Customer Onboarding

Step C6

Setup Complete

Customer device is registered and ready for secure verification

Your Device Is Now Securely Registered

You can now verify emails from Shepherd & Wedderburn and issue your own verified instructions with full protection against impersonation.

✉️

Verify an Email

Check if an email you received is genuinely from your solicitor and hasn't been tampered with
📝

Submit an Instruction

Send verified instructions to your solicitor with cryptographic proof of authenticity
📱

Add Another Device

Register your tablet, laptop, or other devices for secure verification

📚

Security Tips

Learn best practices for protecting your matter and recognizing fraud attempts

🎯 What Happens Next?

  • Receive Verified Emails: When Emma Thompson (your solicitor) sends you important instructions, you'll be able to verify they're genuine using your device
  • Submit Secure Instructions: When you need to provide bank details, approve documents, or issue instructions, you'll use your passkey to prove it's really you
  • Matter Protection: Only your registered device can authorize instructions for matter RC-2024-1847—no one can impersonate you
  • Instant Verification: Both you and your solicitor can verify each other's identity instantly, without relying on vulnerable email alone
🔐

Device Binding

Your passkey is bound to this device's hardware. Cannot be copied, exported, or stolen.

🎯

Matter Protection

Only you can authorize instructions for RC-2024-1847. Prevents payment redirection fraud.

Instant Verification

One tap with Face ID or Touch ID to verify emails or submit instructions securely.

🛡️

Phishing Resistant

Your passkey only works on legitimate shepwedd.com domains. Fake sites cannot use it.

🔒

Hardware Security

Private key stored in Secure Enclave/TPM. Unreachable by malware or attackers.

📋

Audit Trail

Every verification and instruction is logged with cryptographic proof and timestamps.

🔄 Ongoing Customer Operations

✉️ Verifying Firm Emails

  • Customer receives email with verification reference (REF-xxxx)
  • Goes to verification portal
  • Signs in with passkey
  • Enters reference code
  • Sees cryptographically verified result

📝 Sending Instructions

  • Customer signs into portal with passkey
  • Submits structured instructions (e.g., bank details)
  • Approves with passkey (digital signature)
  • System creates CREF-xxxx reference
  • Agent verifies instruction before acting

📱 Adding Second Device

  • Authenticate with first device (existing passkey)
  • Register second device's passkey
  • Both devices tied to same identity
  • Use either device for verification
  • Independent revocation possible

🔧 Access Management & Control

Firm org admins and agents with permission can manage customer access for security purposes:

Revoke Onboarding Token
Invalidate unused invitation links before customer completes setup
Disable Customer Passkey(s)
Immediately revoke device access if fraud suspected or device compromised
Issue New Onboarding Link
Send fresh invitation if customer needs to re-register or add devices
Force Re-Onboarding
Require customer to complete identity verification and device registration again
Remove Matter Access
Remove specific matters from customer's portal view when matter closes or changes
Audit Customer Activity
Review all verification requests, instruction submissions, and device changes

Note: Customers cannot self-remove access as this affects firm-side security, but they can request removal through their solicitor. All access changes are logged with timestamps and admin attribution.

← Previous: Backend Binding Back to Admin Workflows