← Back to Customer Workflows

Admin & Onboarding Workflows

Platform administration, firm setup, and user onboarding

Trust Model & Roles

Undoubt operates with a clear three-tier security model to ensure proper separation of duties and minimize trust assumptions:

🔴

Platform Root Admin

LastingAsset/Undoubt side

  • Creates new firm tenants
  • Sets initial org admins
  • Manages global policies
  • Cannot see firm/customer data
  • Hardware-backed passkey required
  • All actions audited
🔵

Firm Org Admin

Inside each law firm

  • Approves firm registration
  • Creates/deactivates agents
  • Configures SSO/directory sync
  • Sets fine-grained policies
  • Manages device policies
  • Passkey authentication
⚙️

Agents (Fee Earners)

Actual Outlook users

  • Use Outlook add-in
  • Issue verified instructions
  • Verify customer instructions
  • Interact with verification portal
  • Passkey-only authentication
  • Bound to firm tenant

🔴 Platform Root Admin Workflows

LastingAsset/Undoubt administrative actions

F1

Create New Firm

Platform root admin creates a new law firm tenant with secure admin console

🔐 Super-admin access
F2

First Org Admin Setup

Invited firm admin onboards with passkey and confirms firm details

✉️ Secure invitation

🔵 Firm Org Admin Workflows

Agent onboarding, customer onboarding, and user management

A1

Create Agent Account

Org admin creates agent with granular permissions and role assignment

👤 Admin portal
A2

Agent Invitation

Agent receives secure invitation and sets up passkey authentication

🔐 Passkey setup
A3

Link Outlook Add-in

Agent authenticates add-in with passkey and receives device token

📧 Add-in auth
A4

Policy Management

Org admin configures constraints, policies, and deactivation controls

⚙️ Admin controls
C1

Onboard Customers

Complete 6-step customer onboarding with passkey setup and device binding

👥 Customer setup