Step A4 of 4

Policies & Constraints

Org admin controls agent permissions, access, and deactivation

🛡️ Policy Categories

📋 Matter Restrictions

Control which matters or clients agents can access:

  • Restrict to specific practice areas (e.g., only conveyancing)
  • Limit to assigned matters only
  • Block access to high-value or sensitive matters
  • Department-based segregation

�� Re-authentication Policies

Force passkey re-auth for high-risk operations:

  • Issuing bank details instructions
  • Approving large financial transfers
  • Accessing highly sensitive client data
  • Time-based re-auth (e.g., every 4 hours)

📱 Device Policies

Enforce device security requirements:

  • Require device attestation (genuine hardware)
  • Block virtual machines or emulators
  • Mandate biometric authentication
  • Limit to corporate-managed devices only

⏱️ Session & Token Policies

Control token lifetime and session duration:

  • Device token expiration (e.g., 30 days)
  • Idle session timeout (e.g., 15 minutes)
  • Maximum concurrent sessions per agent
  • Automatic revocation on suspicious activity

📊 Audit & Logging

Configure monitoring and reporting:

  • Log all verification reference generations
  • Track all customer instruction verifications
  • Alert on anomalous behavior patterns
  • Export audit logs for compliance review

🚫 Permission Constraints

Granular control over agent capabilities:

  • Enable/disable specific instruction types
  • Approval workflows for sensitive operations
  • Read-only vs. full operational access
  • Temporary permission elevation

⚙️ Admin Controls Interface

🏢 Agent Policy Dashboard - Emma Thompson

Account Status

Agent account is active. Toggle to immediately disable all access.

Bank Details Permission

Agent can issue bank account instructions. Disable to restrict high-risk operations.

Require Re-auth for Bank Instructions

Force passkey re-authentication every time agent issues bank details (recommended).

Matter Access Restriction

Currently: All firm matters. Enable to restrict to specific matters or departments.

Device Attestation Required

Agent must use genuine hardware (no VMs). Enhances security for sensitive operations.

🚫 Agent Deactivation

What Happens When Agent Is Disabled?

When James (org admin) disables Emma's agent account, the following actions occur immediately:

🔒 Portal Login Blocked

Emma can no longer sign into portal.shepwedd.undoubt.com. Passkey auth fails with "account disabled" message.

🎫 Device Tokens Invalidated

All device tokens (Outlook add-in) become invalid instantly. Backend rejects all API calls.

📧 Outlook Add-in Rejected

Add-in shows "Account disabled" error. Cannot generate verification references or verify instructions.

📊 Audit Trail Logged

Deactivation logged with timestamp, reason, and admin identity. All subsequent access attempts logged.

Use Case Scenarios

Scenario 1: Agent Leaves Firm

Emma Thompson resigns from Shepherd & Wedderburn. Last day is Friday.

Action: Org admin disables Emma's account Friday at 5 PM.
Result: Portal login blocked, device tokens invalidated, Outlook add-in stops working. Emma cannot generate new verification references or access client data. All existing references she created remain valid (authenticity proved), but she cannot create new ones.

Scenario 2: High-Risk Instruction Type

Firm policy: Bank details instructions require re-authentication every time.

Action: Org admin enables "Require Re-auth for Bank Instructions" policy.
Result: When Emma composes email with bank details, Outlook add-in prompts for passkey authentication before generating REF-XXXX-XXXX code. Device token alone is insufficient. Reduces risk of compromised sessions issuing fraudulent bank details.

Scenario 3: Matter Segregation

Paralegal should only access matters they're assigned to, not all firm matters.

Action: Org admin enables "Matter Access Restriction" and assigns specific matters.
Result: Agent can only generate verification references for their assigned matters. Attempts to verify customer instructions for other matters are rejected. Prevents unauthorized access to sensitive client data.

Scenario 4: Suspicious Activity Detected

System detects Emma's device token used from unexpected IP address (different country).

Action: Backend automatically invalidates device token and alerts org admin.
Result: Add-in stops working. Emma must re-authenticate with passkey to get new device token. Org admin reviews audit logs and investigates. If compromised, org admin can disable account entirely.

Complete Control Summary

Org Admin Capabilities

Firm org admins have complete control over agent lifecycle and permissions:

  • Create agents with granular permission profiles
  • Restrict agents to specific matters, departments, or client ranges
  • Force re-authentication with passkey for high-risk operations
  • Immediately disable agents when they leave the firm
  • Invalidate device tokens instantly (portal login + Outlook add-in)
  • Monitor all agent activity through comprehensive audit logs
  • Configure device policies (attestation, biometrics, corporate-only)
  • Set session timeouts and token expiration policies
  • Receive alerts for anomalous behavior patterns
  • Export audit data for compliance and regulatory review

Security Benefits

Defense in Depth

The agent onboarding and policy framework provides multiple security layers:

  • Hardware-backed passkeys: Private keys never leave device, biometric-protected
  • Device token expiration: Short-lived tokens limit compromise window
  • Re-authentication policies: Critical operations require fresh passkey auth
  • Immediate revocation: Disable agent instantly, no delayed effect
  • Granular permissions: Limit blast radius of compromised agent
  • Audit trail: Complete visibility into all agent actions
  • Device attestation: Ensure genuine hardware, not compromised VMs
  • Matter segregation: Prevent unauthorized data access
← Previous Step Back to Admin Workflows →