Managing Users
Viewing users
Section titled “Viewing users”- Sign in to the BlokSec admin console
- Navigate to Users in the sidebar
The users list shows all users in your organization with their name, email, number of accounts, and creation date. You can search by name, email, or mobile number.
Click on any user to open their detail page, which shows their profile information, registered devices, accounts, and recent authentication requests.
Inviting a user
Section titled “Inviting a user”- From the users list, click Add User
- Fill in the user’s details:
- First name and Last name (required)
- Email (required) — the user’s work email address
- Mobile number (optional) — for SMS-based authentication fallback
- Personal email (optional) — use this if the user’s work email is already protected by BlokSec and they can’t receive the invitation there
- Toggle Send Welcome Email to send the invitation automatically
- Click Create
What the user receives
Section titled “What the user receives”When you create a user with the welcome email enabled, they receive an email containing:
- A setup link they can tap on their phone to open the BlokSec app directly
- A QR code they can scan if they received the email on a different device (like a desktop computer)
The user follows the link or scans the QR code, downloads the BlokSec app if they haven’t already, and sets up their device security (Face ID, fingerprint, or PIN). See the Getting Started guide for the full user experience.
Devices
Section titled “Devices”Each user can have one or more registered devices. A device is the mobile phone running the BlokSec app that the user authenticates with. The devices section shows:
- Device name and model (e.g., “iPhone 16 Pro”)
- Platform and OS version
- Last active timestamp
- Push notification status — whether the device is receiving push notifications
Active device
Section titled “Active device”One device is marked as the active device for push notifications. When the user receives a sign-in request, the push notification is sent to this device. You can change which device is active by clicking the radio icon on any device that has a push token available.
Removing a device
Section titled “Removing a device”To remove a specific device, click the trash icon on the device row. You’ll be asked to type “remove device” to confirm.
When you remove a device:
- A revoke push notification is sent to the device, telling the app that the device has been removed
- The device is removed from the user’s registered devices in the database
- If the device receives the push notification, the app resets immediately. If it doesn’t, the next time the user opens the app it contacts the API, learns the device was removed, and resets
- The user is returned to the welcome/onboarding flow in the app
What the user sees
Section titled “What the user sees”The experience varies depending on how the device receives the revocation notice:
| Scenario | What the user sees |
|---|---|
| Push notification received (Android) | Notification: “Device Revoked — This device has been removed from your account.” App resets to welcome screen. |
| Push notification received (iOS) | Standard notification with the same message. App resets to welcome screen. |
| Push not received, user opens app later | Brief error message: “This account is no longer accessible.” App resets to welcome screen. |
Unregistering all devices
Section titled “Unregistering all devices”The Unregister All Devices button removes all devices and fully resets the user’s identity. You’ll be asked to type “unregister all devices” to confirm.
This action:
- Sends a revoke push notification to all registered devices
- Removes all devices from the user’s record
- Resets the user’s identity (DID) — this is necessary so the user can re-initialize their cryptographic keys on a new device
- Resets the DID on all of the user’s accounts across your applications
After unregistration, a claim QR code is generated on the user detail page. The user must scan this QR code with the BlokSec app to re-enroll.
Suspending a user
Section titled “Suspending a user”You can suspend a user to temporarily block their access without deleting their account or devices. A suspended user cannot authenticate until reactivated.
To suspend a user, go to their detail page and click Suspend User. You can optionally provide a reason for the suspension.
To reactivate a suspended user, click Reactivate User on their detail page.
Removing a user
Section titled “Removing a user”There are two ways to remove a user:
Remove from your organization
Section titled “Remove from your organization”Click Remove from Client to remove the user from your organization only. If the user belongs to other BlokSec organizations, their account and devices remain active for those organizations.
Terminate the user
Section titled “Terminate the user”Click Terminate User to permanently delete the user’s BlokSec identity. This removes them from all organizations and revokes all their devices. This action cannot be undone.
When to use each action
Section titled “When to use each action”| Situation | Recommended action |
|---|---|
| User got a new phone and has a BlokSec backup | No action needed — user restores from backup on the new device |
| User got a new phone and has no backup | Click Unregister All Devices, then have the user scan the claim QR code |
| User lost their phone | Click Unregister All Devices to revoke access, then re-enroll when ready |
| User has multiple devices and you want to remove one | Click the trash icon on the specific device |
| Temporary access suspension (e.g., leave of absence) | Click Suspend User — reactivate when the user returns |
| User is leaving the organization | Click Remove from Client to remove from your org only |
| User account should be permanently deleted | Click Terminate User |