Agent Accepts Invite
Agent sets up passkey on work device for secure authentication
�� Invitation Email
Hi Emma,
James Robertson (Org Admin) has created an agent account for you on the Undoubt verification platform.
Your Role: Solicitor - Residential Conveyancing
You'll be able to:
- Send verified emails to clients with secure references
- Verify customer-submitted instructions
- Issue bank details with cryptographic proof
- Approve document signing and client instructions
Click below to complete your secure setup (use your work device):
Complete Agent Setup →This invitation expires in 7 days. Link can only be used once. Must complete on your work device.
🔐 Onboarding Page
Welcome, Emma Thompson!
You're joining the Undoubt platform as an agent
🔑 Why Passkeys?
We use passkeys to secure verified communications with clients. Passkeys are device-bound, hardware-protected, and use your biometrics (Face ID/Touch ID/Windows Hello). This ensures only you can issue verified instructions—no one can impersonate you, even with your password.
Confirm Identity
Verify your email (emma.thompson@shepwedd.com). Optional: Authenticate via firm SSO (Entra ID/Azure AD) for additional security.
Create Passkey
Register your device-bound passkey using biometric authentication. This creates a non-exportable private key stored in your device hardware.
Complete Setup
Review your role, permissions, and department assignment. Accept terms and complete onboarding.
🔑 Passkey Creation
portal.shepwedd.undoubt.com is requesting passkey creation
Create your agent passkey for secure authentication
Touch ID / Face ID / Windows Hello
Agent Account Details
Security Details
Device-Bound Passkey
Your passkey is created and stored in your device's hardware security module (TPM on Windows, Secure Enclave on Apple, Titan chip on Google). Key characteristics:
- Private key never leaves your device—cannot be extracted or exported
- Requires your biometric (face/fingerprint) to use—cannot be stolen
- Bound to portal.shepwedd.undoubt.com domain—phishing impossible
- Device attestation proves genuine hardware, not virtual machine
- Backend stores only public key—even database breach is harmless
- No passwords to remember, phish, or leak
What Happens Next?
Link Outlook Add-in
Now that Emma has a passkey-secured agent account, she needs to connect her Outlook add-in to this identity. This allows the add-in to:
- Call the backend with her authenticated agent identity
- Generate verification references when composing emails
- Verify customer instructions received via email
- Enforce her specific permissions (bank details, approvals, etc.)