Onboarding to Dfns


Welcome to Dfns! This guide will help you get set up with our industry-leading authentication and clone our sample app to test delegated signing.

We’ve also created a video walking through this setup for EthParis (July 2023) which you can find here. If you have any questions, don't hesitate to reach out to us in DFNSCare. Thanks!

Register from Email

  1. Dfns staff provisions your new org and creates the first Employee in the organization, called the Org Owner.

  2. Org Owner receives an email with a link to register in our system.

Create your Credentials and Login

  1. Click the link to be directed to the registration page with the username prepopulated. Copy and paste the registration code from the email. Click the register button. Note: Registration codes only last 4 hours so if yours is expired, just click "Send New Code To My Email”.

  1. Create credentials and submit. Login in using the new credentials.

  1. Click your user icon in the top right and then click Settings

  1. Now click “Users” in the left navigation

  1. Add Users to the organization by clicking “New User”. (Note ExternalID is optional)

  1. Employees receive an email and follow the same registration flow.

  2. The Org Owner creates and assigns the necessary permissions to allow users to access the parts of the system required for their job responsibilities. For convenience, we've exposed a control on the user list page to give a user all access to the system here:

That said, we strongly encourage implementing the principle of least privilege by setting up your own permissions in the dashboard under Settings=>Permissions:

You can then assign permissions to Users, Service Account, and Applications by clicking the target card in the list to go to the detail page:

Create a Service Account

Once you register in your Dfns org and invite your Users, the next step is to create a Service Account which you can think of as a machine user.

  1. Create a Public / Private Key pair that you will use for API signing from the terminal command. You can use the commands shown below or see our documentation on key generation:

    • # Generate RSA Private Key
      openssl genrsa -out rsa2048.pem 2048
      # Generate the Public Key
      openssl pkey -in rsa2048.pem -pubout -out rsa2048.public.pem
  2. Navigate to Settings. Service Accounts=>New Service Account.

  3. Name the Service Account, copy in the public key (including begin/end lines like “-----BEGIN PUBLIC KEY-----”) and click “Create”.

  1. This will output a masked JWT one time. Copy it to a secure location before leaving the page.

At this point, you can make server side API calls by signing requests with your secret key. Please see our Typescript SDK and specifically the Service Account sample app.

Delegated Signing Configuration

For a full overview of Delegated Signing, please see the Delegated Signing page under Advanced Topics.

If you want to implement Delegated Signing in which your customer generates credentials to our API via WebAuthn, continue with these steps:

  1. Create an Application running at localhost:3000.

  2. Go to Org Settings => Applications

  3. Click New Application

  4. Give it a name and specify the following values:

  1. Click Create, then copy the App ID like “ap-2vemp-hl3c9-9j1rgcf9quurph” to paste into your .env file as described below

  2. Clone one of the two demo apps in the SDK & follow the steps in the Readme

  3. Populate your .env file based on the .env.example (see this video for the July 2023 EthParis event for a step by step walkthrough)

All the docs!

Our documentation should have everything you need to get up and running on Dfns! Here's an overview of some of the key sections:

Last updated