SilentAuth
AdvancedMulti-Party Approval

Multi-Party Approval

For the highest-risk actions, SilentAuth supports requiring N-of-M approvals — a permit is only issued once a minimum number of independent approvers have each signed off. This prevents a single compromised account from authorizing a catastrophic action.

Configuring M-of-N

Set minApprovals in your intent or policy rule:

const intent = await sa.createIntent({
  action: 'drop_production_database',
  params: { database: 'users_prod' },
  approvers: ['cto@acme.io', 'vp-eng@acme.io', 'infra-lead@acme.io'],
  minApprovals: 2,  // Require 2 out of 3 approvers
  expiresIn: 3600,
});

Via Policy

{
  "rules": [
    {
      "match": { "action": "drop_*" },
      "require_approval": true,
      "approvers": ["cto@acme.io", "vp-eng@acme.io", "infra-lead@acme.io"],
      "min_approvals": 2,
      "timeout": 3600
    }
  ]
}

How It Works

01
All approvers are notified simultaneously

Each approver receives their own independent notification with the intent details.

02
Each approver authenticates independently

Approvers cannot see each other's responses. Each signs with their own passkey or MFA.

03
Permit issued when threshold is met

Once the minimum number of approvals is received, SilentAuth issues the permit and notifies remaining approvers that approval is complete.

04
Any denial immediately blocks

If any approver denies the intent, it is immediately rejected regardless of other approvals.

Permit Includes All Approvers

The issued permit JWT lists every approver who signed:

// Decoded permit payload
{
  "act": "drop_production_database",
  "prms": { "database": "users_prod" },
  "apv": ["cto@acme.io", "vp-eng@acme.io"],  // array for multi-party
  "min_approvals": 2,
  "exp": 1705312200,
  "iat": 1705308600
}
← Offline VerificationAudit Logs →