Step A1: Create Agent Account - Firm Admin

🔐 Firm Admin Portal

🏢 SHEPHERD & WEDDERBURN - ADMIN PORTAL 👤 james.robertson@shepwedd.com | 🔑 Passkey

Dashboard

Agents

Clients

Policies

Audit Logs

Full Name

Agent's professional name

Work Email

Must be under firm domain (policy enforced)

Role

Department / Practice Area

Permissions

Send verified emails

Verify client instructions

Issue bank details

Approve document signing

Manage client accounts

View all firm matters

Granular control over agent capabilities

✉️ Invitation Generated

Agent invitation link (expires in 7 days):

https://portal.shepwedd.undoubt.com/onboard-agent?token=AGENT-INV-E7F3-92A8

What Gets Created?

👤 Agent Account

New agent record with unique ID, linked to firm tenant. Email verified, awaiting passkey setup.

🔐 Permission Profile

Granular permissions stored: which instruction types agent can issue, matter access level, approval rights.

🔑 Invitation Token

Secure one-time token: AGENT-INV-E7F3-92A8. Time-limited (7 days), single-use, cryptographically signed.

📧 Onboarding Email

Sent to emma.thompson@shepwedd.com with setup instructions and passkey requirements.

Org Admin Control

Who Can Onboard Agents?

Only Firm Org Admins can create agent accounts. Platform root admins should not routinely create agents—they only create the firm and its first org admin.

Create new agent accounts with specific permissions
Assign agents to practice areas and departments
Enable/disable high-risk permissions (e.g. bank instructions)
Disable or revoke agent accounts immediately
View all agent activity in audit logs
Enforce device attestation and re-authentication policies

Permission Examples

✅ Standard Agent

Can send verified emails, verify client instructions, issue bank details, approve documents. Standard conveyancing solicitor.

⚠️ Restricted Agent

Can only verify client instructions (read-only). Paralegal or support staff who need to check authenticity but not issue instructions.

🔐 High-Permission Agent

All permissions including managing client accounts and viewing all firm matters. Partner or senior fee earner.

🚫 Disabled Agent

Account deactivated. Portal login fails, device tokens invalid, Outlook add-in rejected. Used when agent leaves firm.

What Happens Next?

Agent Receives Invitation

Emma Thompson receives an email at emma.thompson@shepwedd.com with:

Secure onboarding link with one-time token
Explanation of passkey authentication requirements
Instructions for device setup (must use work device)
Overview of her role and permissions
Link expires in 7 days for security