An iOS device to run Cobo Guard, our dedicated app for multi-factor authentication (MFA), operation approval, transaction signing, and key share management.
If you’re in the testing phase and want to quickly verify deposits and withdrawals first, you can skip this section for now and configure them later.
Set up governance policies and user roles
Configuring governance policies and user roles is essential for managing access control and security in your organization.
Governance policies define approval rules for key operations (such as member deletion, organization freezing, and API key management), using mechanisms such as auto-approval, auto-rejection, and approval quorum. You can edit governance policies if the default ones don’t align with your organizational needs.
User roles enable you to assign specific permissions to designated members within your organization. When you assign a role to a member, they can only perform actions allowed by that role. For instance, a member with the Viewer role can see wallet information but cannot withdraw tokens. Cobo offers preset user roles. You can also create custom roles tailored to your specific requirements.
As an example, you could set up a governance policy requiring approval from at least two members with either Admin or Manager roles before deleting a member, as illustrated in the screenshot below.
Click the profile icon at the bottom left, and then click Organization.
Click Members. On the Members page, click Invite Members.
Enter the member’s email address and name, and then select appropriate user roles.
Confirm on Cobo Guard that this invitation was initiated by you. Also, as a default governance policy, at least half of your organization admins must approve the invitation request on Cobo Guard.
Upon receiving the invitation, new members should create their own accounts and set up Cobo Guard as described in the previous sections.
Click the profile icon at the bottom left, and then click Pricing Plans.
Navigate to Supported Chains and click the Chain Management icon.
On the Chain Management page, review the list of available chains. If the chains you need are not present, click Add Chains to include additional chains for your organization’s use.
After adding a chain, all its supported tokens will be available for deposit and withdrawal in your wallets.
After setting up your account and organization, the next step is to configure an MPC vault. A default vault is automatically created for you. You need to complete the setup by creating a Main Group and generating key shares.
A set of key share holders is referred to as a holder group. The Main Group is the first holder group you create before using MPC Wallets.The diagram below illustrates a Main Group with two key share holders. Cobo holds one key share, while your organization holds the other.Follow the instructions below to create a Main Group in Cobo Portal:
In the Create Main Group dialog box, navigate to the Key Share Holder 2 section, and configure the holder. For detailed information about co-signer types and their setup, see Co-Signer Type.
To use a mobile co-signer, select a holder from the pull-down list. The TSS Node ID field will be filled in automatically. Click Confirm.
For quick testing, you can select yourself as a holder. However, for production use, refer to our Security best practices for guidance on selecting appropriate holders.
To use a server co-signer, enter a holder name, fill in the TSS Node ID, and then click Confirm.
Confirm in your Cobo Guard app that you initiated this request.
To finalize the vault setup, the next crucial step is generating key shares on your co-signer. This process varies depending on your co-signer type:
For mobile co-signers:
Wait for the 1 key share needs to be generated banner to appear on Cobo Guard (this may take a few seconds).
Tap the banner to open the key generation interface.
Follow the on-screen instructions to complete the key share generation process.
We recommend backing up your key shares at this point for added security. However, you can also choose to complete this step later after finishing the guide.
For server co-signers:
Ensure the TSS Node server is brought online within 24 hours. The key share generation process initiates automatically when the server comes online.
If a TSS Node callback server is configured, the generation process will only start after approval from the callback server.
Once the key generation process is completed, the holder group status will become Active on Cobo Portal. You might need to refresh the Cobo Portal page to see the updated result.
After successful key generation, a default wallet is automatically created for your vault. You can create additional wallets by following the steps below:
If you need to automatically consolidate funds from multiple addresses, enable auto token sweeping. If you’re unsure, you can leave it disabled for now and enable it later if needed.
Click Create.
From the wallet list, select your newly created wallet to view its details.
If you’re in the testing phase and want to quickly verify deposits and withdrawals first, you can skip this section for now and set them up later.
Configure transaction policies
Transaction policies are essential measures to secure your digital asset operations. When a transaction starts, it’s checked against your organization’s transaction policies in sequential order. If it matches a policy’s trigger condition, the specified action will be taken: auto-approve, auto-reject, or an approval quorum process.In this guide, we’ll create a policy that requires 2-of-3 Admin approval for large USDT withdrawals to non-trusted addresses. For other policy setups and advanced configurations, see Set up token transfer policy.
In the Transfer dialog box, fill in the required information, and then click Submit.
Double confirm the withdrawal on Cobo Guard.
After the withdrawal is confirmed, one of your co-signers will be automatically selected to sign the transaction based on their online status and other criteria. You need to ensure that at least one of your co-signers is online. The transaction will remain pending until it receives the necessary signature. You can check if a co-signer is online through Cobo Portal:
Select your vault and then click the Manage Share Management icon on the upper right hand corner.
In the Key Group Management page, locate your key share holder group, and check the status indicator next to each key share holder:
🟢 Green dot: The co-signer is online and ready to sign transactions
No dot: The co-signer is offline and cannot sign transactions.
After the transaction is signed, Cobo creates and broadcasts it to the network. The token transfer may take some time to complete, depending on network conditions.
To create wallets and transfer tokens programmatically, you can utilize our WaaS API. Follow these steps to integrate wallet functionality using the API:
Start with Sending your first request. This guide covers API key registration, authentication, and SDK usage.
Congratulations on successfully setting up your MPC Wallet and completing token transfers! To further enhance your wallet’s security and functionality, consider implementing these next steps: