounts.
May 2025 - Cardano Vote Delegation ### May 2025 - Version 5.8.0 **Cardano Vote Delegation** Following a recent hard fork, Cardano now requires staking participants to submit a transaction to designate who can vote on governance proposals. You can now complete this voting delegation directly from Ledger Vault — and continue to earn your delegation rewards! **Support for** [**Bridged USD Coin (Linea)**](https://www.coingecko.com/en/coins/bridged-usd-coin-linea) The Linea token can now be sent & received on Ledger Vault.
April 2025 - Tradelink edit Liquidity Provider and Asset Manager, Asset Manager pre-approval ### April 2025 - Version 5.7.0 #### Tradelink Edit Liquidity Provider and Asset Manager Tradelink users can now edit their exchange and Asset Manager objects from the Tradelink Dashboard. This means that Tradelink networks are much easier to scale for Custodians. #### Asset Manager Pre-Approval We’ve also added an extra governance rule to our collateral account flow. Now, you can toggle on the ability for an Asset Manager to be a part of the approval quorum when a Settlement needs to be approved. This can be done on a per exchange basis.
March 2025 - Tradelink edit Collateral account, Raw Signing public key (XPUB) ### March 2025 - Version 5.6.0 #### Tradelink - Edit Collateral Account Collateral accounts can now be edited at any time after creation. You can now add or remove exchanges or liquidity providers, change the automatic repledge rule and enable settlement pre-approval at any time. #### Where to find your extended public key (XPUB) You can now find your extended public key in Raw Signing accounts! Once a Raw Signing account has been created, an administrator can navigate to the account in the Vault UI, click on the **Receive button** the XPUB will be revealed.
February 2025 - Tradelink Automatic Repledge ### February 2025 - Version 5.5.0 #### Tradelink Automatic Repledge Tradelink users now have access to our new Automatic Repledge feature. This allows Asset Managers and Exchanges to configure Settlements in a way that means any profits moving from the Exchange to the Asset Manager are automatically added to the existing pledge between these two parties. This helps to increase trading efficiency, allowing both Asset Managers and Exchanges to focus on trading, not the manual operations surrounding trading. Find more information here.
January 2025 - BASE support ### January 2025 - Version 5.4.0 #### BASE support We are excited to announce the addition of support for BASE Mainnet to the Ledger Vault. This new feature will allow clients to store and manage their BASE assets securely on the Ledger Enterprise Vault. BASE is a layer-2 scaling solution for Ethereum that offers faster transaction speeds and lower fees. With the addition of BASE support, the Ledger Vault continues in its endeavour to offer clients the widest range of assets possible.
December 2024 - EIP 1559, Tradelink Settlement, Withdrawal ### December 2024 - Version 5.4.0 #### EIP-1559 We're excited to announce support for EIP-1559 transactions on the Ethereum network. This enhancement allows for more predictable transaction fees through an improved gas fee mechanism. With EIP-1559 support, your transactions can now include both a base fee and priority fee, helping to reduce overpayment and providing better fee estimation. This update streamlines the transaction process by automatically adjusting gas fees based on network demand, potentially leading to cost savings and faster confirmation times. You can now take advantage of this feature directly through your Vault workspace when sending Ethereum transactions. *** #### Tradelink Settlement and Withdrawal flows *Settlement UI* is creating a distinct Settlement approval flow for Asset Manager and Custodians when an exchange initiates a settlement. Traditionally, this looked like a regular transaction flow which could be quite confusing for these users when they were expecting a settlement. *Withdrawal* is simply changing the nomenclature of transaction flows in collateral accounts so that it more closely aligns with nomenclature in trading institutions (from Send and Receive to Withdraw and Deposit).
November 2024 - Replace by Fee ### November 2024 - Version 5.2.0 #### Replace by Fee Ledger Enterprise users (operators) now have access to Replace by Fee (RBF) on the Bitcoin Network. RBF is a feature that lets you manage your Bitcoin transactions more efficiently. With RBF, you can replace an unconfirmed transaction in the Bitcoin mempool with a new transaction that includes a higher fee. This incentivizes miners to prioritize and confirm your transaction faster, especially during times of network congestion. **How to Use RBF** To use RBF in the Vault, you have two options: "Boost" or "Cancel." * **Boost** : Ideal when you have a pending transaction in the mempool and want to speed up its confirmation. By increasing the fee, you improve the chances of your transaction being processed quickly. * **Cancel** : Use this option to attempt to cancel a transaction that hasn't been confirmed yet. You might need to do this to correct an error in the transaction details or if you decide not to proceed with the transaction. Please note that the Cancel feature is not guaranteed to work, as miners may still prioritize the old transaction over the new one. For information on how these features work operationally, please refer to this page. *** #### Automatic Logout and Session Refresh We've enhanced the security and user experience of the Ledger Vault. Now, if a session expires due to inactivity, you'll be automatically logged out after 10 minutes. This helps protect the privacy of your Vault's content, prevents unexpected errors and ensures a smoother workflow. Additionally, a banner will appear one minute before your session expires, giving you the option to extend your session for another 10 minutes with a simple click. This will help avoiding an unexpected logout while working on a transaction for example. *** #### Interface Updates The Ledger Vault interface is being updated with new animations and icons to provide a more intuitive user experience. These updates also prepare the Vault for upcoming features, including Ledger Stax compatibility.
October 2024 - Raw Signing Feature Release ### October 2024 - Version 5.1.0 #### Overview We are excited to introduce the Raw Signing feature in Ledger Enterprise (ver. 5.1). This specialized feature allows API Operators to sign transactions on unsupported blockchains, enhancing flexibility in transaction management. **Key Highlights** * Use Cases: Sign transactions on unsupported blockchains, perform unsupported actions on supported chains, and prove messages on-chain. * Access: Raw Signing is not included by default and is available upon request. Contact your Technical Account Manager (TAM) for eligibility. **Best Practices** To ensure secure usage, we recommend: * Thoroughly validate transactions before submission. * Limit access to trusted personnel. * Regularly audit and monitor signing activities. For more details on enabling and using Raw Signing, please refer to the documentation or reach out to your TAM.
June 2024 - Tradelink support ### June 2024 - Version 5.0.0 #### Overview We are excited to announce the latest Ledger Enterprise release which brings the support of **Tradelink** * **Tradelink** is an open protocol standard to monitor, manage, pledge, and settle collateral balances secured and powered by Ledger Enterprise technology and hardware (HSM). * **Tradelink** enables the creation of off-exchange trading as a service by offering a quick and easy way to set up the governance and access rights to accounts across multiple parties (multi-party governance). The Tradelink account multi-party governance defines the set of rules enforced on each party to authorize monitoring of collateral levels, creation, and approvals of collateral pledging and settlement. Please read more about Tradelink here.
April 2024 - Proof of Ownership and Mark spam transactions enhancements ### April 2024 - Version 4.34.0 *** #### Overview We are excited to announce the latest Ledger Enterprise release (ver. 4.34), which brings following enhancements: * **Enhanced Compliance capabilities** : sign Proof of Ownership messages on any network. * **Mark objects as spam** : marking accounts and operations as spam and filter on them. *** #### Enhanced Compliance capabilities: sign Proof of Ownership messages on any network As a Ledger Enterprise user, you will now be able to define and use **Message Signing** capabilities across all supported networks. This enables you to sign **Proof of Ownership** messages, should you require it for Compliance purposes. Indeed, signing messages with a private key can be used to prove that an institution controls the private keys that correspond to its public addresses. You can find out more about this feature in the dedicated spaces: * for **Admins** : activate Message Signing on an account. * for **Operators** : sign an EIP-191 compliance Message. *** #### Mark objects as spam As a Ledger Enterprise use (admin or oprator), you will now be able to mark/unmark an account or transaction as spam and then filter on this new tag. This is to reduce the risk that your operators accidentally use, in new operations, addresses from poisoning transactions. Note still that operators should always use the "receive" button to generate receive addresses safely, and not copy addresses from the operations history. Finally we strongly suggest to use whitelists systematically. Please find more information on address poisonong scams [**here**](https://support.ledger.com/hc/en-us/articles/8473509294365-Beware-of-address-poisoning-scams?docs=true). **Process for marking accounts as spam:** Clicking on the button with the three dots "..." will display the context menu for you to mark or unmark an account as spam. You can find documentation for adding a label to the Account matching the ID [**here**](https://ledger-enterprise-api-portal.redoc.ly/openapi/le_api/tag/Accounts/paths/~1accounts~1%7Baccount_id%7D~1labels/post/). Please note that only **"view-only"** accounts can be marked as spam, meaning only API operators and all admins can mark accounts as spam. **Process for marking operations as spam:** Clicking on the button with the three dots "..." will display the context menu for you to mark or unmark an operation as spam. You can find documentation for adding a label to the transactions matching the ID [**here**](https://ledger-enterprise-api-portal.redoc.ly/openapi/le_api/tag/Transactions/paths/~1transactions~1%7Btransaction_id%7D~1labels/post/).
February 2024 - Enhanced API capabilities & Streamlining API user onboarding and authentication ### February 2024 - Version 4.33.0 *** #### Overview This release enables multiple API features on more granular bitcoin balances, the creation custom labels that can be used to flag transactions and accounts. We are also really proud to announce the upgrade of API operator onboarding and authentication for a streamlined API experience, please read more about this in [Ledger Enterprise developer portal](https://ledger-enterprise-api-portal.redoc.ly/developer-portal/change_log/#january-2024). * **Multiple API Improvements:** We are proud to announce upgrades to our API operator onboarding and authentication processes, enhancing the overall API experience. For more details, please visit the [Ledger Enterprise Developer Portal](https://ledger-enterprise-api-portal.redoc.ly/developer-portal/change_log/) . * **Improved Balance Display on Bitcoin:** Account balance details now include aggregated information on bitcoin Unspent Transaction Outputs (UTXOs). This update provides insights into whether UTXOs are currently in the mempool, in the process of confirmation, or finalized on the network. Additionally, it includes information on your dust and worthless amount, offering a more detailed overview of your Bitcoin holdings. * **Custom Labels via API:** We are adding custom labels to transactions and accounts, allowing users to flag them for easier identification. Please note that this feature will be available via API and be added in the UI in a future update.
# Workspace administration This article is here to guide you through the major steps in setting up your workspace. It will cover the administrator rule, accounts, transactions, users, groups, and whitelists. {% hint style="success" %} This article is for Administrators only. {% endhint %} ## Admin rule For step-by-step instructions on how to edit the admin rule, see Edit the admin rule.
What is the admin rule? *Admin rule* is the name given to the number of approvals required from all Administrators to authorize sensitive actions in your workspace (for example: creating an account, revoking a user...). It's the minimum number of approvals that must be collected before a request is effective.
How can I set up the admin rule? To properly operate in your workspace, the admin rule must be set up in such way that: * there are at least **three Administrators** registered. * the required number of approvals is lower than the total number of Administrators. In a workspace where 6 Administrators are registered, you can define an admin rule of 2 (and up to 5) approvals out of 6.
Impact of editing the admin rule Editing the admin rule is a critical action and should be thought through beforehand. **All** pending requests will fail if they're not processed before editing the admin rule as a new number of approvals will have to be collected.
How revoking an Administrator affects the admin rule Revoking an Administrator potentially decreases the required number of approvals required to authorize sensitive tasks. You'll be prevented from revoking an Administrator if this results in having less than **three** Administrators registered in your workspace.
Limitations You'll be prevented from editing the admin rule if any of the following requests are *pending approval* in your workspace: * Invite Administrator * Revoke Administrator * Edit admin rule
## Accounts For step-by-step instructions on how to create an account, see Create an account.
Number of accounts The number of accounts you can create in your workspace depends on the pricing plan your organization subscribed to.
Configuring account rules You can ensure transaction requests are submitted to specific approvers before they're sent to the blockchain network using *transaction rules*. Build simple workflows with a single approval step, or complex workflows using up to **four rules** each containing different conditions on approval steps, amount ranges, and whitelists. #### Transaction rules conditions Transaction rules allow setting up conditions to require specific approvals if the conditions are met. | Conditions | Description | | ------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- | | Creators |

Selected Operators can create transactions in the account.

You can select up to 20 Operators or a single group.

| | Amount range (optional) |

Allows defining the minimum and maximum amounts that can be spent per transaction.

If not provided, Operators can send any amount.

| | Whitelist (optional) |

Allows restraining the list of recipients to which funds can be sent to.

If not provided, Operators can send funds to any address.

| | Approval steps (optional) | Allows defining the approvers of a transaction request and up to three different rounds of approvals before a transaction is broadcasted to the network. | Example (part 1) You create the HeyBitcoin account with two rules. * **Rule 1** for transactions between BTC 0 and BTC 20 Operators of the APAC Ops group are allowed to send funds to any addresses and you apply a 3-step approval workflow where a total of 5 Operators are required to approve. * **Rule 2** for transactions between BTC 20 and BTC 50, you allow Operators to send funds to addresses listed in the APAC Ops whitelist only, and you apply a two-step approval workflow where a total of 5 Operators are required to approve.
How are account rules applied? Transaction rules are applied sequentially. In other words, you must arrange them in the order you want them to be executed. This is particularly important as the first matching rule will always be selected. If the first rule isn't applicable, the next rules are checked until the first valid rule is found. In cases where the amount range overlaps between two rules the first valid rule will always be selected. For example, an overlap on BTC 100: * **Rule 1:** BTC 0 to BTC 100. * **Rule 2** : BTC 100 to BTC 200, the transaction rule selected and applied will always be rule 1. Use the drag and drop icon to order rules when creating the account. Rules are applied automatically depending on the amount and recipient address entered by the Operator when creating the transaction. **Example (part 2)** The HeyBitcoin account has two rules (see Example (part 1)). *Operator A* creates a transaction request of BTC 30. The Ledger Enterprise platform will first scan rule 1. This rule isn't applicable, so it'll move to rule 2 which is applicable for this amount. Note that if an Operator creates a transaction request of 60 BTC it'll be rejected as you haven't defined a rule that includes that amount.
Limitations of transaction rules #### Operators can't create and approve the same request... This ensures responsibility is shared among Operators. If an Operator has been selected in the *approval workflow* and in the *Creators* conditions they'll only be able to perform one action: create the transaction request or approve it. #### A group can't be selected more than twice... The same group can be selected once in the *Creator* condition and once in the *Approval workflow*. However, the Operator who created the request won't be able to approve it. As a result, you will never be able to have all Operators in the group to approve the request as the Operator who created it will be counted out. The same group can't be selected twice as an approver in the *Approval workflow* condition. The same goes for individual users.
Bitcoin accounts Although we continue to support Bitcoin legacy accounts, since the 13th of September 2022 it is only possible to choose the Native Segiwt type when creating a Bitcoin account. * A **Native Segwit** (or Bech32) account, for addresses starting with *bc1* . It's not possible to create **Nested Segwit** accounts, but you can send funds to these addresses. For additional information, see [Bitcoin: What’s the difference between SegWit and Native SegWit (Bech32)?](https://www.ledger.com/academy/difference-between-segwit-and-native-segwit) **NB:** P2SH or P2WSH Bitcoin addresses are not supported by Ledger Enterprise.
ERC20 token accounts ERC20 token accounts created in your workspace must all be connected to an Ethereum account — the parent. This parent Ethereum account is used to pay gas fees when Operators create transactions, and should therefore always be credited. #### Creating ERC20 accounts When creating a token account you have two options: * **Connect it to an existing Ethereum account:** To allow the ERC20 account to use this Ethereum account to pay for gas fees. This is possible only if that account hasn't been connected to another occurrence of that same token. An Ethereum account can be linked to multiple ERC20 tokens, but you can only link \*\*one occurrence\*\* of a token to the same Ethereum account. For example, if you create two Augur accounts, they can't be both linked to the same Ethereum account. * **Create a new one:** To automatically create a new Ethereum account if none exist in your workspace or if the existing ones are already linked to an occurrence of the ERC20 token. This account will be *view-only* until you activate it by providing transaction rules. #### *View-only* Ethereum accounts *View-only* is the status given to accounts for which transaction rules haven't been defined yet. This status can be given to two types of accounts: * **Ethereum accounts** created while [Creating ERC20 accounts](broken://pages/wCp4iBR7FPJ0kkB2jSAl) . * **ERC20 tokens** that have been airdropped into your Ethereum account. If you receive tokens that aren't supported by Ledger Enterprise, note that no account will be created. #### Activating *view-only* Ethereum accounts To activate view-only accounts, you must provide their transaction rules. This can be done from the account's dashboard. Until you do so, the account will have the *View-only* status and Operators won't be able to create transactions. However, if the Ethereum account is credited, it can be used to pay gas fees when creating transactions in children ERC20 accounts. For more information, see Activate a view-only account. #### Account permission limitation Operators who have access to ERC20 token accounts, but not the parent Ethereum account won't be able to access the Ethereum account dashboard. This won't prevent them from creating transaction in the ERC20 token accounts.
Allowing UTXO consolidation in the account If the account you create uses whitelists **only**, make sure you either add the address index 0 of that account to one of the whitelists or create a separate rule for this address. This is to ensure Operators can consolidate UTXOs in the account.
Generating receive addresses You can generate a public address from the account's dashboard each time you need to share it or transfer funds to yourself from any hardware wallet or exchange platform. For crypto assets that allow it, a new address and QR code are generated each time a payment is received. All addresses and QR codes previously shared remain valid, however, it's best practice not to reuse them. To provide the best level of security, verify the address after you copy and paste it. Malware on your computer might replace addresses in your clipboard.
## Assets
Which crypto assets are supported by Ledger Enterprise? For a complete list of the crypto assets supported by Ledger Enterprise today, please check [this article](/help-center/supported-networks).
## Groups
What is a group? Group refers to a logical grouping of users. This feature allows administrators to manage permissions and enforce governance policies across multiple accounts simultaneously. Groups are particularly useful if you'd like to gather users who hold a similar approval level or who belong to the same company. You can then use the group when creating accounts rules, to enable a subset of people to be responsible for a given rule. A group can contain up to 20 members. If an Operator is revoked from your workspace, they'll also be automatically removed from any group they belong to.
## Whitelists
What is a whitelist? A whitelist is a collection of addresses that can be linked to accounts. It allows ensuring Operators send funds to a specific set of addresses only. This is particularly useful if you create whitelists for specific customers or if you want to save time by gathering your most used addresses. You can save up to 300 addresses in a whitelist, and for ease of identification, each must be named. It can contain any crypto asset addresses. However, when creating an account, only whitelists containing at least one address in the currency of the account can be linked.
#### Limitations
ERC20 token whitelists It's not currently possible to whitelist ERC20 token addresses. To bypass this limitation, save the address of the parent Ethereum account in a whitelist. This will automatically whitelist its linked ERC20 children accounts and allow you to send tokens.
Deleting whitelists It's not currently possible to delete whitelists.
# Admin Rule *Admin rule* is the name given to the number of approvals required from all Administrators to authorize sensitive actions in your workspace (for example: creating an account, revoking a user...). It's the minimum number of approvals that must be collected before a request is effective. Only a quorum of Administrators (i.e., a minimum of two Admins) can modify the governance settings, including the approval process. These rules are secured at the HSM level and cannot be altered, even by Ledger. This is a key security feature that ensures customers remain fully autonomous and self-sovereign, with no Ledger intervention required to manage their governance # Edit the admin rule {% hint style="success" %} This article is for Administrators only. {% endhint %} ## Overview * *Admin rule* is the name given to the number of approvals required from all Administrators to authorize sensitive actions in your workspace (for example: creating an account, revoking a user...). It's the minimum number of approvals that must be collected before a request is effective. * Increase or decrease the number of approvals required from Administrators to authorize sensitive actions in your workspace (for example: creating accounts, adding new users...). * Editing the admin rule must be exceptional as all pending requests will fail and will have to be recreated, unless you process them beforehand. * Only a quorum of Administrators (i.e., a minimum of two Admins) can modify the governance settings, including the approval process. These rules are secured at the HSM level and cannot be altered, even by Ledger. This is a key security feature that ensures customers remain fully autonomous and self-sovereign, with no Ledger intervention required to manage their governance ## Before you start * Make sure you're aware of **important information** listed on the Admin rule page. * Your Personal Security Device must be connected to your computer, switched on, and the Ledger Vault app opened. ## Instructions 1. Click **Settings** on the left panel. 2. In the admin rule section, click **Edit** . (NB: The edit button is greyed out if you don't have more than 3 Administrators registered as you need at least 3 admins to run a vault)
3. Use the slider to define the new number of approvals. You can't have less than two approvals or a number of approvals that is equal to the number of registered Administrators.
4. Click **Continue** . 5. Verify that the information displayed on your device is accurate. If it's not, either try again or contact [Support](https://ledgerhq.atlassian.net/servicedesk/customer/portals) . 6. Tap **Confirm** . ## Results An *Edit admin rule* request is submitted for approval. The request must be approved by the number of Administrators **currently defined** in the admin rule. ## What's next? Once the request is approved, the new admin rule is applied in the workspace. New requests created in the workspace will now require a new number of approvals to be authorized. # API Administrator rules When the API Administrator feature is active on your workspace, you will see new admin rules options in the Settings. {% hint style="info" %} If you want to use the API Administrator feature but it is not available on your workspace yet, please contact our support or an account manager. {% endhint %} ### Master Administration rule
This is the quorum of human administrators (it cannot include an API Administrator). It works the same way whether the API Administrator feature is active or not. For more information, please look at the ["Edit the admin rule"](/help-center/core/workspace-administration/admin-rule/edit-the-admin-rule) article. ### API Admin rules
These rules are made to grant rights to API Administrators so they can execute specific tasks. In order to add an API Administrator here, please follow these steps: 1. Invite an API Administrator on your workspace. 2. Register the API Administrator thanks to their keys. {% hint style="info" %} Please follow the [Register a new API User](https://help.vault.ledger.com/api-documentation/tutorials/first-steps-as-an-api-user) guide to complete these steps. {% endhint %} Once this is done, a human administrator can then edit an API Admin rule to add the API Administrator to it.
Create account with policy The API Administrator will be able to create accounts that using a policy (a set of rules that is common to multiple accounts). They will be able to make two types of requests: * Create account with policy * Approve a request to create an account with policy {% hint style="info" %} See the ["Policies"](/help-center/core/workspace-administration/policies) section to understand how to create a policy. {% endhint %} {% hint style="info" %} See the ["Create an account"](https://help.vault.ledger.com/api-documentation/tutorials/api-administrator/first-steps-as-an-api-user) API guide to understand how to create accounts with a policy via API. {% endhint %}
When an API Admin rule is updated, the change must be validated by the Master Administration quorum. # Accounts # Create an account Create accounts in your workspace and define comprehensive governance rules for them. {% hint style="success" %} This article is for Administrators only. {% endhint %} ## Before you start * Learn more on how accounts work: Workspace administration . * Your Personal Security Device must be connected to your computer, switched on, and the Ledger Vault app opened. ## Instructions ### Step 1. Select the account's crypto asset 1. Click **Accounts** on the left panel. 2. Click + Create account in the top right corner.
3. Select a crypto asset or an ERC20 token from the drop-down. Select the derivation mode for BTC accounts.
4. You can now choose to link your EVM account, or create it with a unique, unused address. Select one of the following options: 1. **Link to an existing EVM account** , by selecting the desired accounts you wish to link your new account to. EVM accounts can be linked to one occurrence of the same address. If the account you're searching for doesn't appear in the list or is greyed out, this means it has already been linked to another EVM account. 2. **Generate a new address** , to create an EVM account with a unique, unshared address. This option is selected by default if there are no available accounts on your workspace to link to. 5. ERC20 tokens must be linked to an Ethereum account (the parent). Select one of the following options: 1. **Select an existing Ethereum account** , to link the token to an existing Ethereum account. Ethereum accounts can be linked to one occurrence of the same token. If the account you're searching for doesn't appear in the list, this means it has already been linked to another account. 2. **Create a new *****view-only***** Ethereum account** , to create a new Ethereum account. This option is selected by default if no Ethereum account exists in your workspace. 6. Click **Next** . {% hint style="warning" %} Please note that when creating a new "view-only" Parent account during the ERC20 account creation flow, you currently won't be able to link that Parent to an existing EVM account, and it will automatically generate a new address. Should you want to link the Parent account to another EVM account, please make sure you have created that Parent account prior to creating the underlying ERC20 account {% endhint %} ### Step 2: Name the account 1. Enter a **Name** for the account. This name must be less than 19 characters long and must not contain special characters.
2. For ERC20 Tokens, in the **Parent account name** field either: * Enter a **Name** for the account if you're creating a new Ethereum account. * Or, verify that the displayed Ethereum account name is the one you've selected.
3. Click **Next** . ### Step 3: Define the transaction rules 1. Click **Select creator** to define which Operators can create transactions. You can select up to 20 Operators or a single group. Operators and groups pending to be created, edited, or deleted aren't listed.
2. (optional) Click **Add amount range** and enter a **Minimum** and **Maximum amount** . Optionally, select the **No limit** checkbox, if you don't want to set a maximum value. Then, click **Add amount range** to confirm.
3. (optional) Click **Add Whitelist** and select up to four whitelists from the drop-down. Then, click **Add whitelist** to confirm. Only whitelist(s) that contain at least one address in the currency of the account are listed. Whitelists pending to be created, edited, or deleted are not listed.
4. Use the approval workflow section to define which Operators must review and approve transactions created in the account. You can define up to three steps. 1. Click Add approval step. 2. Select up to 20 Operators or a single group. 3. Operators and groups pending to be created, edited, or deleted aren't listed.
4. (optional) Click the **+ Add rule** tab and repeat the above steps to add up to four rules. 5. Drag and drop the rules tabs to arrange them in the wanted order of execution. 6. Click **Next** . ### Step 4. Confirm the account creation on your device 1. Click **Create account** . 2. Verify that the information displayed on your device is accurate. If it's not, either try again or contact [Support](https://ledgerhq.atlassian.net/servicedesk/customer/portals) . 3. Tap **Next** to review all rules. 4. Tap **Confirm** to confirm the edit. 5. Tap **Confirm** to finalize the request. ## Results A *Create account* request is submitted to all Administrators of the workspace. If you've created an ERC20 token account along with a new Ethereum account, only *one* request is submitted. A *view-only* Ethereum account will be created once the token account request is approved. For more information, see Workspace administration. {% hint style="warning" %} This request will fail and will have to be recreated if any Operator in the approval workflow is revoked before the request is approved. {% endhint %} ## What's next? The account will be created once the request is approved by the number of Administrators defined in the admin rule. For more information, Track the status of a request. # Solana SPL token account ## What is a Solana SPL token account ? Solana blockchain has a [Token program](https://spl.solana.com/token) which defines a common implementation for Fungible and Non Fungible tokens.\ \ Some of these Non Fungible tokens are supported on Ledger Enterprise, such as USDT(Solana) or RAY(Solana). They are called SPL tokens. This page explains how to create, as an administrator of a workspace, SPL token accounts and how to activate them, as an Operator. Then, Operators can interact, send & receive tokens for example, with the created SPL token accounts. One specificity of SPL token accounts is that they must contain enough SOL to be considered [rent exempt](https://docs.solana.com/implemented-proposals/rent). ## Create Solana SPL token account (Administrator) *Note: Creating an account is explained in the* [*Create an account*](/help-center/core/workspace-administration/accounts/create-an-account) *page, Editing an account is explained in the* [*Edit an account*](/help-center/core/workspace-administration/accounts/edit-an-account) *page. Only specific steps relating to SPL token accounts are detailed in this page.*
1. **Create Solana parent Account if none exist already**\ SPL token accounts exist within a Solana parent account. Therefore, you must first create or have an existing Solana account in Ledger Enterprise to create SPL token accounts.\ \&#xNAN;*Note: a Solana parent account can manage multiple SPL token accounts, but each token account is specific to a single SPL token type. For instance, a Solana parent Account can hold separate SPL token accounts for USDT and RAY, but not two separate USDT token accounts.*
2. **Enable the "Enable SPL Token" rule enabled within Solana parent Account rules**\ One specificity of SPL token accounts is that they must contain enough SOL to be considered [rent exempt](https://docs.solana.com/implemented-proposals/rent). This transaction is done by the Operator from the SPL token account, but the Solana parent Account must have the "Enable SPL token" rule **enabled** so that Operator can make the transaction. This rule can be enabled from step 5 of the Solana parent Account creation or edit flow.\ \&#xNAN;*Note: When enabling this rule, the Administrator will be asked to define which Operator can actually execute this transaction.*
## Activate Solana SPL token account (Operator) *Note: Administrator steps must be done before activation from the Operator* 1. **Activate the SPL token Account from the Solana parent Account page** \ On the Solana parent Account page, in the "Associated SPL token accounts" section, the Operator can start the activation (pay to be [rent exempt](https://docs.solana.com/implemented-proposals/rent)) of the SPL token account from a button.\ \&#xNAN;*Note: every parameter in the activation transaction is pre-filled so it is easy to process. Depending on the rules defined by the Administrator for the "Enable SPL Token" rule, the transaction may need to be validated by other Operators.*
Once the transaction is confirmed, Operators with the appropriate authorization (included in the SPL token account send rules) can start interacting, send & receive tokens for example, with the SPL token Account # Direct Access EVM Accounts Direct Access is a mode of support where Ledger Enterprise Platform communicates directly with EVM networks. This method allows users to explore and interact with a broader array of blockchains. ## EVM Accounts The growth and diversity of Ethereum Virtual Machine (EVM) compatible networks have created a multitude of opportunities for digital asset management. Ledger Enterprise supports **Direct Access to a wide range of EVM networks**. This new feature allows our users to interact directly with these networks, create accounts, visualize balances, transact, and interact with DeFi and NFT applications. **Direct Access** is a mode of support where Ledger Enterprise Platform communicates directly with EVM networks. This method allows users to explore and interact with a broader array of blockchains without the need for them to be fully indexed on our platform. With Direct Access, you can: * **Create accounts** on these newly supported networks (Arbitrum, Optimism, Fantom, Flare, Klaytn, Avalanche C-chain, as well as their testnets, Mumbai and Sepolia) * View your **account balances** for both parent and ERC20 children accounts * Perform basic **asset transfers** Please note that due to the nature of Direct Access (without full indexing), reporting capabilities are currently limited to **outgoing transactions**. Additionally, users should be aware of potential rate limitations on transactions that might impact their ability to perform actions rapidly or in high volumes. However, we plan on enabling **Full Access** on these networks in later iterations to provide **comprehensive reporting** and minimize such limitations. Until Full Access is available, users can use external tools, such as public explorers (e.g., ArbitrumScan), to retrieve additional information on their reporting. Learn more on how to create this type of accounts here. # Edit an account Edit the name and transaction rules of an existing account. {% hint style="success" %} This article is for Administrators only. {% endhint %} ## Before you start * Your Personal Security Device must be connected to your computer, switched on, and the Ledger Vault app opened. ## Instructions #### Step 1. Edit the account's name and transaction rules * Click **Accounts** on the left panel. * Click the name of the account you want to edit. * Go to the **Settings** tab. * Click **Edit** next to the account's name. * Make the necessary updates to the name of the account, transaction rules, amount ranges and whitelists. * Click **Next**. #### Step 2. Confirm the account's changes on your device * Click **Edit account** . * Verify that the information displayed on your device is accurate. If it's not, either try again or contact [Support](https://ledgerhq.atlassian.net/servicedesk/customer/portals) . * Tap **Next** to review all rules. * Tap **Confirm** to confirm the edit. {% hint style="info" %} You'll be prevented from editing an account if: * A transaction request is pending to be approved in the account. * An Operator used in the account is pending to be revoked. * A group linked to the account is pending to be edited or deleted. * A whitelist linked to the account is pending to be edited. {% endhint %} ## Results An *Edit account* request is submitted to all Administrators. This request will fail if any Operator in the approval workflow is revoked before the request is approved. ## What's next? Your changes will be implemented once the request is approved by the number of Administrators defined in the admin rule. For more information, Track the status of a request. # Activate a view-only account {% hint style="success" %} This article is for Administrators only. {% endhint %} ## Overview * Ethereum and ERC20 token accounts must be activated if the transaction rules haven't been defined. * Once activated, Operators will be able to create transactions in the account. ## Before you get started * Learn more on Activating view-only Ethereum accounts . * Your Personal Security Device must be connected to your computer, switched on, and the Ledger Vault app opened. ## Instructions #### Step 1. Select the account you want to activate * Click **Accounts** on the left panel. * Click the name of the account you want to activate. This account must have the *view-only* status. * Click **Provide transaction rules** at the top of the account dashboard. #### Step 2. Define the transaction rules 1. Click **Select creator** to define which Operators can create transactions. You can select up to 20 Operators or a single group. 2. (optional) Click **Add amount range** and enter a **Minimum** and **Maximum amount** . Optionally, select the **No limit** checkbox, if you don't want to set a maximum value. Then, click **Add amount range** to confirm. 3. (optional) Click **Add Whitelist** and select up to four whitelists from the drop-down. Then, click **Add whitelist** to confirm. 4. Use the approval workflow section to define which Operators must review and approve transactions created in the account. You can define up to three steps. * Click Add approval step . * Select up to 20 Operators or a single group. 5. (optional) Click the **+ Add rule** tab and repeat the above steps to add up to four rules. 6. Drag and drop the rules tabs to arrange them in the wanted order of execution. For more information, see Accounts . 7. Click **Next**. {% hint style="info" %} Please note: * Operators and groups pending to be created, edited, or deleted aren't listed. * Only whitelist(s) that contain at least one address in the currency of the account are listed. Whitelists pending to be created, edited, or deleted aren't listed either. {% endhint %} #### Step 3. Confirm the account's edits on your device * Click **Edit account** . * Verify that the information displayed on your device is accurate. If it's not, either try again or contact [Support](https://ledgerhq.atlassian.net/servicedesk/customer/portals) . * Tap **Confirm** . * Repeat the above steps for each view-only account. ## Results An *Edit account* request is submitted to all Administrators. ## What's next? The account will be activated once the request has been approved by the number of Administrators defined in the admin rule. For more information, Track the status of a request. Once done, Operators will be able to create transactions in the account. # Generate a receiving address Generate a public address for accounts you've got access to or regenerate an existing public address. ## Before you start * Your Personal Security Device must be connected to your computer, switched on, and the Ledger Vault app opened. * Note that a new address is generated on Bitcoin and Bitcoin-like accounts each time you create a transaction or receive funds. ## Instructions 1. Click **Accounts** on the left panel. 2. Click the name of account for which you want to generate an address.
3. Click **Receive** in the top right corner.
4. **Advanced users only:** To regenerate an existing **Bitcoin** address, open the **Advanced** drop-down, delete the last digits of the derivation path and enter the **address index** . Otherwise, leave this field as is to generate a new address.
5. Click **Verify on device** . 6. Verify that the address displayed both on your Personal Security Device and on-screen are identical. If they are: * **Identical** , tap **Confirm** . * **Not identical** , tap **Cancel** . Carefully verify the generated address and try again or contact [Support](https://support.vault.ledger.com/) if in doubt. 7. Tap **Confirm** . 8. Click **Done** . 9. Click to copy the address. ## Results You've generated a public address and a QR code (displayed on your device only) for the selected account. For additional security, verify the address again after you paste it. Malware on your computer might replace addresses in your clipboard. # Groups ## Overview Group refers to a logical grouping of users. This feature allows administrators to manage permissions and enforce governance policies across multiple accounts simultaneously. Groups are particularly useful if you'd like to gather users who hold a similar approval level or who belong to the same company. You can then use the group when creating accounts rules, to enable a subset of people to be responsible for a given rule. A group can contain up to 20 members. If an Operator is revoked from your workspace, they'll also be automatically removed from any group they belong to. # Create a group Organize Operators of your workspace into groups. {% hint style="success" %} This article is for Administrators only. {% endhint %} ## Before you start * Your Personal Security Device must be connected to your computer, switched on, and the Ledger Vault app opened. ## Instructions 1. Click **Users** on the left panel. 2. Go to the **Groups** tab. 3. Click **+ Create group** in the top right corner.
4. Enter the **Group name** . The group name must be less than 19 characters long and must not contain special characters. **NB:** Names must be unique. You can't have two groups with the same name. 5. (optional) Enter a **Group description** . 6. Select the **Group members** from the drop-down list. You can select up to 20 Operators. Operators who have the *Pending revocation* status or who are still *Pending creation* won't appear in the list.
7. Click **Next** . 8. Click **Create group** .
9. Verify that the information displayed on your device is accurate. If it's not, either try again or contact [Support](https://ledgerhq.atlassian.net/servicedesk/customer/portals) . 10. Tap **Confirm** . ## Results A *Create group* request is submitted to all Administrators for approval. If an Operator member of this group is revoked before this request is approved, the *Create group* request will fail and will have to be recreated. ## What's next? The group will be created once the request is approved by the number of Administrators defined in the admin rule. For more information, Track the status of a request. # Edit a group Edit a group to add or remove members, rename it or change the description. {% hint style="success" %} This article is for Administrators only. {% endhint %} ## Before you start * Your Personal Security Device must be connected to your computer, switched on, and the Ledger Vault app opened. {% hint style="warning" %} You'll be prevented from editing a group if: * Your changes make the transaction rules of the account unusable. For example, the approval of 6 out of 10 Operators is required from this group in the *HeyBitcoin* account, but you want to remove 5 Operators. The approval workflow of these accounts must be adjusted first. * An account using this group is pending to be edited. You'll first have to process this request before editing the group. * Transactions are pending approval in accounts using this group. {% endhint %} ## Instructions 1. Click **Users** on the left panel. 2. Go to the **Groups** tab. 3. Click the group name.
4. Click **Edit** in the top right of the dialog.
5. You can edit the following: * The **Name** of the group. * The **description** . The description alone can be edited at any time without requiring the approval from other Administrators. * Add or remove **Members** . 6. Click **Next** . 7. Click Edit group . 8. Verify that the information displayed on your device is accurate. If it's not, either try again or contact [Support](https://ledgerhq.atlassian.net/servicedesk/customer/portals) . 9. Tap **Confirm** . ## Results An *Edit group* request is submitted to all Administrators for approval. If a member of this group is revoked before this request is approved, the *Edit group* request will fail and will have to be recreated. ## What's next? The changes will be implemented once the request has been approved by the number of Administrators defined in the admin rule. For more information, Track the status of a request. # Delete a group Permanently delete a group. {% hint style="success" %} This article is for Administrators only. {% endhint %} ## Before you start * Your Personal Security Device must be connected to your computer, switched on, and the Ledger Vault app opened. {% hint style="info" %} You'll be prevented from deleting a group if: * If it's used in the transaction rules of an account. You must first remove the group from all accounts it's used in, and then delete the group. Removing a group from an approval workflow requires you to create an *Edit account* request. Once approved you can delete the group. {% endhint %} ## Instructions 1. Click **Users** on the left panel. 2. Go to the **Groups** tab. 3. Click the group name.
4. Click Delete in the bottom right corner of the dialog.
5. Click Delete group when prompted to confirm. 6. Verify that the information displayed on your device is accurate. If it's not, either try again or contact [Support](https://ledgerhq.atlassian.net/servicedesk/customer/portals) . 7. Tap **Confirm** . ## Results A *Delete group* request is submitted to all Administrators for approval. If an Operator member of this group is revoked before this request is approved, the *Delete group* request will fail and will have to be recreated. ## What's next? The group will be deleted once the request has been approved by the number of Administrators defined in the admin rule. Once done, the group will have the *Deleted* status. For more information, Track the status of a request. # Whitelists # Create a whitelist {% hint style="success" %} This article is for Administrators only. {% endhint %} ## What is a Whitelist ? A whitelist is a defined list of blockchain addresses. When configuring account rules, this list is often used to restrict the permissible recipients for outgoing fund transfers. A list can contain up to **300 addresses** . Whitelists can only be edited in batches of 90 addresses. If you need to create a whitelist with more than 90 addresses, you must add these by batches of 90 addresses maximum at a time. ## Create a Whitelist (Administrator) ### Before you start Your Personal Security Device must be connected to your computer, switched on, and the Ledger Vault app opened. ### Instructions {% hint style="success" %} **Best practice:** Create Whitelists per currency, do not mix addresses from multiple currencies in one Whitelist. {% endhint %} 1. Click **Whitelist** on the left panel. 2. Click **+ New whitelist** in the top right corner.
3. Enter the **Whitelist name** . The group name must be less than 19 characters long and must not contain special characters.

Whitelist names must be unique. Two whitelists can't have the same name.

4. Select the **Whitelist type** from the drop-down list. Note that Transaction type whitelists can only be used in the context of Transaction rules and Smart Contract whitelists in Smart Contract rules, to avoid errors and enable your organization to better manage and control the use of Transaction and Smart Contract rules. 5. (optional) Enter a **Whitelist description** .
6. Click **Next** . 7. Enter addresses. 1. Select a blockchain from the **Currency** drop-down list.

It's not possible to add ERC20 token addresses.

2. Enter the **Name** of the address. It must be less than 45 characters long and must not contain special characters. Address names must be unique per currency. For example, you can have a Polygon and Ethereum address named *Coinplace*, but two Ethereum addresses can't hold the same name. 3. Enter the public **Address** , then click the **Save** button to add it to the list.

The Solana parent Account address can be provided as a SPL token account address. If so DO specify it is saved as a SPL token Account address.

4. Repeat the above steps for each address you want to add.
8. Click **Next**. 9. Check the details and then click **Create whitelist**.
10. Verify that the information displayed on your device is accurate. If it's not, either try again or contact [Support](https://ledgerhq.atlassian.net/servicedesk/customer/portals) . 11. Tap **Confirm** . ### Approval A *Create Whitelist* request is submitted to all Administrators for approval. ## What's next? The Whitelist will be created once the request is approved by the number of Administrators defined in the admin rule. \ Once approved, the Whitelist can be added in accounts' rules. For more information, see [Create an account](/help-center/core/workspace-administration/accounts/create-an-account) or [Edit an account](/help-center/core/workspace-administration/accounts/edit-an-account). # Edit a whitelist Add, edit, or remove addresses from an existing whitelist. {% hint style="success" %} This article is for Administrators only. {% endhint %} ## Before you start * Your Personal Security Device must be connected to your computer, switched on, and the Ledger Vault app opened. * You can't do more than **90 edits** at a time in a whitelist. If you must do more changes, create a second edit request once the first one has been approved. {% hint style="warning" %} **You'll be prevented from editing a whitelist if:** * Accounts using it are pending to be edited. The account's edit request must first be approved or rejected. * A transaction is pending in an account using this whitelist. The request will first have to be approved or rejected before you can edit the whitelist. * You remove addresses required by accounts using this whitelist. You must first unlink the whitelist from affected accounts. **Example:** The whitelist contains one Bitcoin address and is linked to a Bitcoin account. If you remove this address the account won't be functional as no Bitcoin addresses are available. * You've made more than 90 changes. You won't be able to confirm the request creation on your device and will have cancel it. {% endhint %} ## Instructions 1. Click **Whitelist** on the left panel. 2. Click the name of the whitelist.
3. Click **Edit** in the top right corner of the dialog.
4. Make the necessary changes to the name and description of the whitelist or add, edit, remove addresses. **NB:** Edits to the description of the whitelist only are automatically saved and don't require the approvals of other Administrators.
5. Click **Next** . 6. Click **Edit whitelist** . 7. Verify that the information displayed on your device is accurate. If it's not, either try again or contact [Support](https://ledgerhq.atlassian.net/servicedesk/customer/portals) . 8. Tap **Confirm** . 9. Click **Done** . ## Results An *Edit Whitelist* request is submitted to all Administrators for approval. ## What's next? The whitelist will be edited once the request is approved by the number of Administrators defined in the admin rule. For more information, Track the status of a request. # Entities ## Overview * Entities are groupings of accounts. They're useful to organize accounts based on your needs – whether it's to sort accounts per currency or group the accounts of a given client. * This feature allows administrators to have an easy way to display the balances of each grouping of accounts. * Operators will be able to see an entity once it is created, but they will have a partial view as they can only see the accounts they have access to. ## How does this feature work? This feature serves as a view tool to track the regrouped balance of certain accounts. It can only be created, edited or deleted by the administrators of the workspace. All requests concerning entities must respect the quorum (minimum number of approvals) of the workspace. However, there is no need to connect a device to approve these requests, since an entity has no incident on the account rules or the view permissions.
Inside any given entity an administrator will see the list of accounts associated to the entity, as well as a list of operators which are mentioned in at least one account rule of the entity. This list of users is automatically generated. If an operator is linked to an entity, they will be able to view it but they will only see the accounts they have access to on the workspace. The entity balance will be updated to reflect the user's access. ## Important points to keep in mind An operator **will**: * See the Entity name * See the accounts in an Entity (but only those they have access to) * See the total and available balance of an Entity (but only reflecting the accounts they have access to) An operator **will not**: * See the list of operators associated with an Entity * See any account they would not normally have access to on the workspace The Entities feature has no incidence on the account rules or permissions. It is simply a view tool. ## How can I use this feature? You can find several articles on how to create, edit or delete an entity here: * Create an entity * Edit an entity * Delete an entity # Create an entity Organize accounts under an entity. {% hint style="success" %} This article is for Administrators only. {% endhint %} ## Instructions 1. Go to the **Entities** tab at the top of the Accounts page. 2. Click **Create entity** . 3. Enter a unique **Entity name** . This name must be less than 19 characters long and must not contain special characters. 4. Select **Entity accounts** . 5. Click **Next** . 6. Click **Create entity** to finalize the request.
## Results A *Create entity* request is submitted for approval to all Administrators in the workspace. They do not need their device to approve the request. ## What's next? The entity will be created once the request is approved by the number of Administrators defined in the admin rule. # Edit an entity {% hint style="success" %} This article is for Administrators only. {% endhint %} ## Overview * You can edit an entity to change its name and add or remove accounts. ## Instructions 1. Go to the **Entities** tab at the top of the Accounts page. 2. Click the entity name. 3. Click **Edit** next to the entity's name. 4. (optional) Edit the **Entity name** . 5. (optional) Add or remove **Entity accounts** . 6. Click **Next** . 7. Click **Edit entity** to finalize the request.
## Results An *Edit entity* request is submitted for approval to all Administrators in the workspace. They do not need their device to approve the request. The new entity will be active when the necessary number of approvals is collected. ## What's next? Your changes will be implemented once the request is approved by the number of Administrators defined in the admin rule. # Delete an entity {% hint style="success" %} This article is for Administrators only. {% endhint %} ## Overview * You can delete an entity if you don't use it. * All accounts, members and groups linked to the entity will automatically be unlinked. They won't be deleted. * Deleting an entity is a permanent action that can't be undone. ## Instructions 1. Go to the **Entities** tab at the top of the Accounts page. 2. Click the name of the entity you want to delete. 3. Click **Delete** next to the entity's name. 4. After carefully reviewing the warning, click **Confirm** to finalize the request.
## Results A *Delete entity* request is submitted for approval to all Administrators in the workspace. They do not need their device to approve the request. ## What's next? The entity will be deleted once the request is approved by the number of Administrators defined in the admin rule. All accounts, members and groups linked to the entity will automatically be unlinked. ## See also * Edit an entity * Unlink an account from an entity # Policies Understand what are policies, and how you can use them to streamline the governance of your workspace with multiple accounts. ## What are policies? Policies are sets of rules that apply to an array of accounts. This means that you can manage the rules of multiple accounts (that need to share the same rules). There are two types of policies you can create: * **Single Crypto Asset:** This policy is designed to manage the rules for multiple accounts of the **same cryptocurrency**. All governance rules available for that specific crypto asset can be configured. * **Multiple Crypto Assets:** This is a more flexible policy type that allows you to apply a single set of rules to multiple accounts from different cryptocurrencies and blockchains. {% hint style="warning" %} To maintain this flexibility across different assets, Multiple Crypto Assets policies only support Send rules (no other types of rules) and no thresholds. SPL tokens are also **not** supported. This system will be improved in the future. {% endhint %} ## How to set up a policy Only administrators can create and edit policies. 1. As an administrator, go to to the **Policies** section. 2. Click the **New policy** button. 3. In the first step, you will be asked to choose the policy type: * Select *Single Crypto Asset* if you want to create a policy for accounts of the same crypto asset. * Select *Multiple Crypto Assets* if you want the policy to apply to accounts from various crypto assets. 4. Set a *Policy name* (This name will be visible to Operators, so make it clear and descriptive). 5. (Optional) Additionally you can set a description of your policy which will only be visible to all Administrators. 6. If you selected "Single Currency," you will need to choose the Currency that the policy will govern. 7. Proceed to the next step to configure the Rules for the policy. * For a Single Crypto Asset policy, all rule types available for the selected currency can be configured. * For a Multiple Crypto Assets policy, only Send rules can be configured, and the threshold option will be inactive. 8. Once you have configured the details and rules, you can review and validate the policy creation. This action will require approval from the quorum of Administrators to be finalized. ## Associate a policy to an account ### Associate a new account When creating a new account, an administrator will have two choices during the creation flow: * **Custom rules:** The rules will apply to this account only. This means that if an administrator needs to edit the rules of this account, they will have to edit the account directly. * **Policy rules:** The rules of this account are governed by a policy that needs to be selected. This means that an administrator cannot edit the rules of this account directly; they will have to update the policy associated to it. ### Associate an existing account When editing an account, it is possible to replace its current rules with an existing policy. * Only already created policies of the same currency as the current account will be available. * Associating a policy to an existing account will erase the current rules. ## Edit a policy * **Editing a policy:** Any changes made to a policy's rules will be automatically applied to all the accounts associated with it. This action also requires validation by the Administrator quorum. The type of the policy (Single or Multiple crypto assets) cannot be changed after it has been created. * **Deleting a policy:** It is not possible to delete a policy. However, if a policy is not associated with any account, it will have no effect. # Users How do you invite and manage users in your workspace {% hint style="success" %} The instructions on this page can only be executed by administrators. {% endhint %} # User Roles and Permissions Ledger Enterprise users have a role, each with its own level of permissions. ## User Roles We have two user roles that can operate on your workspace today. 1. **Administrator** : They manage the workspace. You must have registered a minimum of three Administrators to properly manage your workspace. 2. **Operator** They create transactions and/or approve in accounts they've been granted access to based on the account rules set by the Administrators. This information can be found in the account's transaction rules ( **Accounts > Account dashboard > Rules tab** ). ## Permissions by role The following is a breakdown of the capabilities for each type of user in the workspace.
# New users How do you invite new users to your workspace
Invite Operators Operators are the regular users of your workspace. They can be members of your organization or clients using your workspace. Setting them up is the initial step to making your workspace operational. 1. Send a Personal Security Device (PSD) to the relevant Operators. The current PSD is a Ledger Stax. For assistance in acquiring these, collaborate with your dedicated Technical Account Manager. 2. Ask Operators to: 1. Initialise their PSD. 2. Retrieve the User ID displayed on their Vault app dashboard and send it to you using your organization's preferred communication channel (as seen below).
3. Invite users to your workspace using the User ID and send the invitation URL to the Operator using your organization's preferred communication channel. You can invite users by going to the Users tab of your Administrator Dashboard and going through the invite flow. 4. Ask the Operator to connect to the URL and Register on Ledger Enterprise using their device. 5. Once the operator has registered, a request will be automatically created. The necessary number of users will be defined by your organisations [Admin Rule.](https://help.vault.ledger.com/help-center/core/workspace-administration/admin-rule) They will have to approve this request and then the user will be created.
Invite Administrators An administrator in the Ledger Vault is responsible for setting up and managing the system. They handle crucial tasks such adding and removing users, configuring groups and whitelists and establishing governance rules. See below how to begin configuring your Vault. 1. Send a Personal Security Device (PSD) to the relevant Administrators. The current Personal Security Device is a Ledger Stax. Work with your dedicated Technical Account Manager to get a supply of these. 2. Ask Administrators to: 1. [Initialize their PSD](https://help.vault.ledger.com/help-center/core/your-device/initialize-your-personal-security-device-psd) 2. Retrieve the User ID displayed on their Vault app dashboard and send it to you using your organization's preferred communication channel (as seen below).
3. Invite users to your workspace using the User ID and send the invitation URL to the Administrator using your organization's preferred communication channel. 4. Ask the Operator to connect to the URL and Register on the Ledger Vault using their device. 5. Once the operator has registered, a request will be automatically created. The necessary number of users will be defined by your organisations Admin Rule. They will have to approve this request and then the user will be created.
# Register on Ledger Enterprise Register to Ledger Enterprise using the invitation URL sent to you by an Administrator. ## Before you start * You must have: * Received and initialized[^1] your Personal Security Device. * Communicated your user ID to an Administrator. * Your Personal Security Device must be connected to your computer, switched on, and the Ledger Vault app opened. ## Instructions 1. Open the invitation URL in your browser. 2. Verify the information displayed is correct, then click **Register** . 3. Verify that the information displayed on your device is accurate. If it's not, either try again or contact [Support](https://ledgerhq.atlassian.net/servicedesk/customer/portals) . 4. Tap **Confirm** on your device to confirm. 5. You've now successfully registered on the Ledger Enterprise platform. ## What's next? A request is automatically submitted to the Administrators of the workspace. They must approve this request. Once approved, you'll be able to connect to the workspace. An Administrator will inform you once that's done. [^1]: This requires a link to the "your device" section # Your Device # Initialize your Personal Security Device (PSD) ## Overview * Initialize your personal security device. ## Instructions for all Ledger Enterprise users Follow these steps if you have a Ledger StaxTM device. #### Step 1. Set up without Ledger Live 1. Turn on your PSD and follow the instructions. 2. Tap **Set up without Ledger Live** and confirm skip. 3. Set the name of your device (**note:** this will also be your username on your workspace). 4. Choose a 4 to 8-digit PIN code. This PIN code is used to unlock the Personal Security Device. 5. Choose **Set up as a new Ledger.** {% hint style="warning" %} Please note, entering your PIN incorrectly three times into any Ledger device will completely reset the device. If this occurs, you can recover the device with your 24 word recovery phrase. {% endhint %} #### Step 2. Generate the 24-word recovery phrase The 24-word recovery phrase allows you to restore your configuration if you forget your PIN code or lose your device. 1. Read the instructions on screen until you reach the beginning of the list of 24 words. 2. Get the **Recovery sheet** from the Personal Security Device box. 3. Carefully write down on the **Recovery sheet** the first words displayed on the Personal Security Device screen, then click **Next** to display the next words, or **Previous** if you need to double-check. 4. Repeat the previous step until you have the 24 words. 5. Click **Done**. {% hint style="info" %} Make sure the spelling and order of the words is correct before proceeding to the next step. {% endhint %} #### Step 3. Confirmation 1. The Personal Security Device prompts you to confirm the 24 words. 2. Tap the right 24 words. 3. Follow the final instructions until you reach the dashboard. #### Step 4. Update OS version and install Ledger Vault app 1. Go to the [secured update link](https://onboarding.enterprise.ledger.com/update). 2. Click "Verify my device" 3. Your PSD must be connected to your computer, switched ON with the Ledger Vault app closed. 4. Click "Check firmware". 5. Follow instructions. 6. For more details, please look into the detailed steps on the [dedicated help center article](https://app.gitbook.com/o/fFY5hMNJlbYJQ0megQCu/s/apjLO0A6xJKWicwzV6aG/~/changes/53/core/your-device/update-your-personal-security-device-psd). 7. The process will update your firmware version and install the latest version of the Ledger Vault app. {% hint style="info" %} It is strongly recommended to stay on this page and follow instructions until the end of the process. {% endhint %} Please find the Ledger Stax user manual below if you have further questions on the device: {% file src="/files/6fFE5DyJzvW3weBfjPgv" %} # Update your Personal Security Device (PSD) Install the latest version of the Ledger Vault app and firmware on your Personal Security Device. ## Before you begin * You must have been prompted to update your device when connecting to the platform. If you're not automatically prompted, go to the [dedicated update page](https://onboarding.enterprise.ledger.com/update). * Your PSD must be connected to your computer, switched on with the Ledger Vault app **closed**. ## Instructions #### Step 1. Update software version 1. Click "Verify my device" 2. Your PSD must be connected to your computer, switched ON with the Ledger Vault app closed. 3. Click "Check firmware". 4. On your PSD, tap "Share" to share the name of your device. #### A. Your firmware is already up to date * The website will tell you that you are on the latest version of the firmware, alongside the actual version of the firmware. * The process will still move on to the Ledger Vault app install or update. #### B. Your firmware is not up to date * The website will tell you that you need to update the firmware version. * Proceed with the update and follow instructions on your device as well. * Once this is done, you must install the Ledger Vault app again. #### Step 2. Install Ledger Vault app 1. Click the "Install Vault app" button. 2. Allow secure connection with Ledger on your PSD. 3. The app is being installed, please wait for the full process to be done before doing anything else. ## Results You've installed the latest version of the Ledger Vault app and firmware on your device and you can sign into your workspace. # Configure the Ledger Cryptosteel Safely store offline the 24-word recovery phrase generated on the Personal Security Device. {% hint style="success" %} This article is for **Shared-Owners** and **Wrapping Key Custodians**. {% endhint %} ## Before you start You must have: * Configured your Personal Security Device. See Initialize your Personal Security Device . * Written down the 24-word recovery phrase on the Recovery sheet. Then, use the card in the Ledger Cryptosteel to find out where each steel letter is located in the package. ## Instructions Repeat the following steps on **both sides** of the Ledger Cryptosteel to safely store your 24-word recovery phrase.
Step 1. Unlock the frame 1. Fan out the hinged front and back panels of the Ledger Cryptosteel to open it. 2. Get a tile from the package and use it to rotate the upper right screw counterclockwise until it no longer turns. 3. **The following two steps must be performed simultaneously:** 1. With one hand, use the tile to gently press on the safety lever. 2. With the other hand, open the frame.
Step 2. Insert the steel tiles 1. Get your Recovery sheet. 2. Get the necessary letters from the package to write down each word on the Recovery sheet. Only the **first four letters of each word** are necessary. If any of your words only contains three characters (e.g. "Car"), make sure you add a blank tile at the end of that word. 3. Slide the tiles of the first *12 words* in the appropriate row and in the right order.
Step 3. Lock the frame 1. Close the frame. 2. Use a tile to rotate the upper right screw clockwise until it no longer turns to lock the frame. 3. Turn over the Ledger Cryptosteel and repeat the above steps for the remaining 12 words.
## Results Your 24-word recovery phrase in now safely stored in the Ledger Cryptosteel. ## What's next? Refer to our Security best practices, for more information on how to store the Ledger Cryptosteel. # Device pairing: View your partition ID As a user which is already registered to a workspace, the partition ID is seamlessly uploaded to your device when you log into your workspace. ## View partition ID on a Ledger Stax device ### Instructions 1. Open the Ledger Vault app on your Ledger Stax. 2. Tap on the settings button in the top right corner. 3. Tap "Ledger server connection" (which should show the label "Enabled") 4. You can now see your workspace name and its ID. ## View partition ID on a Ledger Blue device ### Before you start Your Personal Security Device must be connected to your computer and switched on. ### Instructions 1. Open the Vault app on your device 2. Tap on the partition button in the top left corner : 3. You can now see your partition pairings. # Managing requests A request is created after critical actions are taken on your workspace. This is so that these actions can only be completed when a certain number of users have approved this action. ## Overview * Understand the possible statuses of requests. A request is submitted for approval whenever you create/edit/delete/revoke the following objects: Transactions, Users, Accounts, Groups, Whitelists, and Admin rule. * Once a request is approved, its status will change. For example, if you requested the revocation of a user, they'll be revoked once all approvals have been collected. The status of the user will go from *Active* to *Pending revocation* , and then *Revoked* . * Beware of requests limitations. ## Transaction requests status The status of a transaction request is displayed in the **Status** column of the transaction page. This table describes all possible statuses. Note that for XRP and XLM the *Unconfirmed* status will be displayed until the transaction is *Confirmed*. | Status | Description | | ------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Awaiting approval | You haven't reviewed the request and your approval is required. | | Pending approval | You've approved the request, but additional approvals must be collected. | | Approved |

One of the following reasons applies:

| | Signed | The transaction has been signed by the HSM but the wallet daemon failed to broadcast it. | | Unconfirmed | (XRP and XLM only) Because Ripple and Stellar don't have the notion of confirmation, the status *Unconfirmed* will be shown until the transaction is *Confirmed*. | | Submitted | The transaction has been approved and broadcasted to the blockchain network. It hasn't received any confirmations yet. | | Confirmed | The transaction has received its first confirmation from the blockchain network. We recommend waiting for more confirmations to consider the transaction as completed. | | Failed | The transaction couldn't be broadcasted because the account's transaction rules have changed or the approval workflow is invalid. It must be recreated. | | Failed to broadcast | The transaction couldn't be broadcasted because of connection issues with the Wallet Daemon. When this status appears, the transaction won't be broadcasted again. You must recreate a transaction. You can also mouse over the 'failed to broadcast' error message to see more details about the reason for the failure. | | Rejected | An Operator has rejected the request. | | Dropped |

The submitted request has been rejected by the blockchain. This can happen when:

| | Expired | The request hasn't been approved before the 7-day expiry date. | ## Requests status Requests can have different statuses as described in the following table. | | Request name | Possible status | | ---------- | ---------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Users | | | | Accounts | | | | Groups | | | | Whitelists | | | #### Additional information on the *Failed* status *Failed* is the status given to requests that were interrupted because they conflict with another request which has just been authorized.
Admin rule request | Action | | | Failing reason | | ------------ | -------------------------------------- | ---------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | I want to... | Edit the Admin rule of my workspace... | While an account, group, user, or transaction request is pending approval... |

You can either:

|
Operator request | Action | | | Failing reason | | ------------ | ------------------------- | ------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------ | | I want to... | Revoke an Operator who... | Has been added to a group pending creation... | You can revoke the Operator but the *Create group* request will fail once the revocation is approved. | | | | Belongs to a group pending to be edit... | You can revoke the Operator but the *Edit group* request will fail once the revocation is approved. | | | | Belongs to a group pending to be deleted... | You can revoke the Operator but the *Delete group* request will fail once the revocation is approved. | | | | Is used in an account pending to be created... | You can revoke the Operator but the *Create account* request will fail once the revocation is approved | | | | Is used in an account pending to be edited... | You can revoke the Operator but the *Edit account* request will fail once the revocation is approved | | | | Has approved a transaction that is still pending to be approved... | You can revoke the Operator but the transaction request will fail once the revocation is approved. |
## Requests limitations Occasionally, you'll be prevented from creating a request because it conflicts with another request pending approval. This request will first have to be approved or rejected to allow you to create the new one. Below is a summary of possible use cases.
Admin rule | Action | | | Blocking reason | | ------------ | --------------------------- | --------------------------------------------- | ---------------------------------------------------------------------------------------------- | | I want to... | Edit the admin rule when... | A new Administrator is pending invitation... | You'll be prevented from editing the admin rule until the new Administrator is active. | | | | An Administrator is pending revocation... | You'll be prevented from editing the admin rule until the Administrator is revoked. | | | | Another edit admin rule request is pending... | You'll be prevented from editing the admin rule if another Edit admin rule request is pending. |
Users | Action | | | Blocking reason | | ------------ | ---------------------------------- | -------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- | | I want to... | Invite a new Administrator when... | Another Create Administrator request is pending... | You'll be prevented from inviting the Administrator. Unlike Operators, Administrators can't be created in bulk. They must be created one after the other. | | | | An Administrator is pending revocation... | You'll be prevented from inviting the Administrator until the revocation request is approved or rejected. | | | | An edit admin rule request is pending... | You'll be prevented from editing the admin rule if another Edit admin rule request is pending. | | | Revoke an Administrator when... | A new Administrator is pending invitation... | You'll be prevented from editing the admin rule until the new Administrator is active. | | | | Another Administrator is pending revocation... | You'll be prevented from editing the admin rule until the Administrator is revoked.v | | | | An edit admin rule request is pending... | You'll be prevented from editing the admin rule if another Edit admin rule request is pending. | | | Revoke an Operator when... | They must approve a pending transaction... | You'll be prevented from revoking the Operator until the transaction is approved or rejected. | | | | It breaks the approval workflow of an account... | You'll be prevented from revoking the Operator until you edit the approval workflow of the account. |
Group | Action | Blocking reason | | | | ------------ | ------------------------------ | ------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | I want to... | Edit or delete a group when... | An Operator in this group is pending revocation... | You'll be prevented from editing the group until the Operator's revocation request is approved or rejected. | | | | An account using this group is pending creation... | You'll be prevented from editing or deleting the group until the account's creation request is approved or rejected. | | | | An account using this group is pending to be edited... | You'll be prevented from editing the group until the account's edit request is approved or rejected. | | | | An account using this group is pending deletion... | You'll be prevented from deleting the group as it's used in the approval workflow of the account. It must first be removed from the account's approval workflow. | | | | A transaction is pending approval... | You'll be prevented from editing the group until the transaction request is approved or rejected. | | | | It's used in the approval workflow of an account... | You'll be prevented from deleting the group as it's used in the approval workflow of an account. It must first be removed from the account's approval workflow by editing the account. |
Account | Action | | | Blocking reason | | ------------ | ----------------------- | -------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------- | | I want to... | Edit an account when... | One of its members is pending revocation... | You'll be prevented from editing the account until the Operator's revocation request is approved or rejected. | | | | A group used in its approval workflow is pending to be edited... | You can't edit the account until the group's edit request is approved or rejected. | | | | A whitelist used in its transaction rules is pending to be edited or deletion... | You can't edit the account until the whitelist's edit request is approved or rejected or deleted. | | | | A transaction is pending approval... | You'll be prevented from editing the account until the transaction is approved or rejected. | | Action | | | Blocking reason | | ------------ | -------------------------------- | ------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------ | | I want to... | Edit an Ethereum account when... | One of its linked ERC20 accounts is pending to be edited... | You'll be prevented from editing the Ethereum account until the edit request is processed. | | | Edit an ERC20 account when... | Its parent Ethereum account is pending to be edited... | You'll be prevented from editing the ERC20 account until the edit request is processed. | | | | Another ERC20 account linked to the same parent Ethereum account is pending to be edited... | You'll be prevented from editing the ERC20 account until the edit request is processed. |
Transactions | Action | | | Blocking reason | | ------------ | ---------------------------- | ------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------- | | I want to... | Create a transaction when... | A group that must approve it is pending to be edited... | You'll be prevented from creating the transaction until the group edit request is approved or rejected. | | | | The account is pending to be edited... | You'll be prevented from creating a transaction until the account edit request is approved or rejected. | | | | A whitelist used by this account is pending to be edited ... | You'll be prevented from creating the transaction until the whitelist edit request is approved or rejected. |
Whitelists | Action | Blocking reason | | | | ------------ | ------------------------ | ---------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | I want to... | Edit a whitelist when... | An account using this whitelist is pending to be edited... | You'll be prevented from editing the whitelist until the account's edit request is approved or rejected. | | | | A transaction is pending approval... | You'll be prevented from editing the whitelist until the account's transaction request is approved or rejected. | | | | It's used in the transaction rules of an account... | You'll be prevented from editing the whitelist if it no longer contains addresses in the currency of accounts using it. In this case, you must first unlink the whitelist from the affected accounts. |
## Objects Objects (Users, Accounts, Groups, Whitelists, and Admin rule) can have the following statuses.
Object typeObject status
Users
  • Pending registration: An invitation URL has been sent to the user and you must wait for them to register.
  • Pending: A new Operator or Administrator is being created. Additional approvals are pending to be collected to activate the user.
  • Active: The Administrator or Operator is active and can operate in your workspace.
  • Active Ÿ : The Administrator or Operator is active but a revocation request is in progress. If it's authorized the user will be revoked.
  • Access suspended: The Operator has been temporarily suspended.
  • Revoked: The Administrator or Operator has been revoked from your workspace.
Accounts
  • Pending: A new account is being created. Additional approvals are pending to be collected to activate the account.
  • Active: The account is active and can be used to create transactions.
  • Active Ÿ : An edit request is in progress on this account. If it's authorized the edits will be implemented.
  • View-only: The approval workflow of the account (Ethereum or ERC20 only) hasn't been provided. For more information, see View-only Ethereum accounts .
Groups
  • Pending: A new group is being created. Additional approvals are pending to be collected to activate the group.
  • Active: The group is active and can be used in the approval workflow of any account.
  • Active Ÿ : An edit or delete request is in progress on this group. If it's authorized the group will be edited or deleted.
  • Deleted: The group has been deleted.
Whitelists
  • Pending: A new whitelist is being created. Additional approvals are pending to be collected to activate the whitelist.
  • Active: The whitelist is active and can be used in the transaction rules of any compatible account.
  • Active Ÿ : An edit request is in progress on this whitelist. If it's authorized the whitelist will be edited.
Transactions
  • Pending: A new transaction is pending. Additional approvals must be collected before it's approved.
  • Approved: The transaction has been approved and broadcasted to the blockchain network.
  • Rejected: The transaction has been rejected by an Operator.
# Approve or reject a request
RoleDescription
AdministratorApprove or reject requests to create, edit, delete or revoke users, accounts, groups, and whitelists.
OperatorApprove or reject transaction requests and Tradelink related requests.
## Before you start * Learn how to Work with requests before getting started. * Your Personal Security Device must be connected to your computer, switched on, and the Ledger Vault app opened. * Only users in the current governance step can abort the request. If the request is at the creation step, only creators can reject it. If a request is in the approval step, only approvers can reject it. ## Instructions 1. Click **Requests** on the left panel. 2. Click a request which is *awaiting your approval* .
3. Review the request and either: 1. **TO REJECT:** 1. Click **Reject**. 2. Rejecting a request is effective immediately and doesn't require any approval from other Administrators. 2. **TO APPROVE:** 1. Click Review on PSD. 2. Verify that the information displayed on your device is accurate. If it's not, either try again or contact [Support](https://ledgerhq.atlassian.net/servicedesk/customer/portals). 3. Tap **Confirm** on the device. {% hint style="info" %} For transactions, make sure the address and the amount are correct as it's not possible to reverse a transaction once the request approved. {% endhint %} ## Results
Administrators: User, account, group, whitelist, and admin rule requests Approved requests: * The request is either finalized or awaiting additional approvals. You can check that information by opening the request. * If necessary, you can reject a request you've approved. This is particularly useful if you made an error or if the required approvers aren't available to review and approve the request. This prevents issues where for example a transaction request remains pending and you're prevented to create a new one before it's rejected or expired. To do so, open the request and click **Reject** . Rejected requests: * The request is immediately canceled. You can review it on the **Requests** page. You can recreate it if necessary.
Operators: Transaction request Approved request: * The transaction is either broadcasted to the network or awaiting additional approvals. You can check this information by opening the request. * If necessary, you can reject a request you've approved. This is particularly useful if you made an error or if the required approvers aren't available to review and approve the request. This prevents issues where for example a transaction request remains pending and you're prevented to create a new one before it's rejected or expired. To do so, open the request and click **Reject** . Rejected request: * The transaction is immediately canceled. You can review it on the **Transactions** page. You can recreate it if necessary.
# Track the status of a request Track requests created by you and other users. ## Instructions **Administrators: Track user, account, group, whitelist, and admin rule requests** 1. Click **Requests** on the left panel. 2. Open the request. 3. Check the **History** tab. **Operators: Track transaction requests** 1. Click **Transactions** on the left panel. 2. Open the transaction. 3. Check the **Status** field on the *Overview* tab and the approval workflow in the *History* tab. # Recreate a rejected or failed request Promptly recreate requests which have failed or have been rejected. You can only recreate requests to create or edit an account, a group, a whitelist, a user invitation, or a transaction. ## Before you start Your Personal Security Device must be connected to your computer, switched on, and the Ledger Vault app opened. ### Instructions **Administrators: Recreate any request** 1. Click **Requests** on the left panel. 2. Go to the **History** tab. 3. Open the rejected or failed request. 4. Click the **History** tab of the dialog and click **Recreate**. **Operators: Recreate transactions** 1. Click **Transactions** in the left panel. 2. Click the transaction you want to recreate. 3. Go to the **History** tab of the dialog. 4. Click **Recreate**. ## Results A pre-filled creation or edit dialog opens. If you're recreating an account, the transaction rules will need to be provided again. # Transactions Move assets in and out of your Ledger Enterprise accounts. {% hint style="success" %} This section is for Operators only. {% endhint %} ## Overview Transactions are a core component of Ledger Enterprise and Ledger Tradelink. In Ledger Enterprise, a transaction refers to the movement of digital assets into or out of an account within your workspace. This includes sending and receiving cryptocurrencies. This section of the Help Center will guide you through creating, managing, and understanding transactions within Ledger Enterprise. * **Creating a Transaction Request:** Learn how to initiate the transfer of digital assets from your Ledger Enterprise accounts. * **Transaction Fees & Speed:** Understand the factors that influence transaction fees and processing times, including network congestion and priority settings. * **Transaction on Bitcoin chain:** * **Broadcasting Transactions:** Details on how transactions are submitted to the blockchain network for processing. * **Viewing Transaction Details:** Guidance on finding and interpreting transaction information, such as status, confirmations, and history. * **Failing Transaction Requests:** Troubleshooting information for when transactions are not processed successfully. ## Concurrent transaction approval It's possible to create multiple transaction requests in an account. Transactions are broadcasted only when all approvals have been collected from the necessary Operators. They can be approved in any order. To allow this, two different balances will be displayed in the account: * the **total balance** : the account's total balance at a given time. * the **available balance** : the account's balance minus the total amount of pending transaction requests and the expected max fees. Put simply, this is the amount you can spend in your next transactions. The available balance is calculated differently depending on the crypto asset. | Crypto asset | Available balance | | --------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- | | Bitcoin and Bitcoin-like | Account total balance - (total pending transaction amounts + pending max fees in the account) | | Ethereum accounts that don't have children ERC20 accounts | Account total balance - (total pending transaction amounts + pending max fees in the account) | | Ethereum accounts that have children ERC20 accounts | Account total balance - (total pending transaction amounts + pending max fees in the account + pending max fees in all children ERC20 accounts) | | ERC20 | Account total balance - the account's total pending transactions | | Polkadot | Account total balance - (the account's total pending transaction + pending max fees in the account) - 1 DOT | ## Limitations
Ethereum (ETH) accounts and their children ERC20 token accounts * The parent Ethereum account must be credited to allow paying the gas fees of ERC20 transactions.
XRP accounts * You're required to hold a minimum balance of XRP 10 at all time. You'll be prevented from creating a transaction if your account's total balance falls below that amount. * Transactions below XRP 10 sent to inactive XRP accounts aren't permitted by the network and will fail.
XLM accounts * You're required to hold a minimum balance of XLM 1 at all time. You'll be prevented from creating a transaction if your account's total balance falls below that amount.
Polkadot accounts * You’re required to hold a minimum of 1 DOT at all time for the blockchain to reference your account. You’ll be prevented from creating a transaction if your account’s total balance falls below that amount. * Transactions below 1 DOT which are sent to inactive Polkadot accounts aren’t permitted by the network and will fail.
Balance update on TRC20 token accounts The parent TRON account must be credited of 1 TRX at least to activate the TRC20 children account. If not the balance of the TRC20 account will not be updated.
# Create a transaction Create transactions in accounts in which you have the Creator role. {% hint style="success" %} Only **Operators** can create transactions on Ledger Enterprise. {% endhint %} ## Before you start {% hint style="info" %} **Transaction rules are specific to each account** They are configured by Administrators either during Account creation or through later updates. These Rules may define: * Who is allowed to create transactions (Operators) * The permitted transaction amount range * A list of approved recipients (see \[Whitelists]) * Which Operators must approve a transaction, and how many are required To view the transaction rules for a specific account, navigate to: **Accounts > Account Dashboard > Rules tab** {% endhint %} {% hint style="danger" %} **Transactions may be blocked or not initiated** In the following scenarios, you will need to clear the pending requests before attempting to create a Transaction: * The account is currently pending edits. * A group or whitelist used in the account’s transaction rules is pending edits. Ledger is committed to adhering to applicable regulations, including international sanctions. If an attempt to interact with a sanctioned wallet address — or one linked to it — through Ledger Enterprise is detected, the transaction will not be initiated.. These sanctions are enforced by authorities such as, but not limited to, the Office of Foreign Assets Control (OFAC) in the U.S., the Council of the European Union and the United Nations. If your Transaction is blocked or not initiated: * You will see a specific message with the reason for this. * If your governance rules include other workspace members they will not be sent the transaction approval request. * Your Transaction will not be broadcasted. Please contact a technical account manager or customer support if you have any questions. {% endhint %} {% hint style="success" %} **Recommended Best Practices** * **Send a test transaction first:** Before transferring a large amount, we recommend sending a small amount to confirm that the recipient receives it correctly. * **UTXO consolidation may be required:** For large Bitcoin transactions, you may need to consolidate UTXOs first. Learn more about [UTXO consolidation](https://help.vault.ledger.com/help-center/core/transactions/utxos#utxo-consolidation). * **Set up your Personal Security Device:** Ensure your device is connected, powered on, and the Ledger Vault app is open before proceeding with any transaction. * Please note when creating a transaction, the recipient address field is case sensitive. {% endhint %} ## Instructions ### Step 1. Select an account and enter the recipient's address 1. Click **New transaction** on the left panel.
2. Select the **Account to debit** . 3. Enter the **Recipient address** or select one from the drop-down list if a whitelist has been linked to the account.\ \&#xNAN;*Note: for SPL tokens, the Solana parent Account address can be provided as a recipient.* 4. Enter the **Amount** to be transferred. 5. (optional) Click **Advanced** and select a **UTXO selection strategy** . This field appears for UTXO-based coins only. 1. **Merge outputs:** To select UTXOs which have the lowest amounts. This is the method used by default. 2. **Optimize size:** To optimise the sanity of your account/later transactions (focusing on UTXOs with the lowest amounts; if not possible - focusing on the lowest among the UTXOs with the highest amounts). 3. **Deep outputs first:** To select UTXOs which have the highest amount of confirmations on the blockchain.
6. Click **Next** . ### Step 2. Select your fees 1. Select the **Transaction fees**. See [Transaction fees & speed ](https://help.vault.ledger.com/help-center/core/transactions/transaction-fees-and-speed)for more details. 2. Click **Next** . ### Step 3. Add comments (optional) 1. Enter a meaningful **Title** that will help you identify the transaction quickly. 2. Enter additional details in the **Comments** field. 3. Click **Next** . ### Step 4. Confirm the transaction creation request on your Ledger Hardware device 1. Review the summary of the transaction. 2. Click **Create transaction** . 3. **Verify that the information displayed on your device is accurate**. If it's not, either try again or contact [Support](https://ledgerhq.atlassian.net/servicedesk/customer/portals) . 4. Tap **Confirm** when prompted by your device to confirm. {% hint style="info" %} Note that for ERC20 tokens, the **Total amount** field doesn't include the gas fees as these are expressed in Ethereum. {% endhint %} {% hint style="info" %} Note that for Solana transactions, you must keep sufficient funds for the [rent](https://docs.anza.xyz/implemented-proposals/rent). {% endhint %} ## Results A *Create transaction* request is created. Depending on the approval workflow defined for the account, the request might need to be approved by other Operators. * To review the approval workflow, go to the account's details page *Account* > *Account dashboard* > Settings. * The transaction will be blocked if an Operator in the approval workflow who has approved the request is revoked.
Tezos note If you've created your first transaction in a new Tezos (XTZ) account, a **reveal transaction** is automatically created by the Ledger Vault to make the public address of the account known to the Tezos network. This transaction is mandatory and costs 0.0025XTZ in fees. If you create multiple transactions at a time in a new Tezos account, these transactions will be put on hold until the first one is approved. The Tezos feature is currently available on demand. Please contact your Technical Account Manager for more information.
## What's next? The request is submitted for approval to the necessary Operators, and must be processed before the 7-day expiry date. If the request expires a new one must be created. The transaction will be broadcasted to the blockchain network once all approvals have been collected. # Transaction fees & speed ## Fees selection strategy for transactions When creating a transaction, for most currencies you need to select a transaction speed (See below for exceptions).\ \ The selected speed will determine the **final fees**. At this stage, the exact amount is unknown so only the **total max fees** is displayed. That is the *highest* amount you will pay for the transaction to be approved. The fee can be lower but will never go above that amount. *Note: Choosing a normal speed may result in longer confirmation times, potentially taking several days.* {% hint style="success" %} The **final fee** is determined and applied only after the transaction has received its final approval from the last Operator. {% endhint %}
Ethereum For Ethereum and ERC20 transactions, you can select the transaction speed and set a maximum gas price. To account for potential gas price fluctuations between transaction creation and final submission (after all approvals), the platform automatically applies a **400% buffer** to the base price in the recommended path. This helps ensure successful execution. If you prefer full control and want to remove the buffer, you can switch to **custom mode** and manually set the gas price and gas limit (see [Custom fees](https://app.gitbook.com/o/fFY5hMNJlbYJQ0megQCu/s/apjLO0A6xJKWicwzV6aG/~/changes/48/core/transactions/transaction-fees-and-speed#custom-fees)). **Note for Direct Access EVM Accounts:**\ Only one estimated speed is available, but you can still switch to custom mode if needed.
Polkadot Polkadot transactions do not use processing speed options. Fees are **fixed and determined by the network**, so users cannot adjust them manually.
Solana & SPL tokens Solana & SPL tokens transactions do not use speed options but have optional priority fees. [Priority fees](https://solana.com/developers/guides/advanced/how-to-use-priority-fees) are optional extra fees added to Solana transactions to increase their chances of being included in a block. They are paid in addition to the base transaction fee. Using a priority fee helps ensure your transaction is processed quickly, especially when the network is busy. Transactions without priority fees may be delayed or dropped during congestion.\ \ \&#xNAN;*Note: the priority fees and buffer will only be used if necessary*

Solana & SPL token transaction recommended fees

XRP additional field Enter the recipient's **Destination tag** or select one from the drop-down list if a whitelist has been linked to the account.
Tron Tron introduces two resource conceptions: Bandwidth & Energy. \ \ Ordinary transactions consume Bandwidth, Smart contract related transactions not only consumes Bandwidth points, but also Energy. If wallets do not own enough Bandwidth or Energy, TRX is consumed instead.\ \ More info on Bandwidth & Energy model can be found [here](https://developers.tron.network/v3.7/docs/resource-model).
XLM additional field (optional) Select the recipient's **Memo type** from the drop-down list and enter the **Memo**. A *slow* speed is selected by default for XLM transactions. This is to ensure you never pay more than what the network requires when creating the request.
## Total max fees When a transaction request is created, the system calculates an estimated **maximum total fee**. It may vary depending on the crypto asset & speed selected, the size of the transaction, and the state of the network.
Bitcoin | speed | Network fees | Max fees | | ------ | --------------------------- | -------- | | Slow | Fees to confirm in 6 blocks | + 50% | | Medium | Fees to confirm in 3 blocks | + 50% | | Fast | Fees to confirm in 1 blocks | + 50% |
Ethereum | Speed | Network fees | Max fees | | ------ | ------------------------------------------------ | ----------------------- | | Slow | Fee amount when creating the transaction request | + 400% on the gas price | | Medium | Fee amount when creating the transaction request | + 400% on the gas price | | Fast | Fee amount when creating the transaction request | + 400% on the gas price | Ethereum (ETH) transaction fees are based on two components: * **Gas price:** A variable amount that changes frequently based on network demand. * **Gas limit:** A standardized value representing the maximum computational effort required. Because the gas price can fluctuate between the time a transaction is created and when it’s finally submitted (after all approvals), the platform automatically applies a 4**00% buffer** to the gas price for ETH and ERC20 transactions. This helps ensure the transaction succeeds when broadcasted. **Max Fees = Gas Limit × (Gas Price + 400% Buffer)** It’s important to understand the difference between **gas price** and **max gas price**: * The **gas price** is what you actually pay to get your transaction confirmed within a desired time frame. * The **max gas price** is a safety cap — not necessarily the final amount you'll pay — used to increase the likelihood of successful broadcasting. **Want full control?**\ You can disable the buffer by switching to **custom mode**, where you can manually set the gas price and gas limit.
Polkadot Fees are **fixed and determined by the network.**
XRP Refer to the [XRP ledger](https://xrpl.org/docs/concepts/transactions/transaction-cost/) for additional information. | speed | Network fees | Max fees | | ------ | ----------------------------------------------- | -------- | | Slow | 10 drops | + 50% | | Medium | 10 drops + load cost | + 50% | | Fast | 10 drops + (load cost + open ledger cost) \*1.5 | + 50% |
Tezos | speed | Network fees | Max fees | | ------ | ------------------------------------------------------------------------------------- | -------- | | Slow | Initial Fee\*75% | + 50% | | Medium | Initial Fee: standard network fee level estimated for the transaction’s storage & gas | + 50% | | Fast | Initial Fee\*125% | + 50% |
Solana & SPL tokens The total estimated fees on Solana network includes the estimated base fee plus the priority fee plus the (default) Ledger 100% buffer. [Priority fees](https://solana.com/developers/guides/advanced/how-to-use-priority-fees) are optional extra fees added to Solana transactions to increase their chances of being included in a block. They are paid in addition to the base transaction fee. Using a priority fee helps ensure your transaction is processed quickly, especially when the network is busy. Transactions without priority fees may be delayed or dropped during congestion.\ \ \&#xNAN;*Note: the priority fees and buffer will only be used if necessary*

Solana & SPL token transaction recommended fees

## Custom fees This feature is available for **Bitcoin, Ethereum, ERC20 tokens, XRP, Solana, and SPL token transactions**. * **Bitcoin, Ethereum, ERC20, and XRP:**\ You can set a **maximum fee** you're willing to pay by enabling the **Custom** toggle. This helps you control costs, but keep in mind that setting the fee too low may delay confirmation. * **Solana and SPL tokens:**\ You can set **priority fees** by enabling the **Custom** toggle to increase the likelihood of your transaction being processed. ## How transaction fees are handled at broadcast time Once the final approval for a transaction request is collected, the transaction is created and immediately broadcasted to the network. At this point, the fees are recalculated and compared to the maximum fees set during request creation: * **If the recalculated fees are lower than the max fees**, the transaction is sent with the lower amount. The unused portion of the max fees becomes available again in your account. **Example:** 1. Kathy Sanchez creates an Ethereum transaction request at 1:00 PM with a "fast" speed setting. The estimated maximum fee is **ETH 0.005**. 2. At 7:00 PM, after all approvals are completed, the transaction is broadcasted. The system recalculates the fast-speed fee at that time and determines it to be **ETH 0.003**. 3. Since this is below the max fee, the transaction is sent using **ETH 0.003**, and the remaining **ETH 0.002** is released back to the account. You can view the final fee in the **Transaction Details** dialog, accessible from your account's dashboard. ## Failing transactions If a transaction fails to send, Ledger Vault will automatically retry up to three times. If all attempts are unsuccessful, the transaction will be marked as *Failed to Broadcast*. You can mouse over the "failed to broadcast" error message to see more details about the reason of failure. # UTXOs Unspent Transaction Outputs {% hint style="success" %} Only **Operators** can manage UTXOs on Ledger Enterprise. {% endhint %} ## What are Unspent Transaction Outputs (UTXOs) ? In Bitcoin and similar blockchains, every transaction consists of **inputs** and **outputs**: * An **output** is the amount of Bitcoin sent to a recipient. * An **input** is a portion of Bitcoin from your wallet used to fund the transaction — any leftover amount (the "change") is returned to your wallet as a new output, which can be used in future transactions. **Example:** If you want to send $8 but only have a $10 bill, you pay with the $10 and receive $2 back as change. Bitcoin transactions work the same way. **UTXOs (Unspent Transaction Outputs)** are the individual pieces of Bitcoin that remain unspent in your wallet — essentially, they are your "available change." When added together, they represent your total wallet balance.
## UTXO selection strategy for transactions When creating a Bitcoin transaction, you can choose from different strategies to determine which UTXOs (Unspent Transaction Outputs) to use: 1. **Optimize for Size (Default Strategy):**\ Selects the largest available UTXOs first. This reduces the number of inputs in the transaction, helping to minimize transaction size and, therefore, fees. 2. **Merge Small Outputs:**\ Prioritizes using smaller UTXOs. This strategy helps consolidate many small pieces of Bitcoin into fewer, larger ones, which can reduce wallet fragmentation over time. 3. **Prioritize Deep Outputs:**\ Selects UTXOs that have been confirmed the longest (i.e., have the most confirmations). This can improve transaction reliability and security by using more established funds.
## UTXO consolidation ### Why Consolidate UTXOs? UTXO consolidation is the process of reducing the number of small-value unspent outputs in your wallet by sending them to yourself in a single transaction. By combining multiple small UTXOs into one larger UTXO — similar to exchanging many coins for a single bill — you make your wallet more efficient. This makes it easier to send larger payments in the future and can help lower transaction fees, especially if you consolidate when network fees are low. **Example:**\ If you consolidate 100 UTXOs, each worth 0.01 BTC, you'll end up with one UTXO worth 1 BTC. ### Before you start {% hint style="success" %} **Only Operators** who have the Creator role in the Account can consolidate UTXOs. {% endhint %} {% hint style="success" %} **Best practices** * Consolidate UTXOs only when the account has no pending or incoming transactions. * Approve UTXO consolidation requests immediately after creation. * Create and approve one UTXO consolidation request at a time — avoid creating multiple requests simultaneously. {% endhint %} {% hint style="warning" %} The consolidation is always performed on the index 0 address of the account, that is the first-ever generated address in your account. **If the selected account uses whitelists only**, ensure that address index 0 is either included in an existing whitelist or covered by a dedicated rule. Contact an Administrator to configure this, as it is required to perform UTXO consolidation in the account. {% endhint %} {% hint style="warning" %} You can consolidate **up to 100 UTXOs at a time** by creating a transaction to yourself. The smallest UTXOs are selected, but those below 546 satoshis are ignored. If the account holds more than 100 UTXOs, repeat the process as needed. {% endhint %} ### Consolidation request 1. Click **Accounts** on the left panel. 2. Click the name of the account for which you want to consolidate UTXOs. 3. Click the **UTXOs** tab at the top of the page. 4. Click **Consolidate** in the top right.
5. Click **Verify on device** in the modal. 6. On your device, verify the information and tap **Confirm** . 7. In the transaction dialog, the number of **Consolidated UTXOs** and the corresponding total **Amount** are displayed. \ \&#xNAN;*Note: In rare cases, if the transaction fees are higher than the consolidated amount, you'll need to enter a lower number of UTXOs to allow the transaction to be created.* 8. (optional) Click **Add comments** and enter a **Label** and **Comments** . 9. Click **Create transaction**. 10. On your personal security device, verify the information and tap **Confirm** . ### Approval Depending on the approval workflow defined for the account, the request might need to be approved by other Operators. {% hint style="warning" %} The request must be processed before the 7-day expiry date. If the request expires a new one must be created. {% endhint %} # Replace by Fee ## Overview Replace-By-Fee is a mechanism that allows users to replace an unconfirmed transaction in the Bitcoin mempool with a new transaction. The new transaction typically includes a higher fee to incentivize miners to confirm it sooner. This can be particularly useful in situations where the network is congested, and you need your transaction to be confirmed more quickly. This capability can be used directly in your workspace to either ‘boost’ a transaction or ‘cancel’ a transaction using Full RBF implementation. ## Boost The Boost feature allows you to expedite a transaction that is pending in the mempool by increasing its fee. This is particularly helpful during periods of network congestion, where delays are common. By boosting the fee, you enhance the likelihood of your transaction being processed and confirmed more quickly. Boost is accessible only for transactions that have been submitted but are still unconfirmed (0/x confirmations). By selecting this option, you can reissue the same transaction with a higher fee, increasing its priority for confirmation. Here, the same transaction output will be recreated exactly. Inputs may be added to cover the new fees, all the inputs from the replaced tx will be used. ## Cancel The Cancel feature provides the option to halt a transaction that has not yet been confirmed. This is useful if you need to correct an error in the transaction details or if you decide not to proceed with the transaction. Instead of waiting for the transaction to naturally be evicted from the mempool or be confirmed by the miners, you can use the Cancel feature to try to proactively stop it. Here the transaction will modify the transaction output to send the initial transaction to the self account. **IMPORTANT**: Please keep in mind that Cancel feature is only an attempt, and does not guarantee that the initial transaction will be definitely cancelled in case miners end up prioritizing the old transaction over the new one. ## How to boost a transaction on a Bitcoin Account ? 1. Open the ‘Transaction Details’ modal of the transaction you want to boost. 2. In the footer, click on “Boost”. 3. Select the suggested fees to boost the transaction 4. Click on “Finalize” 5. Approve the transaction as usual ## How to cancel a transaction ? 1. Open the ‘Transaction Details’ modal of the transaction you want to cancel. 2. In the footer, click on “Cancel”. 3. Verify the suggested fees and the Receiving address. 4. Click on “Finalize”. 5. Approve the transaction. # Export transaction history ## Overview * Export your transaction history to a .csv file. * Operators can export the transaction history of accounts they've got access to. * Administrators can export the history of all accounts. ## Instructions 1. Go to the **Transactions** page. 2. (optional) Use the table's filters to define which data you want to export.
3. Click **Export to CSV** in the top right corner. **Full** exports include 2 additional columns (SCI Incoming Transfers, and SCI Outgoing Transfer) that provide data on token transfers triggered by the transaction (ERC20, ERC721 and ERC1155). **Light** exports do not include this data. ## Results A .csv file is generated and saved on your computer. Note that for Direct Access accounts, full transaction history is not available (notably incoming transactions). However, you can leverage external tools, such as explorers, to retrieve the information. # Raw Signing ## Overview Raw Signing presents inherent security risks, as it involves signing transactions without contextual validation. However, with great power comes great responsibility. This document outlines best practices to ensure the secure and effective use of the raw signing feature. Consequently, Raw Signing is considered a specialized feature, not included by default in your workspace, and is only accessible upon request for specific use cases. If you're interested in this feature and want to see if your use case is eligible for it, please contact your Technical Account Manager (TAM). Raw Signing is a very powerful feature to be used within Ledger Enterprise. As the Web3 world continues to rapidly evolve, LES provides an option to sign digests using the Vault infrastructure in order to support chains and actions that the Vault does not natively support. ## Use Cases * When you want to sign a transaction or a digest on a blockchain that Ledger Enterprise does not currently support. * When you want to perform an action that we don’t currently support (for example staking on a protocol where we don’t support staking) on a blockchain we do actively support. * When you want to prove messages on-chain (that are not supported by our Proof of Reserver feature with Message Signing). ## How to enable Raw Signing ? By default, Raw Signing is not available on your workspace. Contact your Technical Account Manager (TAM) Customer Success team to enable Raw Signing. {% hint style="info" %} You need to have created a Raw Signing Account before being able to use this feature. Navigate to the Account Creation page for more details. {% endhint %} ## Raw Signing Example ### Creating a request It uses the same flow as creating a request from an API Operator: see [here](https://ledger-enterprise-api-portal.redoc.ly/developer-portal/docs/get-started/api_user/api_user_first_steps/#step-3-create-a-transaction) First, let’s look at the schema for this request: ``` DigestToSign { digest: str, derivation_path: str } SignedDigest { digest: str, signature: str, pub_key: str, derivation_path: str } ``` The request is built as follows: 1. Add **digests\_data** 2. Within this object, add **account\_name** and **digests** ``` { "data": { "account_id": number, "digests_data": { "account_name": "...", "digests": DigestToSign[] // allow the customer to sign multiple transaction in one request } }, "type": "SIGN_DIGESTS" } ``` ### DigestToSign | Parameter | Type | Description | | ---------------- | ------ | ------------------------------------------------------------------------------------ | | digest | string | A HexString digests. For currencies that use secp256K1, string must be 32 bytes long | | derivation\_path | string | | ### Approving a request ``` GET /requests/:id/challenge { "challenge": "eyJhbnRpcmVwbGF5IjogIi4uLiIsICJkYXRhIjogeyJ0cmFuc2FjdGlvbl9kYXRh IjogeyJhY2NvdW50X25hbWUiOiAiLi4uIiwgInJhd190eHMiOiBbIi4uLiIsICIuLi4iXX19LCAidHl wZSI6ICJSQVdfVFJBTlNBQ1RJT05fU0lHTklORyJ9" } // this can be decoded into { "antireplay": "...", "data": { "digests_data": { "account_name": "...", "digests": DigestToSign[] }, }, "type": "SIGN_DIGESTS" } POST /requests/:id/approve { "jws": } ``` ### How to retrieve the Account Public Key ? As a first iteration, you cannot directly get the account address or Public Key (pub\_key) from a HSM-secured channel. Instead you need to sign a first message from the account: 1. Sign any message using the Raw Signing Request (it can be message signing) 2. Get the Digest via GET /digests/:id to retrieve the pub\_key in the payload 3. You can derive addresses from the pub key ``` GET /digests/:id Digest { id: number, created_by: number, created_on: datetime, last_request: number, account_id: number, status: string, digests_data: SignedDigest[] | ToSignDigest[], notes: Note[] } ToSignDigest { digest: string, derivation_path: string } SignedDigest extend ToSignDigest { signature: string, pub_key: string } Note { title: string, content: string } ``` # Compliance capabilities We understand the critical importance of compliance in the world of digital assets and cryptocurrency custody. In this guide, we'll provide an overview of our compliance framework and highlight our current compliance provider, Chainalysis. We're committed to ensuring that your assets are held securely and in compliance with the most stringent standards. ## Our Commitment to Compliance At Ledger Enterprise, we prioritize the security and compliance of your digital assets. We designed this feature to help customer meet the regulatory and compliance while reducing manual work. We understand that regulatory requirements can vary significantly depending on your jurisdiction, and that's why we work with trusted compliance providers to stay ahead of the curve. ## Chainalysis as your Compliance Provider As of today, you can bring your Chainalysis license to your Ledger Enterprise workspace. Chainalysis is a leading blockchain analysis and compliance solution known for its robust capabilities in ensuring that cryptocurrency transactions meet compliance and regulatory standards. By integrating Chainalysis, we enhance the security and trustworthiness of your digital assets. ## Key Features of Chainalysis Compliance: * **Whitelist Address Screening** : With Chainalysis, we can ensure that addresses added to your whitelist meet compliance and risk mitigation standards. * **Real-time Monitoring** : Chainalysis provides real-time monitoring to detect suspicious activities and trigger alerts when necessary. * **Transaction Screening** : Chainalysis offers a comprehensive transaction screening solution, which helps us identify and prevent transactions associated with illicit activities. This feature will be added in the next release. * **Integration with Regulatory Authorities** : Chainalysis maintains connections with various regulatory authorities, helping you adhere to evolving regulatory requirements. ## Get Started You can start learning more about this feature exploring the [interactive demo](https://app.supademo.com/demo/-qooX3RUrx2IavjPMee9L) or go throw the following articles: * Setup and Address screening * KYT - Know your transactions ## Exploring Other Compliance Providers While we currently rely on Chainalysis as the only compliance provider available, we understand that our customers may have specific preferences or requirements for other compliance providers. If you are interested in using an alternative compliance provider for your custody needs, please reach out to your account manager. We value your feedback and are open to exploring additional options to accommodate your compliance preferences. ## Other Compliance functionalities ### Proof of Reserve The exact way that institutions prove that they control the private keys behind public addresses will vary depending on the specific requirements of the jurisdiction. The most common method used in the context of institutional audits, however, seems to be the **signature of messages**. Signing messages with a private key can be used to prove that an institution controls the private keys that correspond to its public addresses: * the auditor submits a message (challenge) to the institution; * the institution signs the challenge with the private key & provides the signature to the auditor; * the auditor can then verify the signature to ensure that the institution actually controls the private key. Ledger Enterprise enables its customers to perform such actions: * for **Administrators** : activate Message Signing on an account; * for **Operators** : sign an EIP-191 compliance Message. # Proof of Reserve - Enable Message Signing on an account {% hint style="success" %} This article is for Administrators only. {% endhint %} ## Overview As a Ledger Enterprise user, you will now be able to define and use **Message Sigining** capabilities across all supported networks. This enables you to sign **Proof of Ownership** messages, should you require it for Compliance purposes. Indeed, signing messages with a private key can be used to prove that an institution controls the private keys that correspond to its public addresses. You can enable **Messge Signing capabilities** for any account, across any supported networks. For EVM networks, the step 4 **web3 rules** of the account creation or edition procedure already let you activate and configure a rule to govern message signatures for the account. Activate the feature by clicking on the Toggle button, and configure your Message Signing governance rule according to your needs. For non-EVM accounts (Bitcoin, Tezos or even Vault Signer accounts), you can now also create a Message Signaure rule to leverage these capabilities: * For accounts tha do not support Staking, such as Bitcoin or Ripple, the Message Signature rule will appear at the **4th step** of the account creation flow; * For accounts that do support Staking, such as Tezos or Solana, the Message Signature rule will appear at the **5th step** of the account creation flow. Note that signing a Message is a fully off-chain operation that do not let you send funds. However, on smart-contract enabled networks, the signature provided can be used to perform advanced on-chain operations, such as granting a Token Approval. ## Instructions 1. During the creation or editing of an account of relevant chains, Step 4 allows you to activate the **Message Signature** feature. 2. Select **creator** to define which operators can **create message signature requests**. You can select up to 20 operators or a single group. The selected operators will be able to initiate a message signature process through through the UI (or DApps for EVM accounts). See Sign Messages for details. 3. (*Optional)* Use the approval workflow section to define which Operators must **review and approve** message signature requests. You can define up to three steps. 4. Confirm the creation of your **Message Signature rule** and review the rule on your Personal Security Device. Once you've reviewed the rule on your PSD and confirmed, an account creation or edition request is created. 5. Once all required Administrators have reviewed and approved the account creation or edition request, according to your workspace's admin rule , the **Message Signature rule will be effective for the account**.
# Proof of Reserve - Sign Messages {% hint style="success" %} This section is for Operators only. {% endhint %} ## Overview Signing messages serves a crucial purpose in the web3 ecosystem. It allows users to confirm their identity, authenticate transactions, and on smart-contract enables networks such as EVMs, interact with smart contracts without the need to share their private keys. Ledger Enteprise supports the signature of messages in * the EIP-191 and EIP-712 formats on **EVM networks** ; * the EIP-191 format on **all other networks** . Whenever signing a message, Operators will be able to review their content on the **Trusted Display** of their Personal Security Devices. The signature of messages with Ledger Enterprise accounts opens up multiple opportunities in the web3 ecosystem. {% hint style="info" %} Note that signing a Message is a fully off-chain operation that does not let you send funds. However, it is crucial that the format of these signed messages cannot be interpreted as Transactions (and risk losing funds). Therefore, Ledger Enterprise formats all messages in an EIP-191 fashion so that they cannot be broadcasted as Transactions on a network. {% endhint %} ## Instructions #### Pre-requisites * In order to initiate or approve a Message Signature request on an account, you need to be an authorized Operator on that account, i.e. be part of the **Message Signature rule** of that account. * If this is not the case, please contact your Administrator, so that they can add you to the Message Signing rule . #### Step 1: Create the Message Signature request 1. Sign in yo your workspace, and click on the **New transaction** button in your sidebar. Select **Sign message**.
2. Select the **account** that you wish to use to sign your message, and input the desired message in the dedicated space. 3. ( *Optional* ) Click on **Next** and add a Title and Comments to easily identify and report your Message Signature requests during your reporting workflows. 4. Review the summary of the Message Signature request. Click **Review on PSD** to examine the message on the **Trusted Display of your Personal Security Device** . Tap the arrows to expand the different sections of the message. 5. The message signature request is created and will undergo the message signature governance checks which admins have defined for the account. 1. If the message signature governance rule requires further operator approvals, see Step 2 2. If the message signature governance rule does not require further operator approvals, see Step 3 {% hint style="info" %} You should only trust the message displayed on your PSD. Ensure that the message is accurate and corresponds to your intention before approving its signature. Reject the message signature and contact the Ledger Enterprise support if you notice discrepancies. {% endhint %} #### Step 2: Review and approve a Message Signature request When a Message Signature request requires your approval, it will appear in the **Request** panel. 1. Click on the Message Signature request to examine its content. 2. Click **Review on PSD** to check the message on the Trusted Display of your Personal Security Device. #### Step 3: Sign the Message Once the Message Signature requests has passed all the required governance checks, it will be signed by the Hardware Security Module. The signed message is then available in your **Operations** table, in the **Message** tab. #### Step 4: Reporting - Monitor and audit the Message Signature request You can monitor and audit your entire history of messages signed. Ledger Enterprise records the message that was signed, its signature hash, as well as the message singing governance rule's audit logs. {% hint style="info" %} To encode and sign the message while preventing it from being interpreted as a Transaction across networks, Ledger Enterprise leverages a specific format (see below). > **Message encoding format**: `keccak256("\0x00 Signed Message:\n" + len(message) + message)`. For instance, a BTC signed message would be encoded following: `keccak256("\0x00Bitcoin Signed Message:\n" + len(message) + message)`. > {% endhint %} # Address Screening and KYT {% hint style="success" %} This article is for Adminstrators only {% endhint %} ## Overview * This feature is designed to enhance compliance and security in your daily operations. In this guide, we'll walk you through the process of setting up and using Chainalysis Address Screening to ensure that your transactions are both secure and compliant. * This feature is currently available on demand. Please contact your Technical Account Manager for more information ## Setting Up Chainalysis Address Screening #### Connecting Your Compliance Tool To get started with Chainalysis Address Screening, follow these steps: 1. Log in to your Ledger Exnterprise account. 2. Navigate to the "Settings" section. 3. In the settings, you'll find an option to "Activate" Click on this option.
4. Follow the prompts to connect your preferred compliance provider. This connection will enable seamless integration with Chainalysis Address Screening. 5. To create an API key: 1. Log into the KYT instance (either sandbox or primary) for which you want to create an API key. 2. From the Tools drop-down menu, click Developer > API keys. 3. Click the Generate API Key button. Your API key appears below. 4. You can also obtain an API key from the [Settings ](https://reactor.chainalysis.com/settings/api-keys/list)menu in Reactor. Now that you've set up the integration, you're ready to start using Chainalysis Address Screening to enhance compliance and security in your transactions. ## Using Chainalysis Address Screening Chainalysis Address Screening offers several key features to help you make informed and secure transactions while staying compliant. Let's explore how to use these features: #### Whitelist Address Screening Before adding addresses to your whitelist, you can ensure they undergo screening to enhance compliance and mitigate risks. Follow these steps: 1. In your Ledger Exnterprise account, navigate to the "Whitelist" section. 2. Add the address you want to screen to your whitelist, and enable the "compliance screening" toggle switch on the top of the modal. 3. Addresses that pass the screening will be scored with a risk : \[HIGH, MEDIUM or LOW] , when hovering the risk tag you can get the full reason of this risk scoring. Now you can confidently use them in your transactions, and you will be able to review all of theses address directly in Chainalysis. #### Address Screening in "New Transaction" Modal When creating a new transaction and pasting a recipient address in the "New Transaction" modal, the system will automatically screen it for added security and compliance. Here's how it works: 1. When creating a new transaction 2. Enter the recipient's address in the provided field. 3. As you enter the address, the system will immediately screen it. 4. If the address passes the screening, you can proceed with the transaction, knowing that it meets compliance requirements. 1. Ledger Enterprise does not prevent you from interacting with high risk addresses. The only way to restrict this is to enforce a whitelist on your accounts as recommended. With Chainalysis Address Screening, you can now confidently engage in secure and compliant operations. ## Conclusion Chainalysis Address Screening empowers you to make informed, secure transactions and better counterparty management while ensuring compliance. By connecting your compliance tool, using whitelist address screening, and leveraging the address screening feature in the new transaction modal, you can conduct your transactions with confidence and peace of mind. For any further assistance or inquiries, please refer contact your account manager. # Using Vault Signer ## Summary * For a selection of cryptocurrencies, you will be able to hold them in custody on Ledger Enterprise and interact with them via an extension. * This includes **Cosmos** and **Near** with the Ledger Wallet™ (formerly Ledger Live™) application functioning as an external wallet. * Please note that the account balance for these cryptocurrencies will not be displayed in Ledger Enterprise. Users are advised to rely on the blockchain or Ledger Wallet for balance information. ## How does this feature work? The Ledger Enterprise platform combines the functionality of both a crafter and signer wallet, allowing users to seamlessly integrate coins and perform crafting and signing transactions in one location.. This integration is costly in resources and time to develop, encouraging us to look for a more efficient, faster solution which would still retain all of the security and trust you can expect from Ledger Enterprise and the Vault platform.
With the **Vault Signer** feature, an external wallet takes on the role of the crafter, while the Ledger Enterprise platform retains all control of the signer. This guarantees that transactions will still have to follow the governance rules enforced by the HSM. The biggest change is that the transactions will be crafted on the extension instead of the Vault.
In a first release, users will be able to connect the workspace to Ledger Wallet(tm) formerly Ledger Live, craft the transaction on the application and approve the request on Ledger Enterprise with their PSD.
# Create a Vault Signer account {% hint style="success" %} This article is for Administrators only. {% endhint %} ## Overview * Create a Vault Signer account in your workspace. * Define the transaction rules for this type of account. * The Vault Signer feature is available on **Cosmos** and **Near** accounts with the **Ledger Wallet** application functioning as an external wallet. * Please note that the account balance for these cryptocurrencies will not be displayed in your Ledger Enterprise workspace. Users are advised to rely on the blockchain or Ledger Wallet for balance information. ## Before you start * Learn more on how accounts work: Workspace administration . * Your Personal Security Device must be connected to your computer, switched on, and the Ledger Vault app opened. ### Instructions
Step 1. Select the account's crypto asset 1. Click **Accounts** on the left panel. 2. Click + Create account in the top right corner. 3. Select a crypto asset. For now, the Vault Signer option is available COSMOS and NEAR accounts.
4. Click **Next** .
Step 2. Name the account 1. Enter a **Name** for the account. This name must be less than 19 characters long and must not contain special characters.
2. Click **Next** .
Step 3. Define the transaction rules 1. Click **Select creator** to define which Operators can create transactions. You can select up to 20 Operators or a single group. 1. Operators and groups pending to be created, edited, or deleted aren't listed.
2. (optional) Click **Add amount range** and enter a **Minimum** and **Maximum amount** . Optionally, select the **No limit** checkbox, if you don't want to set a maximum value. Then, click **Add amount range** to confirm.
3. Use the approval workflow section to define which Operators must review and approve transactions created in the account. You can define up to three steps. * Click Add approval step . * Select up to 20 Operators or a single group. 4. (optional) Click the **+ Add rule** tab and repeat the above steps to add up to four rules.
5. Drag and drop the rules tabs to arrange them in the wanted order of execution. For more information, see Accounts . 6. (optional) Activate a staking rule in order to enable operators to confuct staking operations on this account. 7. Click **Next** .
Step 4. Confirm the account creation on your device 1. Click **Create account** . 2. Verify that the information displayed on your device is accurate. If it's not, either try again or contact [Support](https://ledgerhq.atlassian.net/servicedesk/customer/portals) . 3. Tap **Next** to review all rules. 4. Tap **Confirm** to confirm the edit. 5. Tap **Confirm** to finalize the request.
## Results A *Create account* request is submitted to all Administrators of the workspace. This request will fail and will have to be recreated if any Operator in the approval workflow is revoked before the request is approved. #### What's next? The account will be created once the request is approved by the number of Administrators defined in the admin rule. For more information, track the status of a request. # Connect your Signer account to the Ledger Wallet extension {% hint style="success" %} This section is for Operators only. {% endhint %} ## Overview * In the workspace settings, you will be able to connect your signer account to the Ledger Wallet which will be used similar to an extension, in order to craft a transaction via Ledger Wallet and then sign it with your PSD on Ledger Enterprise. * The Vault Signer feature is available on **Cosmos** and **Near** accounts with the **Ledger Wallet** application functioning as an external wallet. * Please note that the account balance for these cryptocurrencies will not be displayed in your Ledger Enterprise workspace. Users are advised to rely on the blockchain or Ledger Wallet for balance information. ## Before you start * You need to have a Vault Signer account created: Create a Signer account . * Your Personal Security Device must be connected to your computer, switched on, and the Ledger Vault app opened. ## Instructions
Step 1. Access the external wallet configuration in the account settings as an operator 1. Click on the account you want to connect to Ledger Wallet. 2. Click Settings in the tabs.
3. Click on the External wallet signer section.
Step 2. Pair your workspace with Ledger Wallet 1. Open Ledger Wallet (please make sure you have the latest version of Ledger Wallet. You can download Ledger Wallet [here](https://www.ledger.com/ledger-live) ). 2. You will see three fields to copy in order to connect the Ledger Enterprise workspace to Ledger Wallet: the workspace name, the URL endpoint, and the API token. Click **Generate** in order to create the API token. Once you've generated your token your screen should look like this:
3. Please carefully make a note of the API token generated. Once you have generated the token, it will be hidden from view. If you lose it, you will need to generate a new token. 1. The token is singular to every operator. Once it has been generated it applies to all the accounts that a given operator has access to. For example, if Operator Carlos Hernandez generates an API token, it will apply to all the accounts he has access to. Another operator will generate a different token on their side. This token ensures that each operator will only be able to import the accounts that they have access to into an external wallet.
4. Open Ledger Wallet and click on the "Settings" icon in the top right corner.
5. Then click on **Experimental features** tab
6. Scroll down to find the **Vault Signer** section and enable the feature.
7. A modal will pop up which will invite you to copy-paste the information from the 3 fields displayed on the Vault page.
8. Once you've copy-pasted all information, click **Connect** . Success! You've now established a connection between the Ledger Enterprise workspace and Ledger Wallet. This will allow you to import accounts to see them in the Ledger Wallet and then craft a transaction.
Step 3. Import the account into Ledger Wallet {% hint style="info" %} Please make sure to have funds on accounts that are already imported or Ledger Wallet will prevent you from importing new accounts. {% endhint %} 1. In Ledger Wallet, go to the **Portfolio** page.
2. Click on **Add account** 3. A modal will open. Choose the cryptocurrency of the account you wish to import.
4. The second step asking to connect the device will automatically skip, as the connection has already been made through the settings of the Ledger Wallet in **Step 2: Pair your workspace with Ledger Wallet** . 5. The third step will show a synchronization of accounts.
Once you are satisfied with the accounts displayed, click **Stop** to import those accounts and proceed to the final confirmation step. You can use the checklist to import the accounts you want.
6. The last step shows a successful import.
# Craft a transaction on Ledger Live with your Vault Signer account {% hint style="success" %} This section is for Operators only. {% endhint %} ### Overview * Craft your transaction in **Ledger Wallet** and validate the request via your PSD on Ledger Enterprise. * The Vault Signer feature is available on **Cosmos** and **Near** accounts with the **Ledger Wallet** application functioning as an external wallet. * Please note that the account balance for these cryptocurrencies will not be displayed in your Ledger Enterprise workspace. Users are advised to rely on the blockchain or Ledger Live wallet for balance information. * Please make sure to have consistent governance rules between parents and children account. ### Before you start * Your PSD must be connected to your computer, switched on, and the Ledger Vault app opened. * You need to have a Vault Signer account created: Create a Signer account . * You need to have connected your workspace to the Ledger Wallet and imported the account you wish to interact with. Follow a step-by-step explanation here . ### Instructions 1. In Ledger Wallet, click on the **Send** button located on the left in the sidebar menu. 2. A pop up window will appear. In the first step, select the account you want to send from and enter the recipient address.
Then click on **Continue**. 3. In the second step, select the amount you want to send, making sure that the amount aligns with the thresholds listed in the account rule if there are some.
4. The third step summarizes your transaction. 5. The final step asks you to validate the request on your device. For this step, please switch to the Ledger Enterprise platform where you will have a request appear for a transaction creation.
Other approvers will receive an approval request on the Vault, similar to when they receive a request for a transaction crafted on the Vault. # Overview of the Ledger Enterprise API ## Introduction Navigating the complexities of crypto asset custody—particularly for institutional players—poses significant challenges and risks. Whether it's a bank providing crypto custodial services or a high-traffic exchange, a tailored combination of expertise, technology, and infrastructure is crucial for maintaining operational efficiency, account security, and effective key management. Unfortunately, many existing custodial platforms are hindered by insufficient systems and labor-intensive manual processes that struggle to meet these demands. By leveraging APIs for automation, organizations can establish streamlined, end-to-end workflows and access real-time data, ultimately saving both time and resources. With Ledger Enterprise, the market's most secure API at your disposal, you can optimize management, reduce risks, and ensure business continuity for scalable performance. ## Reporting & Notifications Utilize our reporting endpoints to query and export data on transactions (transfers, DeFi & NFT, staking), accounts (balances, addresses, governance, etc.), users, and all workspace objects (whitelists, groups, entities). Configure notifications to monitor workspace events (incoming/outgoing transactions, account changes, governance progress, workspace object updates) and automate your workflows. Generate [Reporting API Keys](https://help.enterprise.ledger.com/api-documentation/tutorials/reporting-api/generate-reporting-api-keys) to access our reporting and notifications endpoints. ## Transactions Take advantage of our transaction endpoints to execute programmatic crypto transfers, automate staking operations, and interact with DeFi & NFT contracts on a large scale. Create and register [API operators](https://help.enterprise.ledger.com/api-documentation/tutorials/api-operator/first-steps-as-an-api-user) for these tasks, and assign them transaction creation or approval roles within account governance rules (transfers, staking, or smart contract interactions). ## Get started #### Follow our developer guides * **Approve a Request -** [Explore articles](https://help.enterprise.ledger.com/api-documentation/tutorials/api-functionalities/approve-a-request) * **Reporting -** [Explore articles](https://help.enterprise.ledger.com/api-documentation/tutorials/reporting-api) ## Start building Explore our [APIs documentation](https://help.enterprise.ledger.com/api-documentation) to learn how to use all our **reporting** and **transactions** endpoints. # Public Key Infrastructure (PKI) Implementation ## Public Key Infrastructure (PKI) Explained Public Key Infrastructure, or PKI, is a system that uses digital certificates to verify and authenticate the identity of users, devices, and services on the internet or private networks. It's a crucial technology for ensuring secure communication and data protection. ### What is PKI? PKI is a set of roles, policies, procedures, and systems needed to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption. It provides a way to establish trust in online interactions. Ledger Enterprise is implementing PKI in its infrastructure so that a number of its critical READ or GET endpoints can share information securely. ## Key Components ### Digital Certificates Digital certificates are electronic documents that bind a public key with an issuer identity over a given validity period. ### Public and Private Keys PKI uses asymmetric cryptography, which involves a pair of keys: * **Public Key**: Shared openly and used to encrypt data or verify digital signatures. * **Private Key**: Kept secret and used to decrypt data encrypted with the corresponding public key or to create digital signatures. ### Certificate Authority (CA) A CA is a trusted entity that issues digital certificates. It verifies the identity of the entity requesting the certificate and signs the certificate with its own private key, creating a chain of trust. ### How PKI Works at Ledger Enterprise - Getting the Root CA The process typically involves the following steps: 1. **Certificate Request**: Sign into your workspace as an administrator. In the settings section, there will be a button that allows the administrator to reveal the Root Certificate Authority (Root CA) of the HSM. 2. **Reveal the Certificate**: The administrator will click this button and be taken through a flow that allows them to download the Root CA and save the User ID of the workspace. An example of the Root Certificate can be seen below. The file format will be either .der or .pem. 3. **Compute the SHA-256:** Once the certificate is saved, the administrator will need to use it to compute the SHA-256 from the certificate. This will then be used for verification. 1. To compute the SHA-256 on a Ubuntu or Mac, in the terminal, navigate to the directory the file is saved in and use the command `$ sha256sum root.der`. The output should be a 63 character aplpha-numeric string. 4. **Certificate Verification**: Once revealed, the administrator will then verify the SHA-256 as well as the User ID of the workspace on their Personal Security Device (PSD). If the information matches the previously saved information, it is safe and can be used for future verification. 5. **Using the Certificate**: When receiving address information from Ledger, the client will then be able to use this Root CA to verify the signed information that is sent from the relevant GET requests. This is further explained in the following section. *Example certificate* ``` Certificate: Data: Version: 3 (0x2) Serial Number: 1a:01:27:77:75:01:4b:d9:da:4a:c6:2e Signature Algorithm: ecdsa-with-SHA256 Issuer: CN = Ledger Root Validity Not Before: Mar 12 09:18:32 2025 GMT Not After : Mar 11 09:18:32 2030 GMT Subject: CN = Ledger Root Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:72:51:7b:b4:7a:16:bf:5f:f6:64:86:ed:d5:7a: 10:a6:c6:8e:b5:4d:bb:b7:7b:b4:fc:a3:89:f1:22: 6e:5e:ad:bb:6e:fa:0c:32:eb:4d:8a:c0:26:1a:6d: 9f:a9:66:67:fe:b0:8c:3f:c5:bf:db:76:fe:cd:42: 2c:4e:18:73:af ASN1 OID: secp256k1 X509v3 extensions: X509v3 Authority Key Identifier: keyid:B9:8A:5D:B1:AD:4F:8F:FE:FB:AB:5E:47:76:9C:5A:22:D0:6C:DD:0A X509v3 Basic Constraints: critical CA:TRUE, pathlen:2 X509v3 Key Usage: critical Certificate Sign X509v3 Subject Key Identifier: B9:8A:5D:B1:AD:4F:8F:FE:FB:AB:5E:47:76:9C:5A:22:D0:6C:DD:0A Signature Algorithm: ecdsa-with-SHA256 30:44:02:20:47:83:1b:75:c3:8a:f8:3a:d8:e3:c5:87:29:6b: 3a:ee:62:f7:d8:4f:ac:ee:e4:59:46:7d:09:08:29:33:1c:e8: 02:20:0a:9f:a5:01:4f:e6:93:76:59:92:7c:1b:d4:48:00:db: c5:31:b6:7f:e2:03:f2:3c:4d:67:30:6d:70:aa:b8:53 ``` ### Using the Root CA Now that the Root CA has been verified on the PSD and downloaded, we need to use it to verify the certificate chain so that we can trust the information we receive. Do this with the following steps: 1. **Retrieve Certificate Chain**: Using your API Operator, we will have a certificate chain endpoint that allows you to verify incoming information. 1. The certificate chain will be retrieved by an API endpoint - [GET /certificate/chain](/api-documentation/reference/api-reference/pki). 2. The first certificate is signed by the RootCA. The second certificate is signed by the first certificate and so on, creating a chain of trust. 3. This is workspace specific, so if your organisation has more than one workspace, this will need to be implemented on a per workspace level. 2. **Verify the Certificate Chain:** Using the SHA-256 and the User ID from previous steps, locally verify that the certificate chain. The chain of trust will then be secured as follows: 1. PSD is trusted thanks to end to end authentication with the HSM 2. This means that the Root CA that has been verified with the PSD can be trusted. 3. This means that the calculated SHA-256 can be trusted. 4. Which means that the Certificate Chain can be trusted down to the leaf. 5. Using this, API data can be trusted. 3. **READ or GET information**: Each time you request information requiring HSM data, it will be signed by the JWS of the leaf certificate of the chain you retrieved above. 4. **Use information:** This information has now been verified and you can use it in the ways you see fit. ### Impacted Endpoints We are introducing two new endpoints that will allow clients to GET address based data in a secure manner. They will look very similar to previous endpoints that were used to retrieve addresses, but will now be updated to include PKI specific data. **Endpoint 1** - Get an address at a specific index: * This would allow a client to get a specific address of a UTXO based account. * By default, you will get Receive address here and not change address. As both could be useful for audit purposes, we will also add a query parameter: ?address\_type=receive|change. * NB: The response will only be the JWT token, but below we provide an example of the details that will be masked by the JWT token. ``` /accounts/{account_id}/address/{index}?type=receive|change { "data": { "address": "string", "derivation_path": "84'/0'/2'/1/23", "blockchain_name": "bitcoin", }, "jwt_token": "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJhZGRyZXNzIjoic3RyaW5nIiwiZGVyaXZhdGlvbl9wYXRoIjoiODQnLzAnLzInLzEvMjMiLCJibG9ja2NoYWluX25hbWUiOiJiaXRjb2luIiwiaWF0IjoxNzQxNzc1Mzg1fQ.yAL3znC6XI8GQZPTPkVZa7Kjap6s6w9HKYCI5yRIx23dnnZIg7siMtdksEC-wHyjMK2fQRxXdc6Wow3LKMxIHw" } ``` **Endpoint 2** - Get an address for non-UTXO based account: * Here, using a specific index does not make sense when retrieving account address, so the endpoint and response would look as follows: * NB: The response will only be the JWT token, but below we provide an example of the details that will be masked by the JWT token. ``` GET /accounts/{account_id}/address { "data": { "address": "string", "derivation_path": "44'/60'/7'/0/0", "blockchain_name": "ethereum", }, "jwt_token": "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJhZGRyZXNzIjoic3RyaW5nIiwiZGVyaXZhdGlvbl9wYXRoIjoiODQnLzAnLzInLzEvMjMiLCJibG9ja2NoYWluX25hbWUiOiJiaXRjb2luIiwiaWF0IjoxNzQxNzc1Mzg1fQ.yAL3znC6XI8GQZPTPkVZa7Kjap6s6w9HKYCI5yRIx23dnnZIg7siMtdksEC-wHyjMK2fQRxXdc6Wow3LKMxIHw" } ``` # Ledger Enterprise mobile application Learn how to use the Ledger Enterprise mobile application, and troubleshoot possible errors. # Terms of Use The terms of use of the Ledger Enterprise mobile application. ## Ledger Enterprise Mobile Application - TERMS OF USE {% file src="/files/knWJF4dacygHbbu46eLM" %} You are about to enter Ledger Enterprise Mobile Application software, the data supplied with the software, and any updates or supplements to it to access your Ledger Enterprise Services (“LE Mobile App”). We’re excited for you! Before you get on, Ledger needs you to carefully read, understand and accept our Terms of Use (these “Terms” or this “Agreement”). To access the LE Mobile App, you confirm and agree that you have a Platform as a Service Agreement (“PaaSA”) with us or one of our Affiliates. You also confirm that you have a Ledger Hardware Device. 1\. Overview This Agreement is between your legal entity (“you”, “your”, or “user”) and the following Ledger company, depending on your region and in accordance with your PaaSA with us:
| Region | Ledger company (“Ledger”, “us”, “our”) | | ---------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | Asia Pacific | Ledger Technologies SG Pte. Ltd, a private company limited by shares registered under the laws of Singapore having registration number 202003143R and whose registered office is at 9 Raffles Place #26-01, Republic Plaza, Singapore (048619) | | United States | Ledger Technologies INC, a company registered under the laws of Delaware with a registered address located at 838 Walker Rd, Suite 21-2, Dover, DE 19904, County of Kent, United States | | Europe, Middle East and Africa / Rest of World |

LEDGER, a simplified joint stock company (société par actions simplifiée), whose registered office is located at

106 rue du Temple 75003 Paris, France, registered with the Trade and Companies Registry (Registre du Commerce et des Sociétés) under number 529 991 119 RCS Paris

| You, the user and us, Ledger are together referred to as the “Parties”. By clicking “I agree”, “Get started”, or otherwise using any of the Services provided by Ledger or any third party services made available through LE Mobile App, you agree that you have carefully read and accepted all of these Terms which will bind you. IF YOU DO NOT AGREE TO THESE TERMS, CLICK ON THE "REJECT" BUTTON BELOW. Your use of LE Mobile App is subject to Article 19 (Processing of Customer Personal Data) of your Platform as a Service Agreement with us and the DPA Addendum. \[INSERT AS LINK TO COOKIE POLICY]Use of Software Development Kits (SDKs): Our LE Mobile App may utilize third-party Software Development Kits (SDKs) to provide certain features and functionalities, such as analytics, advertising, social media integration, and crash reporting. These SDKs may collect and process information in accordance with their own privacy policies. Device Bluetooth Pairing Access to and use of the LE Mobile App is contingent upon the successful bluetooth pairing of your compatible mobile device (with the LE Mobile App installed) with your Ledger Hardware Device. User authentication and authorization for access to the LE Mobile App, including your designated workspace instance and assigned role, will be solely performed through a Ledger Hardware Device, which, for the avoidance of doubt, currently includes Ledger Stax devices. Registration You acknowledge that Ledger does not require you to provide your name and email address in order to complete the registration process for LE Mobile App. Support for the LE Mobile App and how to tell us about problems If you want to learn more about the LE Mobile App or the Service, please take a look at our Security Best Practices at Ledger Enterprise [Help Centre](https://help.vault.ledger.com/Content/legal/bestpractices.html). If you have any problems or think the LE Mobile App or the Services are faulty or misdescribed or wish to contact us for any other reason please email our customer service team at or call us on \[TELEPHONE NUMBER]. If we have to contact you, we will do so either by email, by SMS or by pre-paid post, using the contact details you have provided to us in your PaaSA or to your account manager. In return for your agreeing to comply with these Terms you may: • download and use the LE Mobile App onto blue-tooth compatible devices actively supporting up to date versions of iOS and Android operating systems to view, use and display the LE Mobile App and the Service on such devices for commercial purposes only. Ledger does not guarantee compatibility with all devices or operating system versions. • use any documentation and the Security Best Practices to support your permitted use of the LE Mobile App and the Service. • provided you comply with the terms of your PaaSA with us, receive and use any free supplementary software code or update of the LE Mobile App incorporating "patches" and corrections of errors as we may provide to you.
BEFORE USING LE MOBILE APP , PLEASE EDUCATE YOURSELF TO MAKE INFORMED DECISIONS. LEDGER DOES NOT PROVIDE FINANCIAL, TAX, OR LEGAL ADVICE. LEDGER DOES NOT CUSTODY, EXCHANGE, SEND, OR RECEIVE DIGITAL ASSETS FOR USERS. LEDGER DOES NOT ADVISE OR MAKE RECOMMENDATIONS ABOUT ENGAGING IN DIGITAL ASSET TRANSACTIONS OR OPERATIONS. DECISIONS TO ENGAGE IN TRANSACTIONS OR PERFORM OPERATIONS INVOLVING DIGITAL ASSETS SHOULD BE TAKEN ON YOUR OWN OR RELY ON OPINIONS OF YOUR OWN RELIABLE AND QUALIFIED EXPERTS. ### 2. Definitions The following capitalized terms shall have the meanings described below when used in these Terms, it being specified for the avoidance of doubt that in these definitions, reference to the singular includes a reference to the plural and vice versa, except when clearly inappropriate. Terms used but not specifically defined herein shall have the meanings ascribed to them in your PaaSA with us. In the event of any conflict between these Terms, and your PaaSA, in connection with Vault Services, the terms of your PaaSA shall prevail over these Terms. “Affiliate” means, with respect to any legal entity, any other legal entity controlling, controlled by, or under common control with, such legal entity; it being specified that “control”, “controlling” or “controlled” means the possession, direct or indirect, of the power to direct or cause the direction of the management and policies of a person, whether through the ownership of voting securities, by contract or otherwise. “Anti-Corruption and Anti-Money Laundering Regulations” means all applicable regulations, laws, rules or guidelines in connection with bribery and corruption, money laundering and counter-terrorist financing issued, administrated or enforced by any relevant Authority. “Authority” means any competent governmental, administrative, supervisory, regulatory, judicial, disciplinary, authority, agency, commission, board, organisation, court or tribunal of any jurisdiction, whether supranational, national, federal, regional or local and any subdivision, department or branch of any of the foregoing. “IP Rights” means patents, inventions, trademarks, service marks, trade names, logos, domain names, business names, rights in designs (including registered and unregistered designs and design rights), copyright (including rights in computer software), semiconductor topography rights, database rights and all other intellectual property rights, in each case whether registered or unregistered and including applications for grant of any of the foregoing and all rights or forms of protection having equivalent or similar effect to any of the foregoing which may subsist anywhere in the world now or in the future together with all (a) rights to the grant of and applications for the same and (b) corresponding applications, re-issues, extensions, divisions and continuations of the aforesaid. “Ledger” or “us”, “we”, “our” means Ledger SAS, and where appropriate, other entities that are part of the Ledger group of companies and which are set out in the table above. “Ledger Hardware Device” means a secure dedicated device provided by Ledger or Affiliates of Ledger for the purposes of Ledger Enterprise services. “Representatives” means, in relation to a party, (a) its Affiliates and (b) any director, officer, employee, agent, consultant, shareholder or any other person acting on its behalf (as applicable) of such party or of any of its Affiliates. “Sanctioned Person” means a person that is targeted by or subject to a Sanction. “Sanctions” means: (a) economic or financial sanctions or trade embargoes imposed, administered or enforced from time to time by (i) the U.S. government and administered by the U.S. State Department, the U.S. Department of Commerce or the U.S. Department of the Treasury’s Office of Foreign Assets Control, (ii) the United Nations Security Council, (iii) the European Union, (iv) France and any other European Union Member state or (v) Her Majesty's Treasury of the United Kingdom; and (b) economic or financial sanctions or trade embargoes imposed, administered or enforced from time to time by or any other relevant sanctions authority. “Services” mean the services accessible through the Platform (as defined in the PaaSA) consisting of (i) visualizing Assets and Transactions (including past and pending Transactions) linked to Customer’s Accounts, (ii) Limited functions and features connected to your Vault Services, namely initiating, reviewing, approving and rejecting Transactions. “Third Party Services” refers to any Services provided directly to you by third parties such as TRADELINK. “TRADELINK Risk and Security Best Practices” means the set of rules and best practices set forth at the following page: ### 3. Eligibility The LE Mobile App is for commercial purposes only and not available for personal use. To be eligible to use the Services in LE Mobile App, you must be at least 18 years old or qualify as an adult in your country of residence. If you are accessing LE Mobile App on behalf of a legal entity, you further represent and warrant that: (a) the legal entity is duly organized and validly existing under the applicable laws of the jurisdiction of its organization; and (b) you are duly authorised by such legal entity to act on its behalf. You can only use the Services if permitted under the laws of your jurisdiction. Please make sure that these Terms are in compliance with all laws, rules, and regulations that apply to you. 3.1 You may not transfer the LE Mobile App to someone else We are giving you the right to use the LE Mobile App and the Service as set out herein. You acknowledge and agree you may not otherwise transfer the LE Mobile App or the Service to someone else, whether for money, for anything else or for free. If you change any mobile device on which the LE Mobile App is installed, you must remove the LE Mobile App from it. ### 4. Risks and recommendations You acknowledge that you are fully aware of all applicable laws and technical constraints relating to the proof-of-stake and proof-of-work blockchains, and to the Services. You acknowledge that you have been warned of the following associated risks and advised of the following recommendations: 4.1 Regulatory changes. Blockchain technologies and related services are subject to continuous regulatory changes and scrutiny around the world, including but not limited to anti-money laundering and financial regulations. You acknowledge that LE Mobile App and certain Services, including their availability, could be impacted by one or more regulatory requirements. 4.2 Tax. Transactions or operations in Digital Assets, or more generally Digital Assets events, including but not limited to exchanges, air-drops, forks, and gains arising from staking, may be considered tax events according to the legislations law under which you are subject to taxation. These rules may be unclear or subject to change, and you are therefore encouraged to consult your own tax or accounting adviser before engaging into Digital Assets activities. 4.3 Technology. Users understand that some of the technology supported or made available through the LE Mobile App are new, untested and not provided by Ledger and therefore outside of Ledger’s control. Advances in cryptography, or other technical advances such as the development of quantum computers, could present risks to blockchain networks which could result in the theft or loss of Digital Assets. Other adverse changes in market forces or in the technology, broadly construed, may prevent or compromise Ledger’s performance under these Terms. 4.4 Cybersecurity. Hackers or other groups or organizations may attempt to interfere with LE Mobile App and Ledger’s products and information systems in several ways, including without limitation denial of service attacks, side-channel attacks, spoofing, smurfing, malware attacks, or consensus-based attacks. 4.5 Underlying blockchain protocols. All Transactions created through the Services are confirmed and recorded on blockchain networks. Such networks are decentralized peer-to-peer networks run by independent third parties, which Ledger does not own, control or operate. We have no control over blockchain networks and, therefore, cannot and do not ensure that the Transactions you broadcast on the Services will be confirmed and processed. You acknowledge that we do not store, send, or receive Digital Assets on your behalf and you agree that the Transactions you configure through the Services may fail, or may be substantially delayed by the underlying blockchain networks. On occasions, the blockchain protocol of a given Digital Assets may change, which may have consequences on its key characteristics including but not limited to their availability, name, security, valuation value or the way it operates. Forks entail that forked Digital Assets may be misdirected or replicated. In any such events, Ledger may decide, at its discretion, to suspend support of the impacted Digital Assets for as long as Ledger deems necessary. When it so decides, Ledger will endeavor to give you advance notice, but may not be able to. You should keep yourself apprised of such events and make all necessary arrangements. 4.6 No retrieval of Seeds or Master Seed. Ledger operates non-custodial services, which means that we do not store, nor do we have access to your Digital Assets nor your Master Seed. Ledger does not have access to or store passwords, Seeds, Master Seed, passphrases, transaction history, PIN, or other credentials associated with your use of the Services. You are solely responsible for remembering, storing, and keeping your credentials in a secure location, away from prying eyes. Any third party with knowledge of one or more of your Seeds, Master Seed or PIN can gain control of the Master Seed associated with your Ledger Hardware Device or of the Wrapping Key, and therefore steal your Digital Assets, without any possibility for you or Ledger to retrieve them. 4.7 Keep your credentials safe. When you set your Ledger Hardware Device up, you must: (a) create and remember a strong PIN that you do not use for any other service; (b) protect and keep your Seeds secure and confidential; (c) protect access to your Ledger Hardware Device; To learn more about how to use and secure your Seeds, we recommend that you visit ledger.com and in particular, or visit Ledger’s website and in particular, [this page](https://www.ledger.com/academy/crypto/what-is-a-recovery-phrase), or the “Learn” section in Ledger Enterprise and our support Website [here](https://support.ledger.com/hc/en-us/articles/360005514233?docs=true). The user shall comply with good governance practices for establishing its Rules and implement organizational measures accordingly, notably in order to prevent lock-out in case of insufficient availability of authorised Users or in case of insufficient availability of usable Ledger Hardware Devices in accordance with the Annex 2 to this PAASA – [Security Best Practice of this Agreement](https://help.vault.ledger.com/Content/legal/bestpractices.html). 4.8 Do not trust. Verify. Software integrity, especially when connected to the Internet, is very hard to verify. Ledger’s security model relies on a trusted display. This is why the verification of the information on your Ledger Hardware Device is paramount when using LE Mobile App. Before you approve an operation, you must always double check that the information displayed on your mobile device or desktop screen is correct and matches the information displayed on your Ledger Hardware Device. Upon sending Digital Assets, you are solely responsible for verifying that the recipient address, amount and fees are correct and that they are the same on both your computer or mobile and on your Ledger Hardware Device’s screen. You also acknowledge that using unverified addresses to receive Digital Assets comes at your own risk. 4.9 Learn more about crypto and the risks involved. Before using Ledger Enterprise or any of Ledger Hardware Devices, it’s important to learn and understand [how to use your Digital Assets and the risks involved](https://www.ledger.com/academy). To help you with that, Ledger recommends that you visit the [Ledger Academy](https://www.ledger.com/academy) before starting your crypto journey. 4.10 No liability. There may be additional risks that we have not foreseen or identified in these Terms. Before you use the LE Mobile App, you are strongly encouraged to carefully assess whether your financial situation and risk tolerance is compatible with such use. For the avoidance of doubt, and notwithstanding the generality of the Limitation of Liability under these Terms, you hereby agree that Ledger shall have no liability for any loss that incurs as a consequence of the risks highlighted in this section and/or your failure to follow the recommendations herein. ### 5. Services and features
#### 5.1 Services Overview 5.1.1 Description. LE Mobile App, in connection with Ledger Hardware Devices, provides you with a convenient and secure way to manage your Services, access and use Third Party Services, as well as use Seeds derived from your Master Seed. With LE Mobile App, you can enable your Operators and Administrators using the Services in accordance with Rules to approve or reject Transactions and the following: (including without limitation) * Allows users to receive notifications when new requests are available * Update the firmware of your Ledger Hardware Device * Install and uninstall device applications with the Ledger Enterprise Manager * View the balance of your portfolio of Digital Assets that you hold in self-custody * View, approve or reject requests and pending requests * Manage your NFTs * Learn about Digital Assets, how to secure them and how to use them * Keep track of cryptocurrency prices in real time * Access the means to perform operations via our Third Party Services on various blockchain networks in accordance with their respective protocol rules, such as but not limited to: * * Send and receive Digital Assets to and from users of a dedicated blockchain network * Stake your Digital Assets on Proof-Of-Stake networks 5.1.2 Service limitations. You acknowledge that the LE Mobile App is strictly limited in its functions to reviewing, approving or rejecting requests in connection with Transactions that have been initiated . It does not enable users to create transactions or generate new requests within the LE Mobile App and does not provide access to other Ledger Vault functionalities and Vault Services available on the desktop solution Platform. 5.1.3 Services availability. We may change, update or suspend the Services, temporarily or indefinitely, so as to carry out works including, but not limited to: firmware and software updates, maintenance operations, amendments to the servers, bug fixes, etc. We will make reasonable efforts to give you prior notice of any significant disruption of the Services. Ledger does not guarantee the correct functioning of the Services in the event of the installation or use of programs or applications that do not conform to Service specifications and technical standards. Please note that when a Service is unavailable or suspended, you can always recover your Seed using your Master Seed on any compatible Wallet. 5.1.4 Connect with your Ledger Hardware Device. Certain Services may be used without connecting your Ledger Hardware Device (such as access to learning content, monitoring cryptocurrency prices or view the balance of your portfolio) whereas other Services may only be used in connection with your Ledger Hardware Device, including without limitation send, buy, sell, swap and stake services. #### 5.2 Third Party Services 5.2.1 Third Party Services terms and conditions. LE Mobile App may incorporate, reference and/or provide access to Third Party Services. For instance, buy, sell and crypto to crypto exchange (“swap”) services are Third Party Services. You agree that your use of Third Party Services is subject to separate terms and conditions between you and the third-party identified in LE Mobile App. 5.2.2 Availability of the Third Party Services. The availability of each Third Party Service depends on the country from which you are using Ledger Enterprise and the version - desktop or mobile - of Ledger Enterprise. As a result, Ledger is not responsible for the unavailability of a Third Party Service due to your geographical situation or the device employed to use Ledger Enterprise. 5.2.2 No warranty. Ledger is not responsible for the content, accuracy, security, availability, any performance, or failure to perform of the Third Party Services or any issue in relation with the use of Third Party Services. Ledger does not provide any guarantees that access to Third Party Services will not be interrupted or that there will be no delays, failures, errors, omissions, corruption or loss of transmitted information, data or funds, and Ledger shall not be liable for any such Third Party Services. You agree to use the Third Party Services at your own risk. It is your responsibility to review the third party’s terms and policies before using a Third Party Service. Third Party Services may not be available in all languages and may not be appropriate or available for use in any particular location. To the extent you choose to use such Third Party Services, you are solely responsible for compliance with any applicable laws in relation to such use. In addition, Ledger reserves the right to block access to these Third Party Services through Ledger Enterprise in particular, but not exclusively, in the event of non-compliance with the applicable regulations by the Third Party partner. We retain the exclusive right to suspend, remove, or cancel the availability of any such Third Party Service for any reason and without prior notice. 5.2.3 Personal data. Some Third Party Services may request or require access to your personal data. The processing of such data will be handled in accordance with the relevant Third Party’s privacy policy and best practices. To the extent that (i) you elect to access any Third Party Services, and (ii) it is important for the smooth functioning of the Third Party Service for Ledger or any of its Affiliates to share or transmit your data, you hereby authorise and consent to Ledger or any of its Affiliates sharing only such data as is necessary to ensure the smooth functioning of the relevant Third Party Service. Some Third Party Services may also request or require access to your personal data. The processing of such data will be handled in accordance with the relevant third party’s privacy policy and best practices. 5.2.4 Issues with Third Party Services. Third Party Services may not work appropriately with your software or Ledger Hardware Device, and we may not be able to provide support for issues caused by Third Party Services as Ledger does not provide nor operate the Third Party Services. If you have questions or concerns about how a Third Party Service operates, or need support, please contact the relevant third party directly. 5.2.5 Decentralized financial applications. Certain Third Party Services are not operated by identified entities, but can be accessed directly through an interaction between the User’s wallet (whether or not the User uses LE Mobile App or the Ledger Hardware Device) and one or several programs that are solely deployed and accessible on a blockchain network (i.e. “smart contracts”). These Third Party Services allow you to benefit from various services (such as the exchange, lending or borrowing of Digital Assets) without having to provide your personal information to an intermediary. By using these Third Party Services, you agree that their use may not be subject to terms and conditions nor any other kind of contractual relationship with the third party operating such operator of the service. To the extent you choose to use such Third Party Services, you acknowledge that Ledger is not responsible for any issue in relation with the use of such Third Party Services, including any loss of funds. 5.2.6 Fees. The use of certain Third Party Services may be subject to transaction fees and/or other fees charged by such Third Party Services. On top of such fees, Ledger reserves the right to charge you fees for the secured and facilitated access provided by Ledger to use such Third Party Services through the LE Mobile App (“Ledger Fees”). Ledger Fees may be charged directly to the User or indirectly if already included in the Third Party Fees and paid by the Third Party to Ledger on behalf of the User. In such an event, Ledger will (to the extent practicable) display all applicable fees and any applicable taxes. Cancellation for any Third Party Service is subject to separate applicable terms and conditions provided by third parties for Third Party Services. Unless otherwise stated in separate terms and conditions, you may have to pay for any complete Third Party Services you received before cancellation. 5.2.7 Transaction Representations. When using LE Mobile App, you represent that all Transactions you or your Affiliates perform: * comply with applicable Anti-Corruption and Anti-Money Laundering Regulations; and * are not made to or from any person or public key address that is owned, identified or referable to any person, designated as a “Specially Designated National” by the US Office of Foreign Assets Control, or otherwise subject to any Sanctions or restrictions. * You acknowledge and authorise Ledger (either directly or through a third party with whom Ledger has a confidentiality agreement) to screen and monitor transaction data to prevent fraud and other suspicious transactions, and in order to comply with applicable law. This includes conducting screening of persons and public key addresses against various sanctions and politically exposed persons lists, querying information contained in public sources and records, querying information contained in any transaction. ### 6. Acceptable Use 6.1 User License. As a user of the Services, we grant you a limited, personal, non-commercial, non-exclusive, non-transferable, and revocable license to use the Services. Any use of the Services other than as specifically authorised in these Terms, without our prior written permission, is strictly prohibited and may result in immediate termination of your license to use the Services. We may end your rights to use the LE Mobile App and Services at any time by contacting you if you have broken these Terms in a serious way. If what you have done can be put right we will give you a reasonable opportunity to do so. 6.2 Do no harm. You agree (i) not to distribute any virus or other harmful computer code through Ledger’s systems, (ii) not to use any robot, spider, crawler, scraper or other automated means or interface not provided by us to access the Services or to extract data, (iii) not to provide false, inaccurate, or misleading information, and (iv) not to take any action that may impose an unreasonable or disproportionately large load on our or any of our third party providers’ infrastructure. 6.3 Don’t circumvent our security. You agree not to bypass, circumvent, or attempt to bypass or circumvent any measures that we may use to prevent or restrict access to the Services including, without limitation, Ledger Hardware Devices connected to the Services, other accounts, information systems, or networks. 6.4 Don’t break the law. You agree that you will not violate any laws when using the Services. This includes any local, provincial, state, federal, national, or international laws that may apply to you. You agree that you will not use the Services to pay for, support, or otherwise engage in any illegal activities including, but not limited to, fraud, illegal gambling, money laundering, or terrorist activities. You further agree not to encourage or induce any third party to engage in any of the activities prohibited under this section. 6.5 Don’t interfere. You agree that, where applicable, you will not use or attempt to use another user’s LE Mobile App login credentials without authorization, or use LE Mobile App in any manner that could interfere with, disrupt, negatively affect, or inhibit other Users from fully enjoying LE Mobile App, or that could damage, disable, overburden or impair the functioning of LE Mobile App in any manner. 6.6 External Resources. In the case you are provided with links to external resources while browsing or using LE Mobile App, use them carefully as they are outside of our control. You acknowledge Ledger cannot be held responsible for any failures or damages caused by a third-party resource. 6.7 Intellectual Property. Ledger respects the intellectual property of others and we ask our Users to do the same. Ledger and its Affiliates exclusively own all rights, title, and interest in and to LE Mobile App including, but not limited to, (i) associated intellectual property rights and know-how (as well as the look and feel pertaining to LE Mobile App); (ii) all derivative works, improvements or modifications; (iii) all deliverables, material or documentation provided under this Agreement; (iv) all feedback, suggestions, or ideas provided to Ledger and/or its Affiliates relating to LE Mobile App during the term. Except for the limited license rights explicitly set forth in the Agreement no right, title, or interest in or to the above list is granted or otherwise transferred to a user of LE Mobile App. All names of the tools developed by Ledger or any member of the Ledger group of companies, and their derivatives shall be and remain the exclusive property of such Ledger companies which may decide to protect the names in any matter that it deems fit including as a brand name, trademark and/or domain name. The trademarks, service marks and logos of Ledger and others used via LE Mobile App are the property of Ledger and their respective owners. It is strictly prohibited to use these Trademarks without our express written authorisation or those of their owners. ### 7. USE OF LE Mobile App 7.1 You acknowledge that Ledger has no obligation to monitor any transactions and accept that you are responsible for ensuring the compliance of any transactions with applicable law. This applies notwithstanding any visibility Ledger may have in relation to those transactions, any monitoring that it undertakes for its own purposes, and any other steps it takes pursuant to its own legal obligations or internal policies and procedures. 7.2 In addition to the foregoing, subject to the express prior written consent of Ledger, you may also facilitate and manage access for other third parties for which you act as a “custodian” and you may authorise, under your sole responsibility, a limited number of representatives from such third parties to act as operators for such access. This section does not create any rights for such third parties, or any obligation on Ledger to such third parties and you acknowledge that Ledger shall have no liability to such third party, however based or caused. 7.3 To the extent you facilitate and start managing access for other third parties for which you act as a “custodian”, it is Your sole responsibility to ensure, and you will procure, that such third parties will comply with substantial terms and conditions of this Agreement governing the use of LE Mobile App, including with no limitation, Security Best Practices. You agree that Ledger does not owe a duty of care to such third parties, and you agree to include this in your documentation with them. 7.4 To the extent permitted by applicable law, you shall defend, indemnify and hold harmless Ledger and any of its Affiliates, directors, officers, representatives, employees, and agents from and against any and all losses, claims, demands, liabilities, damages, penalties, fines, taxes, costs and expenses (including without limitation reasonable attorneys’ fees and court costs) arising out of or in connection with (i) any breach by you of any of your obligations under this section 7; (ii) any claim by any third party for any losses or damage suffered by such third party arising out or incurred as a result of or in connection with its use, or inability to use, LE Mobile App, or your role as custodian for such third party, whatever the cause of such loss or damage, unless such third party losses or damages were caused exclusively by Ledger's gross negligence or willful misconduct; (iii) any breach of these Terms or your unauthorised or illegal use of LE Mobile App and any Third Party Services available through LE Mobile App. 7.5 You shall not, and shall not permit others to: 1. make any portion of LE Mobile App available for access by third parties, except as otherwise expressly authorised or provided under this Agreement; 2. access or use LE Mobile App for the purpose of developing competing products or services, and/or reverse engineer, decompile, disassemble, copy, or otherwise attempt to derive source code or other trade secrets from or about LE Mobile App or technologies, unless and then only to the extent expressly permitted by applicable law or applicable terms and conditions, without prior written consent from Ledger; and 3. interfere with or disrupt the integrity, operation, or performance of LE Mobile App. 7.6 You acknowledge and agree that your access to LE Mobile App and any associated Confidential Information is granted solely for a specific and limited purpose. For the purposes of this section, Confidential Information refers to any information, whether provided through LE Mobile App or related to its activities, including but not limited to financial, marketing, operational, or other non-public information that is not generally known or publicly available. Such information shall be considered confidential and treated as such, either by its nature or by explicit designation. 7.7 You shall not use LE Mobile App or any portion thereof to engage into or support any illegal activity under applicable laws. You shall indemnify and hold harmless Ledger (to the extent permitted by applicable laws) against all losses and liabilities accruing to Ledger by reason of a breach by you of this Section 7. ### 8. Feedback We welcome feedback, comments, ideas, and suggestions for improvements to the Services (“Feedback”). You grant to us a non-exclusive, worldwide, perpetual, irrevocable, fully-paid, royalty-free, sublicensable and transferable license under any and all intellectual property rights that you own or control to use, copy, modify, create derivative works based upon and otherwise exploit the Feedback for any purpose. ### 9. Warranties and Disclaimers 9.1 No warranty. Ledger will use a reasonable level of skill and care to ensure that the LE Mobile App can be accessed by you in accordance with the Agreement, but there are no guarantees that access and features will not be interrupted or that there will be no delays, failures, errors, omissions, corruption or loss of transmitted information. The LE Mobile App and its intellectual property are provided “as is” without any warranty of any kind, either express or implied, and in particular without implied warranties of merchantability, reliability, and fitness for a particular purpose. 9.2 Limitation of Liability. YOU EXPRESSLY UNDERSTAND AND AGREE THAT LEDGER AND ITS DIRECTORS AND EMPLOYEES SHALL NOT BE LIABLE TO YOU FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES, INCLUDING, BUT NOT LIMITED TO, DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, DATA, COST OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, OR OTHER INTANGIBLE LOSSES, RESULTING FROM: (I) THE USE OR INABILITY TO USE THE LE MOBILE APP AND OR SERVICES (II) ANY CHANGES MADE TO THE LE MOBILE APP AND OR SERVICES OR ANY SUSPENSION OR CESSATION OF THE LE MOBILE APP AND OR SERVICES OR ANY PART THEREOF; (III) THE UNAUTHORISED ACCESS TO OR ALTERATION OF YOUR TRANSMISSIONS OR DATA; (IV) THE DELETION OF, CORRUPTION OF, OR FAILURE TO STORE AND/OR SEND OR RECEIVE YOUR TRANSMISSIONS OR DATA ON OR THROUGH THE LE MOBILE APP AND OR SERVICES; AND (V) ANY OTHER MATTER RELATING TO THE LE MOBILE APP AND OR SERVICES. SAVE FOR THIRD PARTY SERVICES WHICH ARE NOT OPERATED OR PROVIDED BY LEDGER, THE ABOVE LIMITATIONS DO NOT APPLY IN RESPECT OF LOSS RESULTING FROM (A) LEDGER’S FRAUD, WILFUL MISCONDUCT OR GROSS NEGLIGENCE, WILFUL MISCONDUCT OR FRAUD; OR (B) DEATH OR PERSONAL INJURY. 9.3 Responsibility for assets. You are solely responsible for safeguarding your Digital Assets and Ledger has no duty to you or any user except as otherwise provided under this Agreement. Ledger will never take custody over any of your Digital Assets.
### 10. Compliance and Export Control 10.1 Sanctions. Users shall comply, at their own expense, with all laws that apply to or result from their obligations under these Terms. By accessing and using the LE Mobile App, you represent and warrant that you are not on any trade or economic sanctions lists, such as (but not limited to) the UN Security Council Sanctions list, designated as a “Specially Designated National” by OFAC (Office of Foreign Assets Control of the U.S. Treasury Department) or placed on the U.S. Commerce Department’s “Denied Persons List” or the consolidated list of persons, groups and entities subject to financial Sanctions maintained by the European Union. Furthermore, Users are prohibited from using Ledger Enterprise and Ledger Hardware Devices to engage in transactions prohibited by Sanctions, including Sanctions imposed by the U.S. Treasury Department or the European Commission. 10.2 Territories. Ledger reserves the right to select the markets and jurisdictions where it operates and may restrict or deny access to Services in certain countries, states or territories. ### 11. Term and Termination - Suspension TERM AND TERMINATION 11.1 The Terms will continue to apply as long as you use LE Mobile App and have an active PaaSA with us. In its sole discretion, Ledger reserves the right to: * suspend or terminate (or request applicable third parties to suspend or terminate) your access to LE Mobile App at any time, including in the event of your actual or suspected unauthorised use of LE Mobile App or non-compliance with the Agreement; * suspend or terminate (or request applicable third parties to suspend or terminate) your access to LE Mobile App and/or Third Party Services, cancel the ability (or request applicable third parties to cancel the ability) to use the LE Mobile App or any Third Party Services made available through LE Mobile App if we notice any activity we believe fraudulent, improper, or unlawful or if we have reason to believe there has been a breach of these Terms; * suspend or terminate (or request applicable third parties to suspend or terminate) your access to LE Mobile App to comply with applicable laws. 11.2 If you, Ledger or applicable third parties providing Third Party Services suspend or terminate your access to, or use of, LE Mobile App or any services provided by Third Party Services, subject to applicable laws and unless otherwise expressly stated in these Terms, you agree that Ledger shall have no liability or responsibility to you or other third parties. 11.3 Sections of these Terms that, either expressly or by nature, must remain in effect even after termination of these Terms, shall survive termination. ### 12. Governing law and jurisdiction 12.1 Governing Law. These Terms, and any dispute or claim arising out of or in connection with them or their subject matter or formation (including non-contractual disputes or claims), shall be governed by and construed in accordance with the laws stated in Article 22 of the PaaSA between the Parties, (the "Governing Law - Jurisdiction Clause"). The provisions of the Governing Law - Jurisdiction Clause of the PaaSA are hereby incorporated by reference and shall apply mutatis mutandis to these Terms. 12.2. Jurisdiction. The parties irrevocably agree that the courts stated in Governing Law Jurisdiction Clause of the PaaSA, shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with these Terms or their subject matter or formation (including non-contractual disputes or claims). The provisions of the Governing Law - Jurisdiction Clause of the PaaSA are hereby incorporated by reference and shall apply mutatis mutandis to these Terms. 12.3 Interpretation. For the avoidance of doubt, the intention of this clause 12 of these Terms is that the same body of law and the same exclusive jurisdiction agreed upon by the Parties in the PaaSA for the resolution of disputes arising under that agreement shall equally apply to the interpretation, validity, performance, and enforcement of these Terms. ### 13. General 13.1 Entire Agreement. These Terms constitute the entire and exclusive understanding and agreement between Ledger and you regarding Ledger Enterprise , and supersede and replace any and all prior oral or written understandings or agreements between Ledger and you regarding Ledger Enterprise . If you do not read and accept the Terms in their entirety you should not use or continue using Ledger Services. 13.2 Changes to the Terms. We reserve the right to alter, amend or modify these Terms from time to time, in our sole discretion, due to legislative or regulatory measures, technical developments, any change or improvement of the LE Mobile App or Services including security reinforcement of the LE Mobile App or Services. We will provide you with notice of such changes through Ledger Enterprise and such changes shall apply immediately upon your acceptance or within one (1) month upon notice of changes at the latest. In any case, if you do not accept the changes, you must cease to use the LE Mobile App or Services. 13.3 Assignment. You may not assign your rights or obligations under these Terms in whole or in part to any third party. You acknowledge and agree that Ledger may assign its rights and obligations under these Terms of Use and, in such context, share or transfer information provided by you while using the LE Mobile App and or Services to a third party. 13.4 Severability. Should any provision of these Terms or part thereof to any extent be or become invalid or unenforceable, such provision shall then be deemed separable from the remaining provisions of these Terms and shall not affect or impair the validity or enforceability of the remaining provisions of these Terms. 13.5 Force Majeure. Ledger shall not be liable for non-performance or delays in performance that result from causes that are beyond its reasonable control and not attributable to its own acts or omissions, such as acts of God, fire, strikes, embargo, acts of terrorism, acts of government, insurrection or riots, aircraft impact, embargoes, storm, tempest, lightning, flood, drought, earthquake, health epidemics, general outbreak of debilitating disease requirements or regulations of any Authority (including, without limitation, sanctions, travel bans, lockdown measures, trade restrictions and embargoes) or any other similar causes beyond its reasonable control. 13.6 Language. These Terms may be translated and made available into different languages. Notwithstanding their translation, you agree that, in the event of a dispute arising out of or relating to these Terms, only the English version of the Terms shall be referred to and prevail. Last updated 15 May 2025 # How to use the app ## Purpose of the app The Ledger Enterprise mobile application is made to facilitate the request review process and track them thanks to the history and push notifications. You can review on the go the requests thanks to your Ledger Stax device via Bluetooth with your iPhone. ## Who can use it? In order to use the Ledger Enterprise mobile application, you must satisfy these conditions: * Be a Ledger Enterprise client with an active workspace. * Use a Ledger Enterprise endorsed Ledger Stax device. * Use an iPhone compatible with latest iOS versions. * Have an internet connection. * Bluetooth can be turned on and used on your iPhone. ## Onboarding To get to your list of requests, you simply need to follow the instructions on your screen: 1. Launch the app and turn on your Ledger Stax. 2. Start the onboarding process. 3. Authorize the Bluetooth usage for the app. 4. Pair your Ledger Stax by having it turned on and unlocked. 1. Make sure the numbers displayed on the app and on your Ledger Stax match. 2. Your Ledger Stax name should then appear on app screen, select it to continue. 5. Log in with your Ledger Stax by selecting login button on the app. 1. You should be prompted to open your Ledger Vault app on your Ledger Stax, proceed. 2. If not prompted, you can also open it manually. 1. When the login prompt is displayed on your Ledger Stax, accept the login. 6. Optional: turn on the biometrics to facilitate the access to the app: 1. Your session will remain active for a week. 2. No need to use your Ledger Stax to log back in while your session is active. 3. Your app and workspace are still fully secured thanks to biometrics access to the app and the mandatory usage of Ledger Stax to review requests. 7. The setup confirmation is displayed. 8. Optional: turn on push notifications to receive notifications about your requests. 1. It is highly recommended to turn on the push notifications not to miss any request. 2. Push notifications are used only for request status, not for marketing purpose. ## Get requests ### Depending on your role * As an operator, if you are part of an account rules, then you will get requests regarding transactions on this account. * As an administrator, you will get requests when any change is made in the administration rules of your workspace. ### New request When a new request is available for you to review: * You will get a push notification alerting you that a new request is available. * You can find the request in your list of requests (if not, simply pull down the list to trigger a refresh). ## Review requests 1. To review a request, you must first always open its details. 2. Tap the "Review" button (or the "Reject" button if you want to reject the request for everyone, without needing to review the details on your Ledger Stax). 3. Turn on and unlock your Ledger Stax. 4. Launch the Ledger Vault app on your Ledger Stax. 5. Wait for the Hardware Security Module (HSM) to send information to your Ledger Stax (this can take a few seconds or more depending on the size of the request). 6. Review the details of the request on your Ledger Stax. 7. Sign the request on your Ledger Stax. 8. You will get a confirmation on your app and the status of the request will be updated. ## Support If you have any question, please check out our FAQ, or contact support by creating a [support ticket](https://ledgerhq.atlassian.net/servicedesk/customer/portal/2). # FAQ ## Where can I get the app? The Ledger Enterprise mobile application is available on Apple App Store. It is coming soon on Android. ## The app can't find my Ledger Stax * Make sure Bluetooth on your phone is turned on. * Go in your phone settings > Apps > Ledger Enterprise and make sure that the Bluetooth permission has been granted to the app. * Turn on and unlock your Ledger Stax. * Close any app that might be open on your Ledger Stax. If everything above fails, try restarting your Ledger Stax and your phone. ## I have a "No workspace found" error displayed when logging in This means that the Ledger Stax device you used has not been onboarded in any Ledger Enterprise workspace and / or that you used a Ledger Stax that hasn't been endorsed for a Ledger Enterprise usage. * On your Ledger Stax, go in Settings > About this Ledger > Custom certificate and endorsements > Main endorsement. There should be a pubkey available here. If not, then your device cannot be used to log into a Ledger Enterprise workspace. * Contact an administrator of your workspace to make sure that your Ledger Stax has been properly onboarded on your workspace. ## Why does an error occur while reviewing a request? An error during review can happen for several reasons: **Your request has already been reviewed by someone else** Your current request might still be in cache on your phone, but not on servers. Someone else might have already approved or rejected the request. Go in your list of requests, and pull down the list to refresh it. **The connection between the Ledger device, your phone, and the server has been severed** When trying to send the confirmation to your app, your Ledger device might have had a connection issue. Please trying going through the review again, keep the Ledger device close to your phone, and make sure your phone remains unlocked and connected to the Internet. **Your phone was locked during the review** If you lock your phone during the review, this might impact the connection and thus prevent the review confirmation from being registered. Make sure you are not locking your phone during the review. **The app was sent to the background** During the review, if you go back to the launcher on your phone, or switch to another application, then the operating system might act on the Ledger Enterprise app, thus preventing it from handling the confirmation from the review. Please go through the review again and keep the Ledger Enterprise app opened. **You tried all this but the error still happens?** Please log into the Ledger Enterprise platform on desktop, and check if the request you are trying to review is there. If it's not, please create a [support ticket](https://ledgerhq.atlassian.net/servicedesk/customer/portals). ## Why am I being logged out? **The session only lasts for 15min when biometrics are OFF** If you did not activate biometrics in the app, your session will last for 15 minutes only (refreshed when refreshing lists, or conducting reviews). Then you will be required to use your Ledger device again to log in. To turn biometrics ON, please follow this procedure: 1. Log in 2. Tap on your avatar in the top left corner. 3. Turn on the biometrics. 4. Follow the instructions of your operating system. 5. You must log out and log back in for the change to apply. **The session lasts for 7 days when biometrics are ON** For security measures, you will be prompted to log back in every 7 days if you turned the biometrics ON. **Your access has been revoked** An administrator of your workspace can suspend your access or revoke it entirely. Please contact your administrators if you are being logged out and can't log back in. **Something went wrong with your session token** For security measures, if anything goes wrong with your session token, the app will log you out and require you to use your Ledger device to log back in. If it happens to you regularly, please create a [support ticket](https://ledgerhq.atlassian.net/servicedesk/customer/portals). ## Can't find your answer here? For any other issue please create a [support ticket](https://ledgerhq.atlassian.net/servicedesk/customer/portals). # Stake Ethereum # Overview {% hint style="success" %} This feature is currently available only on demand. Please contact your Technical Account Manager for more information. {% endhint %} ## Introduction Since September 22, 2022 the Ethereum protocol has fully transitioned from a Proof-of-Work to a [Proof-of-Stake](https://ethereum.org/en/developers/docs/consensus-mechanisms/pos/) consensus mechanism. The implementation of a Proof-of-Stake consensus mechanism can vary widely depending on the different networks (see Polkadot staking). On Ethereum, staking is implemented via a *Deposit* smart contract and Validators. Staking is the act of depositing 32 ETH to the *Deposit* contract in order to activate a validator node. This will enable you to contribute to the security of the network, and to earn rewards. The benefits of Ethereum staking are: * **High yield** : Ethereum is the largest smart-contract blockchain by market cap and developer activity. However, only about 28% of the ETH supply is currently staked, in contrast with 50-80% on other PoS blockchains. This means that rewards can significant. You can find more information on Ethereum staking rewards [here](https://www.kiln.fi/post/the-merge-and-its-impact-on-eth-staking-rewards) . * **Low risk** : so far, only 0.36% of validators have been slashed. Slashing is considered to be a rare event, and should only affect validators who misbehave deliberately. As long as the validator is participating for at least 50% of the time, they will not lose their stake. * **Simplicity** : unlike other networks where staking requires a more complex set up and a suite of operations, such as Polkadot, staking on Ethereum is straightforward and can be managed easily. ### How does it work? Staking is the act of depositing 32 ETH to the staking deposit contract in order to contribute to the security of the network, and to earn Ether rewards in return (between 4 & 8% depending on network activity). In essence, there are three main operations involved when staking on Ethereum: 1. **Depositing** to activate the stake 2. **Withdrawing reward** (partial withdrawing) 3. **Exiting** to end the stake (full withdrawing) When staking via Ledger Enterprise, every interaction is managed and secured by your Ledger Enterprise workspace to ensure self-custody and peace of mind. Only the Ledger Enterprise Ethereum account that initiated the stake can control it and receive the withdrawn funds at the end of the stake’s life cycle. All assets remain in custody of your Ledger Enterprise accounts. Please note that a staking positions on Ethereum requires to be of at least 32 ETH to be valid; you can initiate multiple stakes at once by submitting any multiple of 32 ETH to save on gas. # Enable ETH Staking {% hint style="success" %} This section is for Administrators only. {% endhint %} Staking on Ethereum inherently relies on interacting with smart contracts through the act of depositing funds to the official deposit contract. Therefore, enabling staking on Ethereum accounts follows the same steps as Enabling Smart Contract Interactions on Ethereum accounts. **NB:** If you haven’t yet, you will need to activate your Ledger Enterprise Smart contract interaction capabilities in order to stake on Ethereum. Please contact your Technical Account Manager for more information. ## General Best Practices Because staking on Ethereum involves significant amounts of money, we highly recommend that you create a dedicated staking account so that you can implement your desired level of governance for any staking-related operations on Ethereum. To benefit from the highest level of security and reduce potential human errors, we encourage you to leverage hardware-backed whitelists in the smart contract governance rule of your staking account: 1. Go to the Whitelist section in the sidebar 2. Create a dedicated Staking whitelist 3. Add the staking contract address 4. Confirm your whitelist creation request on your security device. {% hint style="info" %} **Kiln's** staking contract address is: 0x746d8A8FCAB7f829Fa500504f60D89C5CC1EA973. **Figment's** staking contract address is: 0xF2Be95116845252A28bD43661651917Dc183dAB1 {% endhint %} To enable staking on a Ledger Enterprise Ethereum account, please follow the steps listed below: 1. Go the the Account section in the sidebar 2. Create a dedicated Staking account 3. Activate Smart Contract Interactions in Step 4 . Carefully select the Operators you want to set as Creators of this rule: they will be responsible for initiating the staking and withdrawing operations. 4. Optional: Add your newly created Staking whitelist, and your desired approval steps. 5. Confirm your account creation request on your security device. Your account is now ready to stake and generate yield! # Unstake ETH with Kiln {% hint style="success" %} This section is for Operators only. {% endhint %} ## Rewards interface To monitor and track your staking rewards, simply head to the Portfolio section on Kiln’s app. You will be able to visualize all the active stakes for a given Ledger Enterprise account, as well as their generated rewards. You can **withdraw your available rewards** as well as request a **validator exit**, which will effectively trigger the unstaking process.
#### Unstake an active position: request a validator exit To unstake an active 32 ETH position and withdraw the validator's balance (staked balance - 32 ETH - and available rewards), you first need to request the exit of the position (i.e. the request to start the exit process for the validator). To do so, simply follow these steps: * Head to your staking account for which you wish to unstake a position * Go to the staking section, and click on `Manage` ; you should be redirected to Kiln's app interface * Go to the `Rewards` section. Here, you can select one (or multiple) active position(s), and click on **Request validator exit** to unstake it. * Confirm the request, and validate it on your security device. * Make sure you are interacting with the right contract. * Withdrawals should not incur any additional Ether apart from gas. Please make sure this is reflected on your security device (amount should be set to 0, and total amount should only include gas fees). Once all approvals have been gathered, the transaction will be signed and broadcast. If you head back to the `Rewards` section, you should see that the status for the unstaked positions has been updated to `Exit requested`. This means that you successfully started the unstaking process. Your exited validators will be included in the [exit queue](https://launchpad.ethereum.org/en/withdrawals#withdrawal-queue). Once they have been processed by the network, you will be able to finalize the unstaking process by **withdrawing your available balances**. Once finalized, your validators' status will be: `Exited`. Withdraw rewards & exited validator balance To withdraw your available rewards and unstaked balance (after having exited a position, see above), please refer to the steps below: * Head to your staking account for which you wish to unstake a position * Go to the staking section, and click on `Manage` ; you should be redirected to Kiln's app interface * Go to the `Rewards` section. Here, you can select one (or multiple) position(s), and click on **Withdraw available rewards** to withdraw the balances (rewards, and staked balance if one of your position has been exited) to your account. Note that all balances will automatically withdrawn to the account that initiated the stake, and cannot be withdrawn to any other address. * Confirm the request, and validate it on your security device. * Make sure you are interacting with the right contract. * Withdrawals should not incur any additional Ether apart from gas. Please make sure this is reflected on your security device (amount should be set to 0, and total amount should only include gas fees). Once all approvals have been gathered, the transaction will be signed and broadcast. If you head back to the `Rewards` section, you should see that the **Available rewards** balance is now null. This means that you successfully withdrew your rewards (and staked balance if applicable). The **Total rewards** should remain identical, as it reflects the total amount of rewareds generated by a given position since its activation. # Stake ETH with Figment ### Stake ETH with Figment from your Ledger Enterprise platform {% hint style="success" %} This section is for Operators only. {% endhint %} ## Prerequisites You need to be a Creator on at least one Smart Contract governance rule to have access to the Ledger Enterprise DApps. If not, reach out to your Administrators to request it. Note that the account you wish to stake from needs to have **at least 32 ETH** to be able to perform a valid stake. Ensure that both message signing and Smart Contract Interaction (SCI) are enabled for your account. The user must be included in both approval rules to avoid interference in the approval workflow. In the following guide, we will assume that you are an Operator in the Creator step of the Smart Contract rule of the Goerli "Staking" account (which is funded with enough tETH). ## Step-by-step guide: Stake with Figment via GUI #### Initiate a new staking position 1. To start staking with Figment from your Ledger Enterprise workspace, head to your Staking account, and **click on the WalletConnect logo** . You will be redirected to the WalletConnect application so that you can connect your Staking account to Figment's staking interface.
2. In a separate browser tab, log in on your [Figment Prime dashboard](https://hubble.figment.io/prime) , and head to the **ETH Staking** section. Note that you need to have at least one `provisioned` validator in order to start staking. You can request validators directly in the Figment Prime UI or via API. To learn more about Figment's validators, you can head to [their official documentation](https://docs.figment.io/guides/staking-api/Ethereum/validator-status).
3. Click on the **Fund** button. Select the amount that you wish to stake (or, alternatively, the number of validators to fund using the slider). Enter your **withdrawal credentials** (your Ledger Enterprise account address that will effectively control your staking positions).
{% hint style="info" %} Please note that this address will be the only one that can control the staked funds, and that can receive the withdrawn funds (rewards and principal post Shanghai fork). {% endhint %} 4. Click on Continue, and confirm your withdrawal credentials. Then, select the **Connect with WalletConnect** option and copy the QR code presented on your screen. Paste it in the WalletConnect application of your Ledger Enterprise account. This will connect your Staking account to Figment's application, so that you can validate and sign the staking transaction.
5. Go back to your Figment Prime dashboard, review the details, and click on **Submit transaction** . Head back to your Ledger Enterprise interface, and wait until you see a transaction modal pop-up. Review the details as well, and click on **Confirm**.
6. You will then be prompted to review the transaction on your **Personal Security Device** . If the information matches your intent, approve the transaction, and it will follow the ususal governance approvals as defined in the Smart Contract rule. Once all approvals have been gathered, the transaction will be signed and broadcast.
{% hint style="info" %} Please make sure that you are interacting with the right contract address, and that the amount matches your intended amount to stake. {% endhint %} Once broadcast, you should see a *Success* message on your Figment Prime dashboard, meaning you have successfully performed your staking operations! You can review your newly `deposited` validators in the Details view.
{% hint style="info" %} When initiating a new staking position, if multiple people are involved in the approval of the first message signing, ensure the creator remains on the screen until the signing operation is fully approved. Other approvers should use different computers than the creator’s computer. Alternatively, reduce the approving quorum to sign a message to the creator only, thus preventing multiple-approvers friction. Follow these instructions to ensure the Smart Contract Interaction is triggered properly after the message has been signed. {% endhint %} #### Monitor your stakes & rewards To monitor and track your stakes and their associated rewards, simply head to the **Rewards** section on Figment Prime's app. You will be able to visualize all the active stakes for a given Vault account, as well as their generated rewards. As per protocol specs, you should be able to withdraw part of your rewards as soon as they are granted.
## Stake with Figment via AP You can find the relevant **API tutorials to stake with Figment programmatically** in our [API documentation](https://ledger-enterprise-api-portal.redoc.ly/developer-portal/docs/eth/eth_staking_figment/). You can also head to [Figment's official API documentation](https://docs.figment.io/staking/ethereum) for more information. # Stake ETH with Blockdaemon You can find the relevant **API tutorials to stake with Blockdaemon programmatically** in our [API documentation](https://ledger-enterprise-api-portal.redoc.ly/developer-portal/docs/eth/eth_staking_blockdaemon/). You can also head to [Blockdaemon's official API documentation](https://docs.blockdaemon.com/reference/ethereum-api-overview) for more information. # Stake Solana # Overview {% hint style="info" %} This feature is currently available only on demand. Please contact your Technical Account Manager for more information. {% endhint %} ## Introduction Solana is a permissionless, decentralized, and secure smart contract blockchain platform offering to solve the scalability problem. Since it encodes the passage of time as data, called Proof of History (PoH), staking on this network enables you to contribute to the security of the network and to earn rewards. There are many benefits of staking Solana with Ledger Enterprise. The process is: * **Simple, yet rewarding:** Staking Solana on Ledger Enterprise only requires a few clicks to generate up to 5.5% APY. You will be able to manage all of your staking positions in one place without needing prior knowledge of the network and with no extra cost. * **Secured & Low risk:** Protect against mismanagement of funds by having staking transaction checks at a hardware level before signing. This will enforce that only your Ledger Enterprise account retains control and receives the rewards. Additionally, slashing risks are fully mitigated by our validator partners, thus enabling institutional staking with security and peace of mind. * **Flexible and scalable:** You can manage as many on-chain staking positions as you need from just one account on the LE platform. This allows you to stake more without undelegating your previous staking position and partially withdraw staking positions so you don’t lose time or rewards. It also lets you manage with ease new restrictive regulations, by tracking precisely all your end-user stakes as one on chain address. This implementation is even possible via API, if you are looking for scaling Solana staking as user demand grows. ## Learn Everything about Solana Staking “Stake” and “Deactivate” operations on Solana get processed at the end of the current epoch, on average it is 3 days. This is referred to as the warm-up and cool-down period. You can check the status of an epoch [here](https://solanabeach.io/). After performing an operation your stake will be in one of the following status : | Status | Possible action | Generating rewards | | ------------ | -------------------------------- | ------------------ | | Activating | Deactivate, Split, Merge | NO | | Delegated | Deactivate | YES | | Deactivating | Delegate | YES | | Undelegated | Delegate, Withdraw, Split, Merge | NO |
ConceptDescription
Stake

In the Solana blockchain, staking is the process of holding and validating tokens to participate in the network and help secure it. By staking your tokens, institutions can earn rewards for their participation in the network.

To stake Solana tokens, you must click on “Start Staking” or “Stake more” and choose a validator to delegate your funds. Validators are nodes in the network that are responsible for verifying and including transactions in new blocks. When a user delegates their stake to a validator, they are entrusting their tokens to that validator to use for validating transactions and participating in the network.

The rewards for staking are distributed on the solana network to both the validator and the user who delegated their stake to that validator. The amount of the reward is based on the number of tokens staked and the overall performance of the validator.

Deactivate and Partial Deactivating of Stake

In the Solana blockchain, staked tokens can be deactivated to allow the owner to take them off of the validator they are currently delegated to.

To withdraw your stake you first need to deactivate your stake.

Deactivating tokens can be useful in a number of situations:

  • Changing Validators: If a user wants to switch the validator they are delegating their stake to, they will need to deactivate their stake on the current validator before they can delegate it to the new one.
  • Taking a Break: If a user wants to take a break from staking, they can deactivate their stake and take their tokens off of the validator. This will stop them from earning rewards, but they can re-delegate their stake at a later time to start earning rewards again.
  • Reducing Exposure: If a user has a large stake and wants to reduce their exposure to a particular validator or the Solana network in general, they can deactivate part of their stake to do so.

To deactivate a stake, just click the “deactivate” button on a stake. They will then need to specify the amount of their stake that they want to deactivate and confirm the transaction. Once the stake has been deactivated, the tokens will no longer be delegated to the validator, the stake status will be “undelegated” and the user will be free to delegate them to a different validator or withdraw them.

Delegate StakeIf you have some funds deactivating or undelegated, you can click on “delegate” to re-stake/reactivate the amount of sol in this stake and start earning rewards again.
Withdraw StakeIf you have some funds undelegated, you can click on “withdraw” to withdraw your funds and rewards from this stake. Funds will be transferred in your available balance of the current account.
Split Stake

Solana's split stake feature allows a user to split their stake into two or more parts and delegate those parts to different validators.

This feature is only available via API.

This can be useful for several reasons:

  • Diversification: By splitting your stake and delegating it to multiple validators, you can reduce the risk of losing your stake if a single validator becomes unavailable or goes offline.
  • Increased Participation: If you have a large stake, you may not be able to fully participate in the network due to the maximum stake per validator limit. By splitting your stake, you can delegate parts of it to different validators and increase your participation in the network.
  • Better Rewards: If you delegate your stake to a single validator that is not performing well, you may not earn as many rewards as you could if you split your stake and delegated it to multiple validators that are performing better.

To split your stake, please refer to the developer portal guide.

Merge StakeIn the Solana blockchain, the merge stake feature allows a user to combine two stakes into a single stake. The main benefit of merging is simplification: If a user has multiple stakes with different validators, they may find it easier to manage their holdings if they merge those stakes into a single stake. To merge your stake, please refer to the developer portal guide.
# Enable SOL Staking {% hint style="success" %} This section is for Administrators only. {% endhint %} You can enable staking for any Solana account. The *Step 4 staking rule* of the Create an account or edition procedure lets you activate and configure a rule to govern staking transactions. The staking rule governs all Solana staking transactions. 1. Press the toggle to be able to begin configuring the staking rule.
2. Select creator to define which operators can create staking transactions. You can select up to 20 operators or a single group. 3. Use the approval workflow section to define which Operators must review and approve staking transactions created in the account. You can define up to three steps. 1. Click Add approval step. 2. Select up to 20 Operators or a single group.\ \&#xNAN;*Operators and groups pending to be created, edited, or deleted won't be listed.* 3. Click the chevrons to define the number of approvals required from these Operators. 4. Click Add approval step. # Stake SOL from Account {% hint style="success" %} This section is for Operators only. {% endhint %} ## Prerequisites for staking SOL To initiate staking operations, you need to be a **Creator** in the staking governance rules of the account. If you are not, please contact your administrators to request the necessary permissions. ## Stake SOL via app UI
**Step 1: Start Staking** 1. Navigate to the relevant Solana staking account. 2. Click on the **Start Staking** button to open a modal with validators proposed by Ledger partners. 3. Decide on the amount to stake and approve your transaction on the Ledger Stax. 4. Ensure some SOL is always available for future operations. > **Note:** It may take up to 4 minutes to broadcast and re-synchronize your stake to Ledger Enterprise. Please refresh the page after this period to view your stake. **Step 2: Staking Activation Period** * Once all operators approve the transaction, your stake will be in an **Activating** status. * It generally takes around 3 days for a stake to move to an **Activated** status. * Rewards begin generating once the stake is activated. **Step 3: Visualize Rewards & Stake Information** * Each table row in the interface represents an on-chain staking position. * Click a row for details on stake status, activation date, and total generated rewards. * A dedicated tab provides on-chain reward payout history. * Verify information by clicking the explorer button to check on-chain data. > **Note:** The total balance in your stake account is greater than your delegated amount due to Solana's rent. Only the delegated amount generates rewards. **Step 4: Stake More** * Use the **Stake More** button to create new staking positions. * Separate positions can be made for each customer to meet compliance or to increase rewards. * We recommend maintaining under 10 active stakes for seamless account management. **Step 5: Withdraw Returns** * To withdraw funds, first click **Deactivate** to put your stake in a **Deactivating** status, which lasts about 3 days. * Afterward, click **Withdraw** to send funds and rewards to your Ledger Enterprise account. ## Stake SOL via API Access relevant API tutorials in our [API documentation](https://ledger-enterprise-api-portal.redoc.ly/developer-portal/docs/staking-introduction/). ## Test Staking SOL To start testing on Ledger Enterprise, you need at least the staking addendum. Contact our team for access. * **Option 1:** Test on Solana Mainnet with real funds (no risk of losing funds; only Transaction fee apply). * **Option 2:** Test on Solana DevNet with test SOL tokens, which have no real value. Contact our team to obtain test SOL. > **Note:** Network constraints like the 3-day warm-up/cool-down period cannot be bypassed. Rewards are distributed over time during each epoch. Our team continuously tests the staking capabilities to ensure rewards are generated and operations function with your preferred validator. # Solana Staking Reporting * Operators can export the history of their staking positions on accounts they've got access to. * Administrators can review the staking history of all accounts. ## Reporting and Balances Breakdown ### **Main balances** At all times you are able to see how many SOL are locked in staking from your total balance in the upper part of the account section. This balance aggregates stakes balances in every possible status: Activating, Delegated, Undelegated, Deactivating.
### **Staking Overview**
You can find here the aggregate staking information about all your stakes. ### **Main validator:** Generally it will be the one from your contract **Your staking rewards :** * Total rewards : Sum of all stakes total rewards * Last 7 days : Sum of all stakes received rewards during the last 7 days * Last 30 days : Sum of all stakes received rewards during the last 30 days ### **Staking balances breakdown:** * Total delegated : Sum of all stakes delegated balances, generating rewards * Total undelegated : Sum of all stakes delegated balances, unused funds but locked in staking position, you can withdraw this amount. * Total activating : Sum of all stakes activating balances, what is waiting activation and will soon be delegated. * Total deactivating : Sum of all stakes deactivating balances, generating rewards but will be soon undelegated and available for withdrawal. ### **Total Staking Balance** Main Balances will be greater than the sum of staking balance breakdown since they exclude the rent from all stakes, the rent is generally really small and don’t impact revenues but will impact your reporting capabilities for audit. There is no way of anticipating the amount in the rent since it depends on solana blockchain changes at the time of the creation of the stake. ### **Staking positions**
Find all open stakes in the staking position section of the page, you will find the validator, the stake address, total amount locked in this position, position status and list of possible actions. When you click on a stake you will find a detailed view of the stake. **Single Stake Detailed view**
Detailed view contains stake specific information : * stake address : Address of the stake on chain * validator : Name and link to explorer * status : stake’s status (Activating, Delegated, Deactivating, Undelegated) * total rewards : sum of all the rewards you received on chain * stake account total balance : Delegated SOL + [Rent Exempt](https://docs.solana.com/implemented-proposals/rent) * delegated Amount : Delegated SOL, what is generating rewards * undelegated Amount : Undelegated SOL, what is not generating rewards * activation/ Deactivation Date : When your stake got processed and activated on the chain ### Single Stake rewards payout view
You can find the rewards history with payment date, rewards amount, and post stake balance. By default you will find the last 5 payments, if you need to explore more click load more. ### API reporting Implement advanced reporting tracking capabilities via API, to do so please refer to this [developer portal guide](https://help.vault.ledger.com/api-documentation/getting-started/authentication#reporting--notifications). # Stake Cardano # Overview ## Introduction The Cardano protocol uses a unique proof-of-stake consensus mechanism called Ouroboros, as opposed to the energy-intensive proof-of-work system currently used by Bitcoin. The implementation of a Proof-of-Stake consensus mechanism can vary widely depending on the different networks (see Polkadot staking). On Cardano staking is implemented through registering and delegating your account to a validator. You can [learn more on Cardano](https://www.ledger.com/academy/what-is-cardano) on our Ledger Academy website. There are several reasons to consider buying and using Cardano (ADA) for its intended purposes: * **Advanced technology:** Cardano is a third-generation blockchain platform that aims to address the limitations of previous generations like Bitcoin and Ethereum. It has a unique two-layer architecture, comprising the settlement layer for ADA transactions and the computational layer for smart contracts. This design allows for greater flexibility, scalability, and sustainability. * **Research-driven development:** Cardano's development is driven by a strong emphasis on research and academic rigor. Its underlying technology, the Ouroboros [Proof of Stake (PoS)](https://www.ledger.com/academy/blockchain/what-is-proof-of-stake) protocol, has been peer-reviewed and published in top academic conferences. This ensures that Cardano's technology is cutting-edge and secure. * **Energy-efficient and eco-friendly:** Cardano's PoS consensus mechanism is much more energy-efficient than the Proof of Work (PoW) used by Bitcoin and Ethereum, making it a more environmentally friendly choice for investors and companies concerned about their carbon footprint. **Now, let's discuss how staking works with Cardano:** Staking in Cardano is a process where ADA holders participate in the network's PoS consensus mechanism by delegating their ADA tokens to a stake pool. By doing so, they help secure the network, validate transactions, and earn rewards in the form of additional ADA tokens. Staking with Cardano has several advantages: * **Passive income:** ADA holders can earn a steady stream of passive income from staking rewards, making it an attractive investment option for long-term holders. * **Low barriers to entry:** Unlike PoW mining, which requires expensive hardware and consumes a lot of energy, staking with Cardano is accessible to anyone holding ADA tokens, regardless of the size of their holdings. * **Decentralization and security:** The more people participate in staking, the more decentralized and secure the Cardano network becomes, which ultimately benefits all ADA holders. **Finally, let's address the safety of Ledger Enterprise integration:** Ledger Enterprise makes a point to deliver the most secure solution to interact with a blockchain. In our vision a wallet solution should not let the user be able to lose its funds by mistake and also let the user verify what he is signing with top-notch security for storing and managing digital assets like Cardano. The integration between Cardano and Ledger Enterprise ensures that your ADA tokens are safe from cyber threats and empower our users to verify with certainty the transactions they are signing. **In summary**, Cardano is a highly innovative, research-driven, and eco-friendly blockchain platform that offers ADA holders the opportunity to earn passive income through staking. Its integration with Ledger provides a secure and reliable way to manage and store your ADA tokens. This combination of technological innovation, potential for growth, and security makes Cardano an attractive option for high net worth individuals and companies looking to invest in digital assets. ## Learn more about Cardano Staking Staking operations on Cardano network get processed at the end of the current epoch, on average it is 5 days. You can check the status of an epoch [here](https://cardanoscan.io/). To understand staking, the cardano the community - through ADA Heart Pool - have created [The Grand Ultimate Cardano Staking Guide](https://www.adaheartpool.com/posts/the-grand-ultimate-cardano-staking-guide/), the most translated guide in the community ([here](https://www.adaheartpool.com/) the versions in other langage). It summarises everthing that need to be understood to start staking and we recommend to go through it. To start generating rewards on the Cardano network, you'll follow a 5 steps process and it will take from 16 to 20 days to receive your first rewards. Afterward you'll receive withdrawable rewards at the start of each epoch (5 days) 1. **Register** The *register* transaction is a *refundable staking certificate* with a 2 ADA fee. This transaction will cost you 2 ADA - locked in by the protocol - plus the transaction fee. The 2 ADA will be given back to your account when you'll do the deregister transaction. The register transaction will be processed at the end of the current epoch. 2. **Delegate** Once registered you can *delegate* your account to a stake pool. The delegate transaction will be process at the end of the current epoch resulting in your stake to be *active* thus generating rewards. 3. **Generate reward** Once your delegation is active it starts generating rewards for the current epoch. It will accumulate rewards each time your validator is selected through a random process to sign blocks. At the end of the epoch for which you have an active stake, you'll have signed a certain number of block. The greater the amount of block you'll have signed the greater the rewards you'll receive. Statistically the rewards percent you'll have on your delegated amount will be \~4%. 4. **Calculate rewards** Once the epoch in step 3 is passed, a calculation will take place in the network to identify how much rewards need to be sent to your rewards address. Once that new epoch ends your *withdrawable* balance will be updated with the calculated amount. 5. **Withdraw** In your Ledger Enterprise workspace you'll be able to see 2 differents rewards balances in order to help you to not loose any rewards. The *withdrawable* balance corresponds to the rewards already given to your rewards address that you can withdraw and spend right after the withdraw transaction. The *pending n-1* balance corresponds to the rewards that have been generated and estimated but not yet sent to your withdrawable balance. There may be differences between the pending n-1 balance and what you'll actually receive in the next epoch as it is an estimate. The **deregister** transaction will stop the staking of your account. You'll keep the *withdrawable* balance but you'll lose the *pending n-1* balance. {% hint style="info" %} This feature is currently available only on demand. Please contact your Technical Account Manager for more information. {% endhint %} {% hint style="info" %} Only Shelley addresses are supported for ADA by the Vault, Byron addresses are not supported. {% endhint %} # Enable ADA Staking {% hint style="success" %} This section is for Administrators only. {% endhint %} You can enable staking for any Cardano account. The *Step 4 staking rule* of the Create an account or edition procedure lets you activate and configure a rule to govern staking transactions. The staking rule governs all Cardano staking transactions which comprise REGISTER, DELEGATE, WITHDRAW and DEREGISTER. 1. Press the toggle to be able to begin configuring the staking rule.
2. Select creators to define which operators can create staking transactions. You can select up to 20 operators or a single group.
3. Use the approval workflow section to define which Operators must review and approve staking transactions created in the account. You can define up to three steps. 1. Click Add approval step. 2. Select up to 20 Operators or a single group. *Operators and groups pending to be created, edited, or deleted won't be listed.* 3. Click the chevrons to define the number of approvals required from these Operators. 4. Click Add approval step. 4. Once confirm, complete the edit or create account flow and wait for approvals from relevant administrators. # Stake ADA from Account {% hint style="success" %} This section is for Operators only. {% endhint %} ## Prerequisites for staking ADA To initiate staking operations, you need to be a **Creator** in the staking governance rules of the account. If you are not, please contact your administrators to request the necessary permissions. ## Stake ADA from app UI ### Step 1: Register Your Account 1. Visit your account page and click **Register.** 2. A modal will open with a prefilled deposit of 2 ADA to the blockchain. 3. Approve the transaction on your PSD. 4. Refresh the page after the transaction is confirmed. **Note:** Only the deposit is needed. More ADA decreases rewards volatility.
### Step 2: Delegate Your Account 1. After registration, you'll see the **Delegate** option. 2. Delegate your account to a *Stake Pool* to earn rewards. 3. Delegation starts generating rewards within about 5 days (one epoch). 4. Select your stake pool validator from the provided options. **Tip:** You maintain control of your assets. Changes in balance will alter your stake amount.
### Step 3: View Rewards and Stake Info * Your account page provides all staking information and reward details.
### Step 4: Stake More ADA 1. After initial delegation, simply add more ADA to your account. 2. Be mindful of the 70M ADA per pool limit to avoid reward penalties. 3. Consider using multiple pools if needed.
### Step 5: Withdraw Rewards 1. Rewards are available after each epoch. 2. Use the **Withdraw** transaction to move rewards to your available balance. 3. Ensure a non-zero withdrawable balance before initiating a transaction. **Security:** Rewards will only be received on the account that initiated the registration. ## Stake ADA via API Access relevant API tutorials in our [API documentation](https://ledger-enterprise-api-portal.redoc.ly/developer-portal/docs/staking-introduction/). # Reporting {% hint style="success" %} Operators can export the history of their staking positions on accounts they've got access to. Administrators can review the staking history of all accounts. {% endhint %} ## Reporting Balances and Breakdown On your account page you have 2 different places where you can observe your balances : 1. The top panel with your available balance, your total balance, your pending balance and your total at stake. 2. The Staking Information panel with the total rewards generated, rolling weekly rewards, and rolling Monthly rewards, as well as your available balance, your current deposit, your withdraw-able balance, and the rewards that have been calculated in the previous epoch but not yet sent to your withdraw-able balance. 3. **Available balances:** Correspond to your balance minus the deposit you have. Keep in mind ADA don't let you initiate a transaction that would leave your account with less than 1 ADA. Please always keep 1 ADA in your account for convenience. The pending transactions you may have will impact that balance. 4. **Total balance:** Correspond to your balance minus the deposit you have. The pending transactions you may have will impact that balance. 5. **Staking Information Panel**
6. Your staking rewards: 1. Total rewards : Sum of all your withdrawn rewards 2. Last 7 days : Sum of all your withdrawn rewards during the last 7 days 3. Last 30 days : Sum of all your withdrawn rewards during the last 30 days 7. A part from your available balance, you'll be presented with 1. **The deposit** that you registered to the blockchain 2. Your **stake address** 3. The **pool ID** that you choose to delegate to 4. The **withdraw-able balance** corresponding to what the network already sent you as rewards 5. The **epoch n-1** rewards corresponding to the rewards the network has calculated for you but not yet sent to your withdraw-able balance - this balance can be lost if you deregister your account. 8. **API reporting** Implement advanced reporting tracking capabilities via API, to do so please refer to this [developer portal guide.](https://help.vault.ledger.com/api-documentation/getting-started/authentication#reporting--notifications) # Stake Polkadot # Overview {% hint style="info" %} This feature is currently available only on demand. Please contact your Technical Account Manager for more informations. {% endhint %} ### Introduction The Polkadot blockchain relies on a [Nominated Proof-of-Stake consensus](https://wiki.polkadot.network/docs/learn-consensus#nominated-proof-of-stake). Each blockchain may implement the Proof-of-Stake mechanism in a different way, resulting in differences in the flow of actions from the user to stake their asset and nominate a validator to secure the network on their behalf. Polkadot has introduced a new set of vocabulary to facilitate the understanding of each specific action needed to achieve staking and earn rewards. You’ll soon be familiar with the terms of *bonding* and *unbonding* assets, as well as the concept of *proxy* to help you earn rewards on the Polkadot blockchain. The benefits of staking Polkadot are: * **Best rewards vs market cap** The Polkadot blockchain has reliably been in the Top 10/20 coins in terms of market cap and has an APY (annual percentage yield) of 13-16% since its inception, making it one of the most profitable stakable assets since 2020. * **Low risk, high yield** Compared to other blockchains, there is a low risk of slashing when staking DOT. The main risk is missing out on staking rewards in case of poor validator performance which is statistical and should be linearised over time. Ledger is partnering with Figment to offer an institutional-grade Polkadot staking service. * **A unique automated staking** Polkadot is a blockchain that necessitates regular action from the token holder to nominate validators and maximise the rewards one can get. The unique partnership between Ledger and Figment allows us to automate the most cumbersome part of staking with Polkadot giving our user the assurance that we will have a reduced risk of not getting rewards and freeing them valuable time. ## How does it work? ### Understanding the different Polkadot staking balances Before diving into the step-by-step instructions on how to earn polkadot staking rewards, we will detail the different balances that exist in the polkadot ecosystem. This is the balances display you'll see on your account page after activating the staking feature on the account.
### Staking balances * **Stash account** : The Stash Account is the term used by the Polkadot network to speak about your main account that will hold rights over your secondary account, which will be the one which actually performs the staking actions. * **Available** : This represents the spendable balance of the account. On the blockchain it is identified as the free balance to which we subtracted 1 DOT, which is the existential deposit to avoid any mismanagement by the user. * **Bonded** : This represents the balance that can participate in the governance of the network and generate rewards after the nomination process of validators. The nomination process of validators is done by our partner to avoid for the user to have to do the nomination process every day. * **Unbonding** : This represents the total balance of all assets that are in the unlocking period of 28 days. Each time you do an **unbond** transaction of a specific amount, it will create a new row of unbonding assets in the *Staking Positions* table. * **Unbonded** : This represents the balance of assets that has gone through the 28 days unlocking period and that is now waiting for you to either **withdraw** them to your available balance or **rebond** them to your bonded balance. ### Controller account balances * **Controller account** : The controller account is an account that is identified by a Stash account as its staking management account. * **Address** : This is the address of your controller account that has been fetched on the blockchain looking at the responses payload of the **Create anonymous sub-account** (AKA create controller account) function you previously executed. This address is guaranteed by the blockchain to only be accessible by your stash account. * **Free** : This represents the free balance of the account. It is advised to put only 1 DOT on that account to activate it on the blockchain. When you **add a proxy** partner 0.008 DOT is sent from that balance to the reserved balance of the controller account. * **Reserved** : This represents how much has been locked for the lifetime of the proxy you just created. The use of a proxy implies you to lock 20.033 DOT + 0.008 DOT (per proxy). These can be redeemed with the function **remove proxy** . * **Reward Destination** : This indicates where your rewards will be sent to by the validator. You can change that destination with the **change rewards destination** function and choose between: * Cash In - your rewards will go to the available balance of your stash account * Compounding - your rewards will go to the bonded balance of your stash account and generate rewards in the next round. * **Proxy** : It indicates the address chosen as a proxy. ## Overview of the different staking operations on Polkadot Polkadot Staking introduces several actions that need to be performed by the user to be able to do staking. Below is the detailed explanation of what they mean and why they are important. You can access the Staking Actions if you are in the Staking rules by clicking the Manage button in the Staking section as shown below after you’ve completed Step 3 of the Basic Flow - *Bond Asset*. ### Staking actions * **Bond** : act of bonding your first asset, this action identifies the account you’ll lock funds to and identifies it as your controller account. It also identifies the payee of your staking rewards. The two options for payer are *Cash In* - rewards go to your free balance - and *Compounding* - rewards go to your bonded balance. You’ll be able to change the payee by using the *Change Rewards Destination* function. This action is only accessible during the set-up of your staking account. * **Bond Extra** : to add more funds to your bonded balance. * **Unbond** : to start the process of getting back the bonded asset to the free balance of the *stash account* . Once you’ve started unbonding assets you must wait 28 days before being able to withdraw them. You can choose to **rebond** them at any given time. **Please note that you need to revoke the Proxy partner first before unbonding** * **Add Proxy Partner** : once you have a sufficient bonded balance, you can add a proxy partner that will automatically nominate for you a set of validators regularly in an optimised way. This will allow you to start earning rewards based on your bonded balance. * **Revoke Proxy Partner** : you can revoke your proxy at any time, and stop earning rewards. * **Change Rewards Destination** : to change the rewards destination of your controller account between Cash In - rewards go to your free balance - and Compounding - rewards go to your bonded balance. When validating on your PSD, we use the polkadot term for Cash in and Compound ; Compound = **Staked** , Cash In = **Stash** . * **Chill** : as stated on the Polkadot network website, "staking bonds can be in any of the three states: validating, nominating, or chilled (neither validating nor nominating)". Choosing to "chill" your stake means that your funds will stay bonded but won't be delegated and so won't be receiving rewards. * **Withdraw** : transfers all your unbonded balance to your free balance, which is displayed as your available balance on the Vault account page. # Enable DOT Staking {% hint style="info" %} This feature is currently available only on demand. Please contact your Technical Account Manager for more information. {% endhint %} {% hint style="success" %} This section is for Administrators only. {% endhint %} ## Enabling staking on a Polkadot account You can enable staking for any Polkadot account. The *Step 4 staking rule* of the Create an account or edition procedure lets you activate and configure a rule to govern staking transactions. The staking rule governs all Polkadot staking transactions. 1. Press the toggle to be able to begin configuring the staking rule.
2. Select creator to define which operators can create staking transactions. You can select up to 20 operators or a single group. 3. Use the approval workflow section to define which Operators must review and approve staking transactions created in the account. You can define up to three steps. 1. Click Add approval step . 2. Select up to 20 Operators or a single group.\ \&#xNAN;*Operators and groups pending to be created, edited, or deleted won't be listed.* 3. Click the chevrons to define the number of approvals required from these Operators. 4. Click Add approval step . # Stake DOT from Account {% hint style="success" %} This section is for Operators only. {% endhint %} ## Prerequisites for staking DOT To initiate staking operations, you need to be a **Creator** in the staking governance rules of the account. If you are not, please contact your administrators to request the necessary permissions. ## Stake DOT from app UI #### 1. Bond Assets Ensure the previous step, **"Enabling Staking on a Polkadot Account,"** is completed by an Administrator (see here for more info). With the **Bond** action, you can: 1. Decide the rewards destination for the bonded asset. 2. Choose the amount to bond from your *available balance* to your *bonded balance*.
#### 2. Add Proxy Proxy your nomination rights to a partner. On the Polkadot blockchain, participation in selecting one of the available validators is crucial but can be complex and time-consuming. Specialized companies provide validator and proxy nominator services. To take advantage of these services, execute a transaction to designate our partner as your proxy nominator. This strategy maximizes potential rewards and minimizes the risk of network penalties. #### 3. Earn Rewards After appointing your proxy partner, rewards will flow daily. Depending on your chosen reward destination in the Bond process (step 3), they will either compound in your bonded balance or be directed to your available balance. Your earnings fluctuate based on validator selection and the current staking percentage, estimated at approximately **\~14.92% rewards** for staked assets given the current conditions. #### 4. Polkadot's Extended Functionalities To stake, you must bond assets to a specific balance, separate from your *available balance* and not immediately spendable. To regain control, you must **unbond** an amount, transitioning it to an **unbonding balance** for 28 days without generating rewards. During this period, you can **rebond** part or all of your unbonding balance back to earn rewards. After 28 days, it becomes an *unbonded balance*, enabling you to **withdraw** it to your *available balance* or use the **Rebond** function. You can change your **Reward Destination** any time post the initial bond: to your *bonded balance* for compounding (*Compound* option) or to your *available balance*, which is spendable (*Cash In* option). ## Stake DOT via API Access relevant API tutorials in our [API documentation](https://ledger-enterprise-api-portal.redoc.ly/developer-portal/docs/staking-introduction/). # Stake Tezos # Overview ### Tezos Staking Overview This feature is currently available on demand. Please contact your Technical Account Manager for more information ## Introduction The Tezos blockchain relies on a Proof-of-Stake protocol. Token holders can *delegate* their Tezos accounts to a validator to secure the network on their behalf. XTZ holders earn the staking rewards generated minus the validator’s fees. ## Before you start Mind the staking rule defined in the account. Go to *Accounts* > *Account dashboard*. * Operators can only create a delegation transaction if they are among the creators of the staking rule. * Operators can only approve a delegation transaction if they are part of the staking rule’s approval workflow. ## Instructions **Step 1: Initiate the creation of a delegation transaction** Go to the dashboard of your Tezos account. Click the Delegate my account button in the Delegation section to initiate the creation of a delegation transaction. **Step 2: Select the validator** Our staking partner Kiln is preselected as the validator which you delegate the account to. Press continue. **Step 3: Set the fees** Set the fees for the delegation transaction (see [Transactions](https://help.vault.ledger.com/developer-portal/content/transactions/tx/) for details about Tezos transaction fees & speed) **Step 4: Confirm the transaction request** 1. Review the summary of the transaction. 2. Click Create transaction . 3. Verify that the information displayed on your device is accurate. If it's not, either try again or contact Support, but **do not confirm the transaction** . 4. Tap Confirm . when prompted by your device to confirm. **Step 5: Results** A delegation transaction request has now been created. Depending on the approval workflow defined by the account’s staking rule, the request might need to be approved by other Operators. Go to the account's details page (*Account* > *Account dashboard* > *Rules*) to review the approval workflow. The pending transaction will be blocked if an Operator in the approval workflow who has approved the request is revoked. Once the request is approved and the delegation transaction broadcast and confirmed on the Tezos blockchain, the delegation section of the account dashboard will show the delegation and how long it has been active. Please note that after the delegation transaction is confirmed on chain, it takes 8 cycles (around 23 days) for the stake to be approved and the validator to start paying rewards. Rewards will then be paid every cycle (around 3 days). If you stake any additional XTZ afterwards on the account, that amount will also need to wait around 23 days before earning rewards. ## Revoking the delegation of a Tezos account ### Before you start Mind the staking rule defined in the account. Go to *Accounts* > *Account dashboard*. * Operators can only create an *end delegation* (UNDELEGATE) transaction if they are among the creators of the staking rule. * Operators can only approve an *end delegation* transaction if they are part of the staking rule’s approval workflow. ### Instructions **Step 1: Initiate the creation of an *****end delegation***** transaction** Go to the dashboard of your delegated Tezos account. Click the End button in the Delegation section next to the active delegation which you wish to revoke. **Step 2: Select the validator** Our staking partner Kiln is preselected as the validator whose delegation you wish to revoke.. Press continue. **Step 3: Set the fees** Set the fees for the *end delegation* transaction (see [Transactions](https://help.vault.ledger.com/developer-portal/content/transactions/tx/) for details about Tezos transaction fees & speed) **Step 4: Confirm the transaction request** 1. Review the summary of the transaction. 2. Click Create transaction . 3. Verify that the information displayed on your device is accurate. If it's not, either try again or contact Support, but **do not confirm the transaction** . 4. Tap Confirm . when prompted by your device to confirm. **Step 5: Results** An end delegation transaction request has now been created. Depending on the approval workflow defined by the account’s staking rule, the request might need to be approved by other Operators. Go to the account's details page (*Account* > *Account dashboard* > *Rules*) to review the approval workflow. The pending transaction will be blocked if an Operator in the approval workflow who has approved the request is revoked. Once the request is approved and the delegation transaction broadcast and confirmed on the Tezos blockchain, the delegation section of the account dashboard will be cleared. # Stake Cosmos # Overview ## Introduction The Cosmos blockchain relies on a (delegated) Proof-of-Stake protocol. Staking your Cosmos (ATOM) allows you to passively earn rewards for helping to secure the network. ATOM holders earn the staking rewards (up to 20%) generated minus the validator’s fees. ## Set up The ability to stake Cosmos on Ledger Enterprise leverages our Vault Signer feature, which allows users to go through an external wallet to craft operations. These requests are then verified and signed by Ledger Enterprise. This model ensures that all transactions comply with the governance regulations enforced by the hardware security module (HSM). Learn more on how to set up a Cosmos staking account here. ## Start staking To begin staking operations on Cosmos (ATOM), please contact your Technical Account Manager {% hint style="info" %} This feature is currently available on demand. Please contact your Technical Account Manager for more information {% endhint %} # Enable ATOM Staking {% hint style="success" %} This section is for Administrators only. {% endhint %} ## Enabling Cosmos staking on an account You can enable staking for any Cosmos account. The *Step 4 staking rule* of the Create an account or edition procedure lets you activate and configure a rule to govern staking transactions. The staking rule governs all Cosmos staking transactions: delegating ATOM to a validator, claiming rewards, undelegating your assets and redelegating assets to a validator. Activate the feature by clicking on the **Toggle** button, and configure your **Staking governance rule** according to your needs. 1. Select creator to define which operators can create staking transactions. You can select up to 20 operators or a single group. 2. Use the approval workflow section to define which Operators must review and approve staking transactions created in the account. You can define up to three steps. 1. Click Add approval step . 2. Select up to 20 Operators or a single group.\ \&#xNAN;*Operators and groups pending to be created, edited, or deleted won't be listed.* 3. Click the chevrons to define the number of approvals required from these Operators. 4. Click Add approval step . # How to stake ATOM Stake ATOM on Ledger Live with your Vault Signer account {% hint style="success" %} This section is for Operators only {% endhint %} ## Step-by-step guide: on Ledger Live with your Vault Signer account ### Earning ATOM staking rewards ### Before you start Mind the staking rule defined in the account. Go to *Accounts* > *Account dashboard*. * Operators can only create a delegation transaction if they are among the creators of the staking rule. * Operators can only approve a delegation transaction if they are part of the staking rule’s approval workflow. Additionally, you need to have your **Vault Signer Cosmos account** set-up: * Your Personal Security Device must be connected to your computer, switched on, and the Ledger Vault app opened. * You need to have a Vault Signer account created: Create a Signer account . * You need to have connected your workspace to the Ledger Live and imported the account you wish to interact with. ### Instructions #### Initiate the creation of a delegation transaction on Ledger Live 1. Go to the dashboard of your Cosmos account on Ledger Live. Click the **Earn rewards** button at the top of your account dashboard.
2. Click **Continue** to delegate your assets after reading the information window. 3. Enter the amount of ATOM to delegate. By delegating a higher amount, you can get more reward. * You will have to select an amount to delegate and the validator you wish to delegate to. * Only the validators who are in the top 125 can distribute rewards. If a validator drops out of the top 125, they will no longer validate blocks, thus they no longer have rewards to distribute. * You may choose up to five validators in a single delegation operation. * You may choose an existing validator in your list to add more Atoms to the already existing delegation.
4. Click on **Continue** and review the summary information of your staking operation. #### Review and confirm the delegation request on Ledger Enterprise 1. The final step asks you to validate the request on your device. For this step, please switch to the Vault platform where you will have a request appear for a delegation transaction creation request. 2. Based on the workflow defined in the *staking governance rule* , other approvers will receive an approval request on the Vault, similar to when they receive a request for a transaction crafted on the Vault. 3. Once the request is approved, the delegation transaction is broadcast and submitted on the Cosmos blockchain. #### Results: monitor your delegations on Ledger Live 1. The list of current delegations is available within the account information screen.
Note: When you delegate your ATOMs, they will remain locked. After ending a delegation, your ATOMs cannot be used for the 21 days that follow. #### Delegate to an additional validator 1. If you are already delegating your assets and want to delegate your ATOM to an additional validator, click on the Add button in the Delegation(s) section.
### Claim your ATOM rewards ### Before you start * Operators can only create an *claim rewards* transaction if they are among the creators of the staking rule. * Operators can only approve an *claim rewards* transaction if they are part of the staking rule’s approval workflow. ### Instructions #### Create your claim rewards transaction request on Ledger Live 1. When available, you will be able to claim your rewards through the **Claim rewards** button or through the **Manage** list of options. * Note that the **Manage** button is specific to a validator, while the Claim rewards button will let you choose the validator. * Claiming rewards will cost a **fee** . A warning message is displayed if the fee for a reward is higher than the reward itself.
2. Two options are available when claiming rewards from a validator: * **Cash in** : The reward amount is added to your available balance. * **Compound** : The reward amount is redelegated to the same validator.
3. Click on **Continue** . #### Review and confirm the claim rewards request on Ledger Enterprise 1. The final step asks you to validate the request on your device. For this step, please switch to the Vault platform where you will have a request appear for a claim rewards transaction creation request. 2. Based on the workflow defined in the *staking governance rule* , other approvers will receive an approval request on the Vault, similar to when they receive a request for a transaction crafted on the Vault. 3. Once the request is approved, the claim rewards transaction is broadcast and submitted on the Cosmos blockchain. ### Undelegating your ATOM assets ### Before you start Mind the staking rule defined in the account. Go to *Accounts* > *Account dashboard*. * Operators can only create an *end delegation* (UNDELEGATE) transaction if they are among the creators of the staking rule. * Operators can only approve an *end delegation* transaction if they are part of the staking rule’s approval workflow. ### Instructions #### Creating an undelegation request on Ledger Live 1. Go to your Cosmos account dashboard on Ledger Live. From the Delegation(s) list, click on the **Undelegate** option available through the validator **Manage** button. 2. Select the amount you want to undelegate, please note that: * Pending rewards will be cashed in automatically. * The undelegated amount will be **locked for 21 days** before being transferred to your available balance. 3. Click on **Continue** . #### Review and confirm the undelegation transaction on Ledger Enterprise 1. The final step asks you to validate the request on your device. For this step, please switch to the Vault platform where you will have a request appear for a undelegate transaction creation request. 2. Based on the workflow defined in the *staking governance rule* , other approvers will receive an approval request on the Vault, similar to when they receive a request for a transaction crafted on the Vault. 3. Once the request is approved, the undelegate transaction is broadcast and submitted on the Cosmos blockchain. #### Results Once the request is approved and the undelegation transaction broadcast and confirmed on the Cosmos blockchain, the **21 days undelegation countdown** will be displayed in the list of **Undelegation(s)** on the account dashboard of your Cosmos account on **Ledger Live**. You can have a maximum of **7 undelegations** at the same time. ### Redelegate your assets You are able to redelegate your asset to another validator without waiting the 21 day required locktime period through the **Redelegation** operation. ### Before you start * Operators can only create an *redelegation* transaction if they are among the creators of the staking rule. * Operators can only approve an *redelegation* transaction if they are part of the staking rule’s approval workflow. ### Instructions #### Creating a redelegation transaction request on Ledger Live 1. From the delegation list, Click on the Redelegate option available through the validator Manage button. 2. Click on **Continue** to delegate your assets after reading the information window. Select a **new validator** and the amount you want to redelegate. 3. Click on **Continue** #### Review and confirm the redelegation transaction request on Ledger Enterprise 1. The final step asks you to validate the request on your device. For this step, please switch to the Vault platform where you will have a request appear for a redelegation transaction creation request. 2. Based on the workflow defined in the *staking governance rule* , other approvers will receive an approval request on the Vault, similar to when they receive a request for a transaction crafted on the Vault. 3. Once the request is approved, the redelegation transaction is broadcast and submitted on the Cosmos blockchain. #### Results Once the request is approved and the undelegation transaction broadcast and confirmed on the Cosmos blockchain, you will find the new selected validator in the **Delegation(s)** list on the account dashboard of your Cosmos account on **Ledger Live**. Note that you cannot redelegate these ATOMs for 21 days afterwards. Note: When you redelegate your assets, your pending rewards are claimed automatically as a cash-in. This will not create a transaction. # Stake Polygon # Overview {% hint style="info" %} This feature is currently available on demand. Please contact your Technical Account Manager for more information {% endhint %} ## Introduction Polygon’s consensus mechanism is built on top of Ethereum, meaning that all Polygon staking operations take place on Ethereum mainnet using POL ERC20 tokens. Staking POL brings many benefits, including: * **High yield** : Polygon leverages (D)PoS (Delegated Proof of Stake) as its consensus mechanism. There are up to 100 validators ensuring the security of the Polygon network, and any POL holder can become a delegator by bonding their assets to their preferred validator. By doing so, delegators can earn up to [5-6% APR](https://www.stakingrewards.com/earn/matic-network/) (i.e. 3% adj.). * **Low risk** : Polygon manages delegations in a trustless fashion, via a robust set of smart contracts. Additionally, staking via Ledger Enterprise empowers you to review your staking operations in a meaningful fashion on trusted display thanks to our ClearSign framework on supported smart contracts. * **Simplicity & scalability** : you can use Ledger Enterprise to stake directly on Polygon Staking applications, from the UI. Should you want to automate your staking workflows to scale your operations, you can also leverage our Public API to perform your delegations and withdrawals programmatically. You can find out more about our API [here](https://ledger-enterprise-api-portal.redoc.ly/) . ### How does it work? There are different operations that you can do when delegating POL: * **Delegate** your POL ERC20 to a validator; once the transaction is completed, your delegated POL will start earning rewards in proportion to the amount that you bonded. There is no bonding period, and your assets will start to generate yield for the upcoming checkpoints. * **Re-delegate** : you can choose to delegate more POL to a validator you are already delegating to; this will trigger a withdrawal of your current available rewards. Once the transaction is completed, you will start earning rewards in proportions to your newly accrued delegated assets. * **Withdraw your rewards** : once you have earned at least 2 POL in rewards, you will be able to withdraw them. There is no unbonding period for rewards, and they will be sent back to the wallet address from which you initiated the delegation. * **Restake your rewards** : once you have earned at least 2 POL in rewards, you can directly restake your rewards to accrue your staked position and generate more yield. This is useful, especially to safe gas fees since you only have to perform one transaction to restake said rewards. * **Undelegate** : at any point, you can withdraw your staked assets (and associated rewards) to the wallet address that initiated the staking position. The undelegation requires a 80-checkpoint (roughly 2 days) unbonding period. Assets being withdrawn and in the 80-checkpoint time period will be flagged as ‘unbonding’. * **Claim unbonded** : to finalize the undelegation, you can claim your unbonded assets, i.e. assets that have undergone the 80-checkpoint unbonding period. Once claimed, your delegated assets and associated rewards will be sent back to the wallet address that initiated the initial staking position. Your POL balance will be accrued accordingly. # Enable POL Staking {% hint style="success" %} This section is for Administrators only. {% endhint %} Polygon’s consensus mechanism is built via **Smart Contracts on the Ethereum network**. Therefore, POL staking operations will fall under the governance as defined in the **Smart Contract rule of your Ethereum accounts**. If you haven’t yet, you will need to activate your Ledger Enterprise Smart Contract Interaction capabilities in order to stake on Ethereum. Please contact your Technical Account Manager for more information. Therefore, enabling staking on Ethereum accounts follows the same steps as outlined in the article Enabling Smart Contract Interactions on Ethereum accounts. Once you have activated the Smart Contract rule on an Ethereum account, you will be able to perform all POL staking operations from that account. The underlying POL ERC20 children account will see its balance change according to the amounts that you delegated/withdrew. Additionally, to ensure optimal account segregation, you can whitelist the POL staking contracts and use the whitelist in the Smart Contract rule of your POL staking accounts. This will prevent the account from interacting with other Smart Contracts. The POL staking contract addresses are: * **Figment’s Validator contract:** 0xb929B89153fC2eEd442e81E5A1add4e2fa39028f * **Polygon (POL) - PoS Staking Contract:** 0x5e3Ef299fDDf15eAa0432E6e66473ace8c13D908 # Stake POL with Figment {% hint style="success" %} This section is for Operators only. {% endhint %} ### Prerequisites You need to be a Creator on at least one smart contract governance rule to have access to the Enterprise DApps. If not, reach out to your Administrators to request it. Note that the parent Ethereum account you wish to delegate POL from: * should have a funded POL ERC20 children account; * should be able to access WalletConnect. ### Staking interface To start delegating POL from your Ledger Enterprise platform, you will need to use WalletConnect. WalletConnect can be accessed either directly from the Ethereum account, via the WalletConnect button, or from the DApps section. To learn more about how to use Wallet Connect, please refer to this article. 1. In a separate browser tab, go to the official POL staking application. Select "WalletConnect" as the connection method. The page should display a QR code. 2. Copy the QR code to your clipboard, and paste it into the WalletConnect interface on your Ledger Enterprise Platform. 3. Review the connection details, then click **Accept** . 4. A confirmation window appears, meaning you have successfully connected your Ledger Enterprise account to the POL Staking app. 5. Return to your POL staking tab in your web browser to start delegating. Head to the Validator list, and select Figment. Click on “Delegate”, and input the amount that you wish to stake. Note that there is no minimum amount. You can then click on “ **Delegate** ”. 6. Head back to your Ledger Enterprise platform window. You should see a transaction pop-up modal appear. Review the details, and click on “ **Create transaction** ”. From there, the rest of the flow is similar to that of a regular transaction: you can adjust the fees if necessary (by clicking on **Back** ), add an optional note & comment, and review your transaction on your device to verify that it matches your intent. 7. If it is the first time that you're connecting a given account to the POL Stalking app, you will need to Approve the staking contract first. You'll then have to do step 6 again to actually delegate POL. 8. Once all approvals have been gathered as defined in the Smart Contract rule of the account you are using, your transaction will be signed and broadcast. You can head back to the POL staking app to check your delegated assets, and perform additional operations should you want to. ### Monitor your stakes & rewards In the first version of our POL staking framework, Administrators and authorized operators will be able to review their POL rewards by connecting via WalletConnect to the **Polygon Staking** application, and heading to the dedicated account section. Note that in a later version, Ledger Enterprise will include such information directly in the account dashboard of your delegated POL accounts, as well as in our reporting API. ## Stake with Figment via API You can find the relevant API tutorials in our [API documentation](https://ledger-enterprise-api-portal.redoc.ly/developer-portal/docs/staking-introduction/). # Stake POL with Kiln {% hint style="success" %} This section is for Operators only. {% endhint %} ## Prerequisites You need to be a Creator on at least one smart contract governance rule to have access to the Ledger Enterprise dApps. If not, reach out to your Administrators to request it. Note that the parent Ethereum account you wish to delegate POL from: * should have a funded POL ERC20 children account; * should be able to access WalletConnect. ## Staking interface To start delegating POL from your Ledger Enterprise platform, you will need to use WalletConnect. WalletConnect can be accessed either directly from the Ethereum account, via the WalletConnect button, or from the dApps section. To learn more about how to use Wallet Connect, please refer to this article. 1. In a separate browser tab, go to the official POL staking application. Select "WalletConnect" as the connection method. The page should display a QR code. 2. Copy the QR code to your clipboard, and paste it into the WalletConnect interface on your Ledger Enterprise Platform. 3. Review the connection details, then click **Accept** . 4. A confirmation window appears, meaning you have successfully connected your Ledger Enterprise account to the POL Staking app. 5. Return to your POL staking tab in your web browser to start delegating. Head to the Validator list, and select Kiln. Click on “Delegate”, and input the amount that you wish to stake. Note that there is no minimum amount. You can then click on “ **Delegate** ”. 6. Head back to your Ledger Enterprise platform window. You should see a transaction pop-up modal appear. Review the details, and click on “ **Create transaction** ”. From there, the rest of the flow is similar to that of a regular transaction: you can adjust the fees if necessary (by clicking on **Back** ), add an optional note & comment, and review your transaction on your device to verify that it matches your intent. If it is the first time that you're connecting a given account to the POL Staking app, you will need to Approve the staking contract first. You'll then have to do step 6 again to actually delegate POL. 7. Once all approvals have been gathered as defined in the Smart Contract rule of the account you are using, your transaction will be signed and broadcast. You can head back to the POL staking app to check your delegated assets, and perform additional operations should you want to. ## Monitor your stakes & rewards In the first version of our POL staking framework, Administrators and authorized operators will be able to review their POL rewards by connecting via WalletConnect to the **Polygon Staking** application, and heading to the dedicated account section. Note that in a later version, Ledger Enterprise will include such information directly in the account dashboard of your delegated POL accounts, as well as in our reporting API. ## Stake with Kiln via API You can find the relevant API tutorials in our [API documentation](https://ledger-enterprise-api-portal.redoc.ly/developer-portal/docs/staking-introduction/) # DeFi ### Web3: DeFi & NFT Interactions with Ledger Enterprise Ledger Enterprise provides a seamless and secure institutional gateway to the world of web3. You can explore and interact with an ever-growing ecosystem of decentralized finance (DeFi), non-fungible tokens (NFTs), and many more decentralized applications (DApps). ### Web3 Governance & Configuration Ledger Enterprise offers a robust and flexible governance framework for all types of web3 interactions. Admins can choose to enable web3 interactions for any EVM account and configure policies for operators to interact with smart contracts and DApps. [Click here](#web3-governance-and-configuration) for detailed instructions. ### Web3 Access #### Ledger Enterprise DApps Ledger Enterprise DApps is your safe and trusted place to explore decentralized applications (DApps) directly from your Vault workspace. Using DApps within Ledger Vault offers you the highest possible smart contract interaction security level. You can find the complete list of DApps supported on Ledger Enterprise [here](/help-center/web3-defi-and-nft/defi/ledger-enterprise-dapps). #### WalletConnect WalletConnect is an open-source protocol that allows you to securely connect your Ledger Enterprise Platform to a wide range of decentralized applications (DApps). You can find the full list of supported DApps on the WalletConnect website. #### Ledger Enterprise Contract Interaction Panel Our Contract Interaction Panel, lets Ledger Enterprise Operators interact with any Ethereum contract through a standard user-friendly interface. Find out more information on how to interact directly with any smart contract [here](/help-center/web3-defi-and-nft/defi/deploy-a-smart-contract). #### Ledger Enterprise API The Ledger Enterprise API lets you interact with any smart contract on the Ethereum blockchain. The transaction creation & approval endpoints make it possible to trade on decentralized exchanges, deposit liquidity on DeFi protocols, mint or transfer NFTs programmatically and at scale, all while using Ledger Enterprise EVM accounts and abiding by your web3 governance rules. See our [API documentation](https://help.enterprise.ledger.com/api-documentation/) ### Web3 Security Don’t trust, verify. Ledger Enterprise **ClearSign** offers unparallelled security for web3 operations. ClearSign lets users verify their web3 interactions on the **Trusted Display** of their Personal Security Devices, effectively preventing them from blind signing these transactions. You can read more about blind-signing and the risks associated with it [here](https://www.ledger.com/academy/cryptos-greatest-weakness-blind-signing-explained). #### ClearSign Interactions with Smart Contracts Ledger Enterprise offers ClearSign for: * a list of supported Ledger Enterprise ClearSign contracts * contracts of the ERC-20 (fungible token) standard * contracts of the ERC-721 or ERC-1155 (non-fungible token) standard When interacting with ClearSign contracts, Operators are prompted to **review the exact nature of their smart contract transaction** on their device trusted display. Ledger Enterprise **interprets** contract interactions in an easily human-readable format, so Operators can ensure the transaction details **match their intent before approving them**. Whenever interacting with contracts supported by Ledger Enterprise ClearSign feature, Operators will be prompted to review the transaction details on device: * **1st screen - General transaction information:** as per any Ethereum transactions, Operators can review recipient data (contract name & address), account, ETH amount, fees; * **2nd screen - Contract data:** This second screen lets Operators verify the content of their contract interaction. *An example of a Clear-Signed transaction on Paraswap* When interacting with contracts which do not yet support ClearSign, Operators are prompted to blind-sign their transactions. You can identify blind-signed interactions with the following warning on your PSD: “Contract data cannot be displayed”. Please make sure that you trust the contract you are interacting with when blind-signing. *An example of a Blind-Signed transaction on a smart contract* When reviewing a smart contract interaction on your device, you are informed, on your User Interface, whether the transaction is Clear Signed or Blind Signed. We are working to extend our ClearSign contract coverage to all major DApps & contracts of the web3 ecosystem. Should you want Ledger Enterprise to support a specific application or contract, please reach out to your Technical Account Manager and we will make sure to prioritize accordingly. #### ClearSign Message Signatures Signing messages serves a crucial purpose in the web3 ecosystem. It allows users to confirm their identity, authenticate transactions, and interact with smart contracts without the need to share their private keys. The EIP-191 and EIP-712 formats are Ethereum Improvement Proposals that standardize signed messages: * EIP-191 provides a basic signed data scheme. It is mostly used to let users prove that they control an address without revealing their private key, typically when logging into a DApp. * EIP-712 improves upon EIP-191 and makes the process of data signing more user-friendly. It displays the data in a structured and readable format, improving user understanding and control over what they are signing. It is used when users are required to sign complex data to interact with a decentralized application (DApp), for instance, when placing orders on NFT marketplaces, or to allow a DEX to swap their tokens. Ledger Enteprise supports the signature of messages in the EIP-191 and EIP-712 formats, and enables operators to review their content on the **Trusted Display** of their Personal Security Devices ### Web3 Operations Reporting #### Smart Contract Interactions Reporting You can monitor and audit your entire history of smart contract interactions. Ledger Enterprise records the nature and outcome of smart contract interactions, as well as their web3 governance audit logs, and exposes them to all available reporting tools: transaction history, csv & API exports.
Transaction details: * Interactions with Ledger Enterprise Clear Sign DApps: the transaction overview tab specifies the contract interaction type: swap, stake, lend, etc. * Additionally, the resulting transfer events of your smart contract executions are displayed in the transaction details; any ERC20, NFT or currency transfers are reported in the `Related operations` section, to enable you to better track and monitor your DeFi and NFT operations. This information is included into **Full .csv exports** as well ( **Light** exports do not include this data). * All smart contract interactions: the contract functions and arguments executed are always displayed in the Details modal, in both decoded human readable format, and raw hex encoded format #### Message Signatures Reporting You can monitor and audit your entire history of messages signed when interacting with DApps.
Ledger Enterprise records the message that was signed, as well as the message signing governance rule's audit logs.
### NFT Gallery & interactions Ledger Enterprise lets you track and manage your NFT portfolio on Ethereum & EVM accounts: * As an **administrator** , you’ll be able to simply toggle on or off the view of NFTs owned by an account in its settings. Find out exactly how to do so here: View NFTs on an ETH account . * All **operators** listed in the Smart Contract rule of the account can send NFT tokens according to the steps outlined in the rule. [This article](#web3-defi-and-nft-interactions-with-ledger-vault) outlines a step-by-step guide explaining the different steps of the send NFT operation: Send an NFT from the Account Gallery . # Message Signing on Bitcoin and Cardano Sign messages with your Bitcoin and Cardano accounts. The Message Signing feature in Ledger Enterprise allows you to cryptographically prove ownership of a specific crypto address without initiating an on-chain transaction. This is particularly useful for processes like participating in airdrops, verifying ownership for a third-party service, or registering on certain platforms that require proof of address control. This feature enhances security by allowing you to interact with services without exposing your private keys or sending funds. The entire process is secured by your Ledger device, ensuring that what you see on the device's trusted display is what you are actually signing. Currently, Message Signing is supported for both Bitcoin (BTC) and Cardano (ADA) accounts. ## Step-by-Step Guide to Signing a Message Follow these steps to generate a signature for a message using your Ledger Enterprise workspace. #### **1. Ensure the Feature is Enabled** Before you can sign a message, the "Message signature" permission must be enabled for the specific account. This is configured by an Admin in the governance rules when creating a new account or by editing an existing one. 1. When creating or editing an account, go through all the steps until you get to step 4 showing the Message Signature ruleset. 2. Toggle the Message signature rule to the "on" position. 3. Add the groups that you would like to have the power to sign messages in this ruleset.
1. Complete the account creation or update process, including the necessary approvals from other Admins. #### **2. Claiming tokens (optional use case)** Once your account has been setup and message signing enabled, you can use the address to do things like claim token rewards. 1. Go to the relevant claim site; 2. Enter the relevant account address that you can make a claim from. 3. Go through the claim process. 4. The claim site will generate a unique claim message. 5. Copy the claim message to your clipboard. #### **3. Initiate the Signing Request** You can start the signing process as an Operator. 1. From the Left Menu, click New Transaction and then select Sign message.
1. A "Sign message" modal will appear. #### **4. Enter Message and Signature Details** {% hint style="warning" %} #### Important Security Notice ***Airdrop Recipient Address:*** When using message signing to claim an airdrop on Cardano, do not use a Cardano address from your Ledger Enterprise workspace as the recipient address. Ledger Enterprise may not support the new asset airdropped, which could result in the loss of funds. Always use a fresh address from a wallet where you control the keys and that you have confirmed supports the incoming token. {% endhint %} In the modal, you will need to provide the necessary information. 1. Account & Address: Select the account and the specific address from which you want to sign. 2. Message to sign: Paste the exact message provided by the third-party service (e.g., the unique claim preview from an airdrop website). 3. Signature standard: This is a critical step. You must select the correct standard required by the service you are interacting with. * For Bitcoin (BTC), the standard is typically BIP-137. * For Cardano (ADA), the standard is CIP-8. 4. Cardano (ADA) Specifics: When signing with a Cardano address, you must specify which key to use for the signature. The address itself is a concatenation of a payment key and a stake key. * Check the requirements of the third-party service. As a general rule, if your address begins with stake, you should select Use stake address. Otherwise, use the default Use payment address. 5. Click Next and review the details, then submit the request for approval. #### **5. Approve on Your Ledger Device** You will be prompted to connect your Ledger device to verify and approve the request. 1. Connect and unlock your Ledger Stax. 2. **Carefully review the message details displayed on the device's screen. This ensures that the message you are signing matches the one you intended to sign.** 3. Approve the action on the device. {% hint style="warning" %} #### Important Security Notice ***Verify the Message:*** Always meticulously verify the full message on your Ledger device's screen before approving. Signing a maliciously crafted message could authorize unintended actions. {% endhint %} #### **6. Retrieve Your Signature** After the request is approved and processed, you can retrieve the signature and public key. 1. Navigate to the Operations tab and click on the Messages sub-tab.
1. Locate your completed message signature request in the list and click on it to open the details view. 2. Here you will find: 1. Public Key / Stake Key: The public key corresponding to the address you used. 2. Signature: The generated cryptographic signature. 3. Use the copy icons to copy both the Public Key and the Signature. You can now paste these into the required fields on the third-party platform to complete the verification process (eg; in the token claim process we described earlier). # Web3 governance & configuration # Enable Smart Contract Interactions on EVM accounts {% hint style="success" %} This article is for Administrators only. {% endhint %} ## Overview [Smart contracts](https://ethereum.org/en/developers/docs/smart-contracts/) are autonomous programs running on Ethereum & other EVM blockchains. Smart contracts are the technology underlying decentralized finance (DeFi), non-fungible tokens (NFTs), and many more decentralized applications (DApps). To interact with a smart contract, user accounts submit specific transactions that execute a function defined on the smart contract, such as a token mint function on an NFT contract, or a token swap function on a Decentralized Exchange (DEX) contract. You can enable smart contract interactions for any Ethereum or EVM account (Polygon, BSC, etc.). The step 4 **web3 rules** of the account creation or edition procedure now lets you activate and configure a rule to govern smart contract interactions for the account. Activate the feature by clicking on the Toggle button, and configure your Smart Contract governance rule according to your needs. Interacting with smart contracts can put funds at risk. We advise users to educate themselves about smart contract risks before activating smart contract interactions. ## Instructions
1. Select **creator** to define which operators can create smart contract transactions. You can select up to 20 operators or a single group. 2. (optional) Click **Add amount range** . Note that the Amount parameter only applies to the amount of crypto you are sending to the contract. It does not impact the ERC20 token amounts transferred to or from your account due to the smart contract interaction 3. (optional) Click **Add whitelist** to restrict interactions to whitelisted smart contracts which you trust. You can select up to four smart contract whitelists from the drop-down. Then, click **Add whitelist** to confirm. * Only whitelists of the Smart Contract type are listed. Note that if a DApp contract is not included in any of the selected whitelists, operators won’t be able to interact with the DApp. This is also true for ERC20 token contracts. * Note that Whitelists pending creation or edition approvals aren't listed. 4. Use the approval workflow section to define which Operators must review and approve smart contract interactions created in the account. You can define up to three steps. 5. Confirm the creation of your Smart Contract Interaction rule and review the rule on your Personal Security Device. Once all required Administrators have reviewed and approved the account creation or edition request, according to your workspace's admin rule , the Smart Contract Interaction rule will be effective for the account. {% hint style="info" %} Please note that Creators are allowed to perform all the smart contract interactions initiated by Ledger Enterprise DApps. Some of these interactions (e.g. swap DAI for MATIC) can move funds on ERC20 children accounts. Creators should be chosen carefully, as DApps will effectively let them perform operations on all ERC20 children accounts. {% endhint %} ## General best practices * Do not enable Smart Contract Interactions for an account holding higher amounts of funds than what you intend to use with Smart Contracts. * Try segregating Smart Contract accounts with one account per smart contract or DApp you wish to interact with. For example > - One account dedicated to Paraswap trading, which you top up before trades and withdraw from after trades > - One account dedicated to ETH liquid staking on Lido > - One account dedicated to to NFT trading on NFT marketplaces * Although Ledger Enterprise DApps features smart contracts which have been audited by multiple independent third-party firms, we encourage you to carry out your own due diligence before interacting with any smart contract. --- [Next Page](/llms-full.txt/1)