Admin guide - Configuring platform settings and modules

Overview

You've deployed the platform and completed onboarding. Now you're responsible for enabling asset types, assigning operational roles, deploying yield automation, and maintaining system health. This guide walks through Day 1 configuration and ongoing administrative tasks that keep your tokenization platform running.

Primary role: Platform administrators, DevOps engineers

Secondary readers: System operators, IT managers responsible for platform configuration and maintenance

Before you start

Make sure you have:

• Platform admin role with multisig wallet access
• Completed system deployment during onboarding
• Organizational role matrix documenting segregation of duties
• Gas budget allocated for factory deployments

Time required: Initial configuration 45-90 minutes; ongoing monitoring is continuous with weekly reviews

Day 1 scenario: setting up production access

Your platform is deployed to mainnet. The deployment wallet holds platform admin rights, but you need to establish operational role segregation before your treasury team can issue bonds and your compliance team can manage investor identities.

First priority: distribute platform-level permissions to operational wallets using multisig governance. This prevents single points of failure and establishes audit trails. You'll assign three platform roles—Platform Admin, Identity Manager, and Claim Issuer—then enable the Bond asset type factory. Because bonds require automated coupon payments, you'll deploy the Yield addon factory. Finally, you'll configure observability dashboards to track factory usage and role activity.

Access admin settings

Navigate to administrative controls by logging in with your platform administrator account. Click Platform Settings in the left sidebar. The administrative dashboard appears with five configuration sections: access control for role assignments, asset types showing enabled factories, addon modules for yield automation, claim topics defining identity requirements, and theme customization for branding.

Only wallets holding platform administrator roles can see these settings. If the settings page doesn't appear, verify your wallet address against the initial deployment configuration.

Establish role segregation

Role-based access control (RBAC) separates operational responsibilities across teams. Platform-level roles govern system-wide permissions, while token-level roles apply to individual assets after deployment.

Platform-level roles

Three roles control platform operations. Platform Admin holds full system administrator privileges including factory deployment and role assignment. Identity Manager controls the identity registry, managing investor onboarding and KYC claim verification. Claim Issuer signs identity claims that authorize investors for specific asset types or jurisdictions.

Identity managers can issue or remove claims directly from the participant verification detail view using the Add verification action, now localized across all supported languages.

Navigate to Platform Settings > Platform admins to view current role assignments. The users table shows wallet addresses, assigned roles, and assignment timestamps. Role changes emit on-chain events visible in the Access Control dashboard. Table filters and search terms persist in the URL, letting compliance share direct links to pre-filtered user views without rebuilding the table state.

Token-level roles

After deploying an asset (bond, equity, fund), you assign four operational roles per token. GOVERNANCE_ROLE configures compliance rules and transfer restrictions. SUPPLY_MANAGEMENT_ROLE mints new tokens during subscriptions and burns during redemptions. CUSTODIAN_ROLE freezes investor accounts during legal holds and recovers tokens when required. EMERGENCY_ROLE pauses all transfers during security incidents.

These roles appear during token deployment. You'll assign them in the asset creation workflow documented in asset-specific issuance guides.

Assigning platform roles with multisig governance

Distribute platform roles to operational teams while maintaining security controls. Platform Admin should go to 2-3 senior administrators using a 2-of-3 multisig wallet (never a single-signature wallet). Identity Manager goes to your compliance team, typically 1-2 members who handle investor onboarding. Claim Issuer goes to your KYC provider integration or internal compliance system.

Use your organization's access management system (Safe, Defender, or custom governance contract) to grant these roles. Each role assignment creates an on-chain event that feeds the observability stack. Check the Role Assignments panel in the admin dashboard after granting permissions to verify events appear within 30 seconds.

Why multisig matters: Single-signature admin wallets create catastrophic failure points. If the private key is compromised or lost, you lose platform control. A 2-of-3 multisig requires two approvals for factory deployments or emergency actions, creating accountability and preventing unilateral mistakes.

Review role assignments quarterly. Revoke access when team members change positions or leave the organization. Maintain a role assignment matrix documenting who holds which permissions and why.

Enable asset type factories

Asset type factories deploy new tokens on demand. During onboarding, you selected which asset types to enable (bonds, equities, funds, stablecoins, deposits). If you need to enable additional asset types post-deployment, use the factory enablement workflow.

Navigate to Platform Settings > Asset Types. The registry shows five asset types with their factory contract addresses, deployment counts, and status. Enabled factories show the proxy address and current token count. Disabled types show an Enable Asset Type button.

Enabling a new asset type

Suppose your platform initially launched with equity and fund support, but treasury operations now require bond issuance. You need to deploy the Bond factory.

Click Enable Asset Type next to Bonds. The deployment modal shows factory parameters: implementation contract address (pre-deployed during platform setup), proxy configuration, and gas cost estimate. During low network congestion (weekends or late UTC evenings), gas costs drop 40-60% compared to peak hours.

Enter your PIN or OTP when prompted. Click Deploy Factory. The platform executes three transactions: deploying the factory implementation contract, deploying the factory proxy, and registering the factory in the factory registry. The entire sequence takes 60-90 seconds on typical EVM networks.

After deployment completes, the Bond asset type appears as enabled with a token count of zero. Navigate to Asset Issuance in the main menu; Bonds now appears as a creation option. Check the Factory Deployments dashboard panel to verify the deployment event appears with transaction hashes and gas consumption metrics.

Gas planning: Factory deployment consumes 2-4 million gas depending on asset type complexity. Bonds and funds (with yield calculations) use more gas than stablecoins or deposits. Budget $50-200 per factory at typical gas prices, but always check current network conditions before deploying.

Deploy addon modules

Addons extend platform capabilities with optional features. Currently, one addon type is available: Yield, which automates scheduled interest and dividend calculations for bonds and funds.

Navigate to Platform Settings > Addons. The registry shows available addons, their deployment status, and usage statistics. The Yield addon displays how many tokens currently use yield automation and total distributions processed.

Understanding when yield is required

If you enabled Bond tokens during onboarding, the platform automatically deployed the Yield addon factory. Bonds require scheduled coupon payments; without the Yield addon, you cannot configure payment schedules during bond creation.

Equity and fund tokens can optionally use Yield for dividend automation. Stablecoins and deposits don't require yield functionality (deposits use fixed maturity redemptions, stablecoins maintain 1:1 peg without yield).

Deploying the yield addon factory

Suppose you initially deployed only stablecoins, but now need to issue bonds. Navigate to Platform Settings > Addons, find the Yield addon, and click Deploy Factory. Review addon parameters showing the yield calculation contract, registry integration, and required permissions.

Click Confirm Deployment and enter your PIN or OTP. The platform deploys the addon factory contract and registers it in the addon registry, taking approximately 45 seconds. The Yield addon now appears during bond and fund creation, enabling you to configure payment schedules and automated distributions.

Check the Addon Deployments panel in the observability dashboard. The deployment event should appear with the factory address and initialization parameters. Later, when you create bonds with yield schedules, usage metrics will populate showing active yield configurations and upcoming payment dates.

Selective deployment saves gas: Deploy only the addons your asset types require. If you're running a stablecoin-only platform, skip Yield deployment entirely. You can always enable it later when business needs change.

Configure identity claim framework

The compliance layer uses on-chain identity claims to enforce transfer restrictions. Claims are cryptographic attestations (KYC verified, accredited investor, jurisdiction approval) signed by trusted issuers and bound to investor wallets via the OnchainID registry.

Navigate to Platform Settings > Claim Topics & Issuers to view the claim framework configuration. Four default claim topics are registered:

When you configure compliance rules during asset deployment, you'll require specific claim topics. For example, a Reg D equity offering might require claims 1, 2, and 3 (KYC + accredited + US jurisdiction). The identity registry checks these claims before allowing transfers.

Trusted claim issuers

The platform pre-registers one claim issuer: your internal platform claim issuer wallet. This issuer can sign all four claim topics during investor onboarding. External KYC provider integrations register additional issuers when you configure third-party identity verification.

To manually add an issuer:

1. Open Platform Settings → Claim Topics & Issuers and click Add Trusted Issuer.
2. Select an existing user wallet or enter an Ethereum address manually. Available claim topics remain disabled until a wallet is chosen, preventing accidental assignments.
3. Choose at least one claim topic that the issuer is allowed to sign. The dialog now presents a confirmation step summarizing the issuer address and selected topics before submission.
4. Confirm the details and complete the wallet verification challenge (PIN or OTP). The issuer is added only after the verification succeeds; the sheet stays open if the transaction fails so you can adjust and retry.

Adding custom claim topics or additional trusted issuers requires smart contract development. Work with your technical team to deploy claim issuer contracts and register them via the identity registry governance functions. Changes to the claim framework emit events tracked in the Compliance Activity dashboard.

Check the Identity Registry panel to monitor claim issuance rates and revocations. High revocation rates indicate compliance issues requiring investigation.

Set up observability monitoring

After configuring roles, factories, and addons, establish continuous monitoring to track system health and operational metrics. The platform integrates with the observability stack (Hasura GraphQL queries, subgraph indexing, and database analytics) to surface key performance indicators.

Dashboard tour

Navigate to the main dashboard after logging in as platform administrator. The admin view shows five panels:

Factory Activity tracks token deployments per asset type, showing daily creation rates and total active tokens. Sudden spikes indicate batch issuance campaigns or automated processes. Drops to zero suggest operational issues blocking deployments.

Role Assignments displays recent permission changes with timestamps and acting administrators. Monitor this panel for unauthorized role grants or unexpected revocations. All changes should correspond to documented team updates.

Addon Usage shows Yield automation metrics: active schedules, upcoming payment dates, and total distributions processed. Before bond coupon dates, verify the upcoming payments list includes expected issuances. Missing entries indicate configuration errors requiring immediate correction.

Compliance Metrics aggregates identity claim statistics: total investors onboarded, pending KYC verifications, and claim revocations. Compare claim issuance rates against subscription volumes to detect bottlenecks in investor onboarding.

Transaction Volume tracks platform-wide transfer activity, showing daily transaction counts per asset type. Correlate volume spikes with known corporate actions (dividend distributions, redemptions) to validate expected behavior.

Configuring alerts

Set up threshold alerts for critical metrics. Configure notifications when factory deployments fail (indicates gas issues or contract bugs), when role assignment events occur outside maintenance windows (potential security incidents), or when transaction volumes drop to zero for more than 6 hours (operational outage).

Alerts integrate with your organization's incident management system (PagerDuty, Slack, email). Configure alert routing during business hours to on-call operations teams, and escalate to senior administrators for after-hours critical events.

Check the System Health page weekly to review 7-day trends. Compare current metrics against historical baselines to detect gradual degradation before it impacts operations.

Customize platform appearance

Configure platform branding to match your organization's visual identity. Navigate to Platform Settings > Theme to customize logos, colors, typography, and platform images.

Logos

Configure branding assets for different contexts:

• Light mode logo - Full logo with transparent background for light mode
• Dark mode logo - Full logo with transparent background for dark mode
• Light mode icon - Square icon logo for favicons and compact surfaces in light mode
• Dark mode icon - Square icon logo for favicons and compact surfaces in dark mode
• Logo alt text - Accessible alt text for screen readers

Platform images

Configure images for authentication pages and backgrounds:

• Authentication page image (light mode) - Optional image displayed on auth pages in light mode
• Authentication page image (dark mode) - Optional image displayed on auth pages in dark mode
• Background image (light mode) - Background image for authentication pages in light mode
• Background image (dark mode) - Background image for authentication pages in dark mode
• Favicon - Browser tab icon for the application

Typography

Select font families and configurations:

• Sans-serif typeface - Primary font for UI content
• Monospace typeface - Font for code blocks and addresses
• Font source (Default, Google Fonts, or Custom CSS URL)
• Font weights and preloading options

Color palette

Customize theme colors for light and dark modes:

• Brand colors (text, accent, background gradients)
• State colors (success, warning, error)
• Graphics colors (charts and visualizations)
• Border and shadow colors

How to upload images:

1. Navigate to the appropriate section (Logos or Platform Images)
2. Click Upload file for the image you want to change
3. Select an image file (SVG, PNG, or WebP recommended)
4. Preview the image in the interface
5. Click Save to apply changes across the platform

Best practices:

• Use SVG format for logos for best scaling
• Keep file sizes under 5MB
• Ensure sufficient contrast for accessibility
• Test logos on both light and dark backgrounds
• Use consistent branding across all image assets

Changes apply immediately across the platform after saving. Test the appearance across devices (desktop, tablet, mobile) to verify logo scaling and color contrast meet accessibility standards.

Ongoing operational workflows

Weekly health checks

Schedule recurring administrative reviews every Monday morning. Review the Factory Activity panel for unexpected deployment patterns. Check the Role Assignments panel against your documented role matrix to catch drift. Verify the Addon Usage panel shows expected upcoming yield payments matching your asset calendar. Review the Compliance Metrics panel for anomalous claim revocation rates or KYC processing delays.

Document findings in your operational runbook. Escalate anomalies to technical teams for investigation.

Quarterly role audits

Every quarter, export the current role assignment list from the Permissions page. Compare against your organization's access control matrix. Revoke access for departed team members, update multisig signers when governance membership changes, and document justification for all platform admin assignments.

Maintain an audit trail linking role grants to HR records or security clearance documentation. Regulators reviewing your compliance program will request evidence of least-privilege access control.

Factory upgrade coordination

When new platform versions deploy upgraded factory implementations, coordinate with your technical team to execute proxy upgrades during maintenance windows. Test upgrades in staging environments first, verifying that existing tokens remain functional and new deployments use updated contract logic.

Schedule upgrades during low-traffic periods (weekends or regional holidays). Notify asset issuers 48 hours in advance via platform announcements and email. After upgrades complete, verify the Factory Activity dashboard shows successful post-upgrade deployments before declaring the maintenance window closed.

Troubleshooting

Admin settings page not visible

Your wallet address lacks the platform administrator role. Verify your wallet connection shows the correct address (check the wallet icon in the header). If you're certain the address is correct, contact the deployment team to confirm role assignment. Check the on-chain role registry via block explorer: search for the PlatformRoles contract and query the admin role member list.

Factory deployment fails with "insufficient funds"

The platform wallet lacks native token balance to pay gas fees. Check the platform wallet address (visible in Platform Settings > Overview) on a block explorer. Transfer sufficient balance to cover deployment costs plus 20% buffer. Retry factory deployment after confirming balance increase.

Addon factory deployment reverts with "already deployed"

The addon factory was deployed during initial onboarding but appears disabled in the UI. This indicates a UI state synchronization issue. Refresh the browser page and check the Addons panel again. If the addon still shows undeployed, check the addon registry contract directly via block explorer to confirm on-chain state. Contact technical support if on-chain state contradicts UI display.

Observability dashboards show stale data

The subgraph indexing layer is behind chain head or experiencing sync issues. Navigate to Platform Settings > System Status to check indexer health. If the indexer shows block lag exceeding 100 blocks, restart the indexer service. For managed deployments, contact infrastructure support. Check Hasura console logs for GraphQL query errors indicating database connection issues.

For additional help, see Troubleshooting or contact platform support with transaction hashes and wallet addresses for investigation.

Next steps

After completing platform configuration, move to asset-specific workflows:

• Bond issuance - Configure yield schedules and coupon automation in Issue bonds
• Investor onboarding - Set up identity verification and claim issuance in Manage investors
• Corporate actions - Learn dividend distribution and redemption workflows in Corporate actions