Step F1 of 2

Create New Firm Tenant

Platform root admin provisions a new law firm organization

�� Secure Admin Console

⚠️ UNDOUBT PLATFORM ADMIN CONSOLE 👤 admin@lastingasset.com | 🔑 Passkey authenticated

Full legal name of the law firm

Firm's email domain for identity verification

Head of IT / Risk / Operations

Will receive secure invitation link

What Gets Created?

🏢 New Tenant Record

Isolated database tenant for the firm with unique tenant ID. Complete data isolation from other firms.

📋 Default Policies

Baseline security policies: passkey requirements, device attestation, audit logging, retention periods.

🔑 Admin Invitation Token

Secure one-time token sent to first org admin. Time-limited, single-use, cryptographically signed.

📧 Welcome Email

Invitation sent to james.robertson@shepwedd.com with setup link and onboarding instructions.

Platform Root Admin Responsibilities

Minimal, Audited, Secure

  • Create new firm tenants (only when onboarding new clients)
  • Set initial org admin for each firm
  • Manage global platform configuration and policies
  • Monitor system health and security alerts
  • Cannot access firm data or client instructions by default
  • All actions logged with full audit trail

Security Requirements for Root Admin

🔐 Hardware-Backed Authentication Required

Platform root admins must use hardware-backed passkeys on hardened devices. Minimum two people at LastingAsset with root admin access (no single point of failure). All administrative actions require multi-person approval for critical operations.

Authentication Details

  • Passkey stored in hardware security module (TPM/Secure Enclave)
  • Device attestation proves genuine hardware
  • Biometric authentication (Face ID/Touch ID) required
  • Sessions expire after 15 minutes of inactivity
  • IP address and device fingerprint logged
  • Critical actions require re-authentication

What Happens Next?

Invitation Email Sent

James Robertson receives an invitation email at james.robertson@shepwedd.com containing:

  • Secure setup link: https://admin.undoubt.com/firm-setup?token=...
  • Explanation of org admin role and responsibilities
  • Instructions for passkey setup and firm confirmation
  • Recommendation to add second org admin immediately
  • Token expires in 7 days for security
← Back to Admin Workflows Next: Org Admin Setup →