Scoutinternal

Adding Users and Admins to a BitGo Enterprise or Organization

Adding Users and Admins to a BitGo Enterprise or Organization

Problem

Customers frequently request help adding new users or administrators to their BitGo enterprise account. Common issues include: not knowing how to invite a user through the UI, the invited user being unable to accept the invitation, the "Admin Console" option not appearing in the UI for a user who should have access, and errors or blockers when attempting to add users (e.g., email case-sensitivity issues, missing Org Admin permissions). These requests span all enterprise types and are among the most frequent support inquiries.

Diagnostics

  • Confirm the requester's role: Look up the enterprise in the admin tools. Identify whether the requester is an Organization Admin (Org Admin). Only Org Admins can access the Admin Console and manage user permissions. If the requester is not an Org Admin, they cannot invite or manage users themselves.
  • Check the enterprise ID: Verify the correct enterprise ID the customer is referencing. Customers sometimes have multiple enterprises.
  • Check existing invitations: Look up whether the target user has already been invited to the enterprise. An invitation may already be pending acceptance.
  • Verify the target user has a BitGo account: The person being invited must already have a registered BitGo account. If they do not, they need to sign up at https://app.bitgo.com/auth/log-in first.
  • Check KYC / Identity Verification status: All members within an organization are required to fulfill KYC requirements for each enterprise they access. If the invited user has not completed identity verification, they will be blocked from joining.
  • Check for email case-sensitivity issues: Confirm the email address being used for the invitation matches exactly (case-sensitive in some flows). Ticket #15533 references an issue when uppercase was used in the email address.
  • Check if the user is flagged: In some cases a user account may be flagged (e.g., compliance hold), preventing them from being added. Review the user's account status.
  • Check Admin Console visibility: If the customer reports they cannot see the Admin Console option in the UI dropdown, verify whether their account actually holds the Org Admin role on that enterprise. The Admin Console is only visible to Org Admins.

Resolution

Scenario: admin-user-adding-add#self-service-invite

Trigger: The customer (an existing admin or Org Admin) wants to add a new user to the enterprise but does not know how to do it in the UI.

Signals: add user, invite user, new user, how to add, enterprise settings, users tab

Steps:

  1. Instruct the customer to log in to the BitGo platform at https://app.bitgo.com/auth/log-in using a desktop computer.
  2. Choose the Profile Logo at the top right of the screen.
  3. Choose Enterprise Settings.
  4. Choose the Users tab.
  5. Click Invite Members and enter the email address of the person they wish to add.
  6. Once the invited user accepts and successfully configures their account, they can then be invited to individual wallets from the Admin Console under the Members tab.

Notes: The invited user must already have a BitGo account. Only one role update can be made at a time — the update must be approved before other updates can be made to the same role.

"You can choose the Profile Logo at the top right of the screen, choose Enterprise Settings, then choose the Users tab. You can invite the new person using that method. Once they have accepted and successfully configured their account, they can then be invited to wallets." (ticket #321172)

Scenario: admin-user-adding-add#invitation-pending-acceptance

Trigger: The customer reports they invited a user, but the new user cannot find or accept the invitation.

Signals: accept invitation, pending invitation, enterprise invitation, activity icon, cannot accept

Steps:

  1. Confirm in the admin tools that the invitation has already been sent to the target user's email.
  2. Instruct the invited user to log in to the BitGo platform from a desktop computer at https://app.bitgo.com/auth/log-in.
  3. Once logged in, the user should choose the organizational dropdown at the top of the screen next to the Profile Icon.
  4. This should open a menu with the top option showing "1 Enterprise Invitations ->".
  5. Choosing this will present a request for Identity Verification. The user should choose the "Verify ->" button and complete the prompt for information.
  6. After completing verification, the user should revisit the same screen and Approve the joining of the Enterprise.
  7. Alternatively, the invitation can also be found via the Activity Icon in the BitGo platform.

Notes: If the user is attempting to accept from a mobile device, they may encounter issues. Always recommend using a desktop computer. Identity verification (KYC) must be completed before the invitation can be accepted.

"Once there please choose the organizational dropdown at the top of the screen next to the Profile Icon. This should open a mentu with the top option showing '1 Enterprise Invitations ->'. Choosing this should then present a request for information for Identity Verification. Choosing the 'Verify ->' button and completing the prompt for info should then allow you to revisit this screen and Approve the joining of the Enterprise as an Owner." (ticket #235882)

Scenario: admin-user-adding-add#admin-console-not-visible

Trigger: A user who should have admin access cannot see the Admin Console option in the UI dropdown.

Signals: admin console, not visible, dropdown, missing admin console, org admin, cannot see admin

Steps:

  1. Look up the enterprise in admin tools and identify which user account currently holds the Org Admin role. The Admin Console can only be accessed by Organization Admins.
  2. If the reporting user is not currently an Org Admin, inform them that only the existing Org Admin can elevate their access.
  3. If the existing Org Admin is available, instruct them to grant Org Admin rights to the requesting user via the Admin Console.
  4. Alternatively, BitGo Support can initiate a request to add the user as an Org Admin from the backend — however, this action still requires approval from the existing Org Admin.
  5. If the issue is a backend permissions discrepancy (the user should be Org Admin but the console is not appearing), escalate via Jira for engineering to fix the permission mapping. Reference ticket pattern: a Jira was created at https://bitgoinc.atlassian.net/browse/CS-7136 for a similar case.
  6. After the fix is applied, ask the user to log out and log back in to confirm the Admin Console now appears.

Notes: Being a "primary contact" on the enterprise does not automatically grant Org Admin role. The Org Admin role must be explicitly assigned.

"We have reviewed the Enterprise account Black Anthem Limited and can see the current Org Admin with access to the admin console is YUCHEN's user account with the Gmail address [REDACTED]. This account holds the required permissions to elevate access and grant other users Org Admin rights on the Enterprise which allows access to the admin console." (ticket #319719)

"Alternatively, we can request from our end to add [REDACTED] as an Org Admin. However, please note that this action will still require approval from the existing Org Admin." (ticket #319719)

Scenario: admin-user-adding-add#admin-console-enablement-internal

Trigger: An internal BitGo employee (e.g., TAM) or a customer needs the Admin Console enabled for a specific enterprise ID.

Signals: enable admin console, enterprise ID, activate admin console, TAM, internal request

Steps:

  1. Obtain the enterprise ID(s) that need the Admin Console enabled.
  2. Enable the Admin Console for the specified enterprise ID(s) via the backend tooling.
  3. Ask the user to log out and log back in, ensuring they are on the correct enterprise ID.
  4. Confirm the Admin Console option now appears in the UI.

Notes: Some enterprise accounts may have the Admin Console not yet activated. This is a backend operation that support can perform.

"Admin Console has also been enabled for Ent. ID 695d74c519743a99c6a4fc66b4e7474c" (ticket #322512)

Scenario: admin-user-adding-add#user-removal-and-role-changes

Trigger: The customer requests removing a user from the enterprise/wallets and/or changing admin roles (e.g., adding new admins, removing former employees).

Signals: remove user, change admin, role change, remove from wallets, add admin to wallets, offboard

Steps:

  1. Verify the identity of the requester. For sensitive changes (removing users, changing ownership), a live meeting or call with an authorized contact may be required for verification.
  2. Confirm the specific changes requested: which users to remove, which users to add as admin, and to which wallets/enterprises.
  3. Perform the requested changes via backend tooling or guide the customer through the Admin Console if they have Org Admin access.
  4. Confirm the completed changes back to the customer in writing, listing each action taken.

Notes: For security purposes, removal of users and ownership changes may require verification via a video call or coordination with the account's existing authorized contacts.

"met with peter... he wants Patrick removed from wallets, enterprise and for Peter to become primary contact... had Joe join the call to make sure I was me... completed work" (ticket #274439)

Scenario: admin-user-adding-add#error-or-blocker-adding-user

Trigger: The customer reports a generic error or blocker when trying to add a user, but has not provided specific details.

Signals: unable to add, error adding user, system not accepting, cannot add user, blocker

Steps:

  1. Request the following information from the customer:
    • Enterprise and/or Wallet ID where they are attempting to add users
    • Email address of user(s) they are attempting to add, along with the role/permission being assigned
    • Full-screen screenshot of any error message being received
    • Whether anyone else on their team is experiencing the same issue
  2. Once details are received, review the enterprise and user account in admin tools.
  3. Check for known issues: email case-sensitivity, user account flagged, KYC not completed, pending invitation already exists.
  4. If the issue cannot be resolved with the information provided, escalate to engineering with the collected details.

Notes: Many of these tickets are resolved once the customer provides specifics, or the customer self-resolves before responding. Follow up if no response is received.

"Please provide the following information: Enterprise and/or Wallet ID where you are attempting to add users. Email address of User/s you are attempting to add along with role/permission you are adding them with. Error message being received and screenshot. Anyone else on your team experiencing this issue?" (ticket #239998)

Related

  • managing-wallet-users — Covers wallet-level user management and the distinction between enterprise users and wallet members.
  • bitgo-admin-console — Comprehensive guide to the Admin Console, Org Admin access, roles and permissions architecture.
  • identity-verification-kyc — KYC requirements that must be completed before a user can accept an enterprise invitation.