> ## Documentation Index
> Fetch the complete documentation index at: https://docs.dfns.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Embed user wallets

> Implement non-custodial user-managed wallets with Dfns delegated signing, passkey authentication, registration, and end-user onboarding flows.

End-user wallets allow your application's users to own and control their digital assets while you provide the wallet infrastructure. For background on the architecture and trade-offs, see [delegated wallets](/advanced/delegated-wallets).

## What you'll need

* A [service account](/guides/developers/service-account) for backend operations
* [WebAuthn configuration](/guides/developers/webauthn-configuration) for passkey collection

<Tip>
  Start on a testnet network to test the full flow before going to production. Create wallets on any [supported testnet](/networks). The delegation and signing flows work identically.
</Tip>

## Components to configure

### End-user registration

Register end users with Dfns so they can create a passkey. Two methods are available: **delegated registration** (your service account creates users, recommended for full control) or **social registration** (users authenticate with Google directly, simpler but less flexible).

### Wallet creation and delegation

Create wallets and delegate them to your end users, either during registration or as a separate step. After delegation:

* Only the end user can authorize transactions via their passkey
* Your organization cannot move the funds
* Your organization cannot apply policies or controls to the wallet

<Warning>
  **Policies do not apply to delegated wallets.** By design, delegated wallets bypass the policy engine. The end user has full control without organizational approval requirements.
</Warning>

### User login and actions

Authenticate returning users and let them perform transactions. Write operations require the user to sign with their passkey.

### User recovery

End users may need to recover access if they lose their device. Implement recovery flows that allow users to register a new passkey.

***

See the [implementing delegated wallets](/guides/developers/delegated-wallets) guide for step-by-step code examples covering all four components, and the [recovery guide](/guides/developers/end-user-recovery) for recovery implementation.

## Related solutions

<CardGroup cols={2}>
  <Card title="Security best practices" icon="lock" href="/guides/security-best-practices">
    Permissions, policies, and security controls
  </Card>

  <Card title="Automate deposits" icon="money-bill-transfer" href="/solutions/automate-deposits">
    Deposits and transfers
  </Card>
</CardGroup>