Prerequisites
User Roles
Your workspace supports different user roles that determine what actions users can perform:Admin
Full workspace control including user management and policy changes
Trader
Can approve and sign transactions based on configured policies
Viewer
Read-only access to view transactions, balances, and workspace activity
Authentication Methods
Choose the authentication method that best fits your team’s needs:Google zkLogin
Uses Google accounts with zero-knowledge proofs for privacy
MetaMask
Decentralized authentication using Ethereum wallet signatures
Add User Process
- Gmail Users (Google zkLogin)
- MetaMask Users
1
Initiate User Addition
Go to Settings → Users in the Aeon web app, then click “Add User” and select Gmail address for Google zkLogin authentication. Provide the user’s Gmail address that will be used for authentication.
2
Configure User Permissions
Set up the user’s role and specific permissions:
- Account access (which vault accounts they can see/use)
- Transaction limits and approval capabilities
- Role assignment (Admin, Trader, or Viewer)
3
Generate and Share Confirmation
The system generates a unique confirmation code. Securely share this code with the new user through a separate communication channel (email, Slack, etc.).
4
User Completes Setup
The new user must:
- Open the confirmation email from Aeon
- Enter the confirmation code you provided
- Install and configure the Aeon mobile signer
- Scan the QR code with their mobile signer to complete setup
5
Key Material Sharing
After setup completion, existing signers will receive prompts to share key material with the new user to enable transaction signing.
Both authentication methods require the new user to install the Aeon mobile
signer and receive key material shares from existing workspace members to
participate in transaction signing.
Authentication Methods Comparison
Google zkLogin
Best for: Teams already using Google Workspace
Benefits:
- Seamless integration with existing Google accounts
- Hardware-backed authentication on supported devices
- Familiar user experience
Requirements:
- Valid Gmail address
- Google account with 2FA enabled (recommended)
Benefits:
- Seamless integration with existing Google accounts
- Hardware-backed authentication on supported devices
- Familiar user experience
Requirements:
- Valid Gmail address
- Google account with 2FA enabled (recommended)
MetaMask
Best for: Crypto-native teams and censorship resistance
Benefits:
- Decentralized authentication
- No dependency on centralized identity providers
- Full user control over authentication keys
Requirements:
- MetaMask wallet installed
- Ethereum address for identification
Benefits:
- Decentralized authentication
- No dependency on centralized identity providers
- Full user control over authentication keys
Requirements:
- MetaMask wallet installed
- Ethereum address for identification
Key Material Sharing
When new users join your workspace, they need access to key material to participate in transaction signing.Sharing Process
1
Automatic Prompt
After a new user completes onboarding, existing signers receive a prompt to
share key material
2
Select Sharers
Choose which existing users will share their key material with the new user
3
Approve Sharing
Each selected user must approve the key sharing using their Aeon mobile
signer
4
New User Acceptance
The new user receives and accepts the shared key material
Key material sharing is cryptographically secure and doesn’t expose private
keys to other users or Aeon’s infrastructure.