Step F2 of 2

First Org Admin Setup

Invited firm administrator completes secure onboarding

📧 Invitation Email

🔐 Setup Process

1

Click Invitation Link

James clicks the secure link from the email. Token is verified by backend to ensure validity and prevent replay attacks.

2

Verify Identity

System confirms James's email matches shepwedd.com domain. Optional: Integration with Entra ID/Azure AD for SSO-based identity verification.

3

Create Passkey

James registers a hardware-backed passkey using biometric authentication (Face ID/Touch ID/Windows Hello) on his device.

4

Confirm Firm Details

Review and confirm firm information: name, domain, initial settings. Accept terms and conditions for org admin role.

5

Setup Complete

James becomes Org Admin #1. System recommends adding a second org admin immediately for redundancy and business continuity.

🔑 Passkey Registration

undoubt.com is requesting passkey creation

Create your organization admin passkey

👤

Touch ID / Face ID / Windows Hello

Firm: Shepherd & Wedderburn LLP
Role: Organization Administrator
Email: james.robertson@shepwedd.com

Firm Details Confirmation

Firm Name: Shepherd & Wedderburn LLP
Primary Domain: shepwedd.com
Tenant ID: FIRM-SW-A8F2-4D91
Created: 9 December 2025
Default Policies: Passkey required, Device attestation enabled, Audit logging active

✅ Onboarding Complete

🎉 Welcome, James Robertson!

You're now the first Organization Administrator for Shepherd & Wedderburn LLP. You can now:

Next Steps

  • Add a second org admin - Critical for business continuity and redundancy
  • Configure SSO/Directory Sync - Optional: Integrate with Azure AD/Entra ID
  • Set firm-wide policies - Device attestation, permissions, audit settings
  • Create agent accounts - Onboard fee earners who will use the Outlook add-in
  • Review security settings - Customize policies for your firm's risk profile

Best Practices

Recommendations for Org Admins

  • Always maintain at least two active org admins (never single point of failure)
  • Use hardware-backed passkeys on trusted, managed devices
  • Enable device attestation for all agents and admins
  • Regularly review audit logs for suspicious activity
  • Configure SSO integration for streamlined identity management
  • Set up alerts for high-risk actions (e.g. bank details instructions)
  • Document firm-specific policies and procedures
← Previous Step Back to Admin Workflows →