Skip to content
Prudai Platform

Sign-in & product selection

The web app uses SSO via Keycloak (https://login.prudai.com). Depending on your account, you may have access to multiple products: LEO, VERA, or ZIA.

Sign-in

Section titled “Sign-in”
  1. Open your organization’s web app URL (for example https://app.prudai.com for LEO).
  2. If needed, you will be redirected to the Keycloak sign-in page.
  3. Choose your sign-in method:
    • Microsoft / Entra ID (if your realm has it enabled);
    • other federated identity providers (depending on your organization);
    • or email + password.
  4. Complete the SSO flow.

After sign-in you should see your user menu (top right) with account actions, including a language switcher (with the active language flag), sign out, and onboarding.

Tip: your language preference is synced across products, so LEO, VERA, and ZIA use the same UI language.

New trial accounts after Stripe checkout

Section titled “New trial accounts after Stripe checkout”

For new trial accounts, first-time activation now includes an extra step after Stripe:

  1. After successful checkout you land on the success page (LEO site: /plans/success).
  2. After Stripe confirms the first invoice.paid, you receive an e-mail to set your password and verify your e-mail address.
  3. Complete that flow from the link in the e-mail.
  4. Then sign in via SSO to use the app.

Tip: if no e-mail arrives, check spam first and then contact your administrator.

Blocked email domains (self-service policy)

Section titled “Blocked email domains (self-service policy)”

Self-service onboarding does not accept all email domains (for example personal inboxes like gmail.com).

Current behavior:

  • SSO sign-in with a blocked domain is denied with a clear error.
  • Stripe checkout with a blocked domain does not complete activation.
  • The backend automatically cancels the Stripe subscription and starts a refund when a payment already happened.
  • The user receives an informational e-mail that activation was denied and that the subscription is being reversed.

Session check when returning to a tab

Section titled “Session check when returning to a tab”

When you return to an already-open tab after some idle time, the app immediately validates whether your SSO session is still valid.

  • If the session has expired, you are treated as signed out right away and redirected to sign-in.
  • This surfaces the sign-in requirement earlier, instead of only on the next action (such as sending a chat message).

Account verification errors (/auth/profile)

Section titled “Account verification errors (/auth/profile)”

After SSO, the app verifies your account via GET /auth/profile.

  • If the profile service is temporarily unavailable (for example 503), the app now shows a stable retry screen instead of redirecting/flashing between pages.
  • If your account has no active product entitlements, sign-in stays blocked and you are instructed to re-order your subscription at https://leo.prudai.com. In this case the app no longer triggers a full reload; you stay on a stable “no access” screen.
  • If your selected product cookie no longer matches your allowed products, the cookie is cleared and you are prompted to choose one of your available products.

Product selection (LEO / VERA / ZIA)

Section titled “Product selection (LEO / VERA / ZIA)”

Some accounts are entitled to multiple products. In that case the app asks you to choose:

  • LEO: legal assistant with research jobs and legal sources.
  • VERA: product variant with a different set of tools and screens.
  • ZIA: product variant with a different set of tools and screens.

Important:

  • Owners only see products that are activated for their organization.
  • Your selection is stored as a cookie for your session.
  • Some pages are product-specific. If you see a “product mismatch” message, switch via Settings.
  • Product access is matched exactly against active entitlements. Example: leo-lite does not grant access to leo.
  • Projects and chat lists are filtered by product scope.
  • leo and leo-lite share the same project/chat data scope (leo).

LEO partner firms

Section titled “LEO partner firms”

Accounts for LEO partner firms get an additional entry after sign-in: the second-opinion partner inbox, where you receive second-opinion requests from clients of another firm.

Roles (what you can do)

Section titled “Roles (what you can do)”

Your role comes from your profile:

  • USER: standard usage (chat, projects, documents, tasks).
  • OWNER: additional organization-level capabilities (e.g. creating organization KBs).
  • ADMIN: full administrative capabilities.

Examples of role-gated areas:

  • Prompt library management: “public” prompts are managed by admins; “org” prompts by owners.
  • Knowledge: owners/admins may be able to create an organization knowledge base.

Word add-in (LEO only): sign-in is different

Section titled “Word add-in (LEO only): sign-in is different”

Inside a Word task pane the app runs in an iframe. Many SSO providers block login inside iframes. Therefore the Word add-in uses an Office dialog for login and then syncs the session back into the task pane.

More: Word add-in.