Overview
What Source systems does
...
The Source System Integration functionality allows CAM to integrate with any cloud-based system or system with a web service/REST API as an input to the provisioning process.
CAM supports integration with iManage, Azure AD and APIGEE-based systems.
| Note |
|---|
A limit on the number of jobs a tenant can submit in Source System Integration now applies. The limit is 50,000 jobs. An error will warn the user on the limit, and any new Source system jobs will not be submitted for processing until the batch completes. This eliminates newer jobs continuously filling the queue or causing timeouts on the current original job. |
| Table of Contents |
|---|
Overview
...
Configuring A New Source System
Click on the Administration tab.
Click on the Source Systems Configuration panel.
Click on the actions menu on the upper-right corner and select New Source System.
Input the basic details in the System Basic Configuration screen that will show (see screenshot below).
...
Field
...
Description
...
System Method
...
The type of methods use to connect the source. SOAP+XML and REST+JSON are available.
...
System Name
...
The source system’s name.
...
Description
...
A description of the source system.
...
Base URL
...
The base url of this source system to access it.
...
Authentication type
...
The options of authentication to the source. OAuth, Username/Password, Fetch OAuth and using Oauth through Username authentication are supported.
Note: Depending on the Authentication type (Fetch OAuth, OAuth), different configuration options will be displayed on bottom-left of the page.
Click on Save System.
Authentication Configuration
...
| title | Authentication type OAuth |
|---|
Authentication type OAuth
With Oauth, a set of tokens is obtained initially and then used with subsequent calls. These tokens are renewed periodically. No passwords are stored. Tokens are stored as encrypted.
...
Enter the following information.
...
and click Next
...
Field
...
Description
...
Client ID
...
This is required field. Client ID of the source system.
...
Grant Type
...
This is required field. The way an application gets an access token E.g. Authorization Code, Client Credentials or Password.
...
Auth URL
...
This is required field. Authorization URL of the source system.
...
Include Client Secret in Auth Token Request?
...
Yes or No. If yes, will enable Client Secret field to enter the details.
...
Include Scope in Auth Token Request?
...
Yes or No option. If yes, will enable Scope field to enter the restrictions to access source system.
...
Base 64 encoding?
...
Yes or No. If yes, all information will be encoded.
2. App Authorization, Enter the following information and click Validate, this allows the information to be validated before saving. If there are problems with the information, the errors will display.
...
Field
...
Description
...
Auth URL
...
This is required field. Authorization URL of the source system.
...
Include Client Secret in App Authorization?
...
Yes or No. If yes, will enable Client Secret field to enter the details.
...
Include Scope in App Authorization?
...
Yes or No. If yes, scope will be included in the configuration.
...
Base 64 encoding?
...
Yes or No. If yes, all information will be encoded.
Refresh Token Configuration and Click Save.
...
Field
...
Description
...
Grant Type
...
Source System Panel in CAM
Here’s what Source Systems looks like:
The table displays the following:
System
System Method
Authentication Type
Description
Base URL
Created By
Last Updated At
Actions
Filtering is possible in this panel.
The following filters can be used:
System Name (Text Search)
System Method (Dropdown)
Authentication type (Dropdown)
Description (Text Search)
Base URL (String Search)
Last Updated By (Dropdown)
Last Updated At (Sorts either ascending or descending)
Source System Limit
| Note |
|---|
A limit on the number of jobs a tenant can submit in Source System Integration now applies. The limit is 50,000 jobs. An error will warn the user on the limit, and any new Source system jobs will not be submitted for processing until the batch completes. This eliminates newer jobs continuously filling the queue or causing timeouts on the current original job. Please Consider: If you have a large number of jobs that you need to run, you could start all jobs at the same time and let Source System Integration work through the backlog. However, this results in poor performance and even failure if the number of jobs is too high. The first few jobs are put into the Running state and the remaining jobs are put into the Queued state. This could make a lot of jobs fail even when they aren’t running and that can negatively impact the other jobs that are running. Please work with your partner or professional services consultant to discuss best practices of managing and queueing jobs to that limit. |
Configuring A New Source System
Click on the Administration tab.
Click on the Source Systems Configuration panel.
Click on the actions menu on the upper-right corner and select New Source System.
Input the basic details in the System Basic Configuration screen that will show (see screenshot below).
Field | Description |
|---|---|
System Method | The type of methods use to connect the source. SOAP+XML and REST+JSON are available. |
System Name | The source system’s name. |
Description | A description of the source system. |
Base URL | The base url of this source system to access it. |
Authentication type | The options of authentication to the source. OAuth, Username/Password, Fetch OAuth and using Oauth through Username authentication are supported. Note: Depending on the Authentication type (Fetch OAuth, OAuth), different configuration options will be displayed on bottom-left of the page. The following sections go over the details for each type. |
Click on Save System.
Authentication Configuration
| Expand | ||||||
|---|---|---|---|---|---|---|
| ||||||
Authentication type OAuthWith Oauth, a set of tokens is obtained initially and then used with subsequent calls. These tokens are renewed periodically. No passwords are stored. Tokens are stored as encrypted. 
|
...
|
...
|
...
|
...
|
...
| title | Authentication type Fetch OAuth |
|---|
Authentication type Fetch OAuth
This is a combination of application + OAuth or UserId/Password. Applications such as Office-365 support this type of authentication. In Application based authentication, the application is registered in the underlying system and pre-assigned certain permissions.
Fetch OAuth Configuration, Enter the following information, and click Complete
Displays the following screen:
...
Field
...
Description
...
Auth URL
...
This is required field. Authorization URL of the source system.
...
Client ID
...
This is required field. Client ID of the source system.
...
Client Secret
...
This is required field. the Client secret of the source system.
...
Grant Type
...
Password
...
|
...
Username
...
Enter Username.
|
| Expand | ||
|---|---|---|
|
...
| |
Authentication type |
...
When OAuth is not supported, User Id and Password are used to obtain the authentication session(token) and then session Id is passed in all subsequent calls.
User and Password Configuration, Enter the following information and click Confirm
...
Field
...
Description
...
User ID Field
...
This is required field. User Field Name.
...
User ID Value
...
This is required field. User Field Value.
...
User Password Field
...
This is required field. Password Field name.
...
User Password Value
...
This is required field. Enter Password value.
| Info |
|---|
A warning will appear once an incorrect configuration is entered. It will not allow saving until the error is corrected. |
Authentication Details of External Systems
iManage
iManage supports OAuth and User Id & Password-based authentication. OAuth is supported in cloudimanage.com and 10.3 versions of the private cloud (starting Q3 2020). Currently, CAM is using User & Password-based authentication. A complete OAuth based authentication will be supported by Dec 2020.
Permissions and Roles
You need to specify the NRTADMIN account. This is required for CAM to be able to create users, groups, metadata. Please note the “View Documents” permission is not required unless CAM is used for documents sync or Business Continuity.
Also, In future versions, CAM will support two different authentications 1. CAM authentication without download and delete document permission. Client NRTADMIn with download and delete document permission. This account will be stored in the Client’s AWS or Azure. Therefore CAM will never have direct permission to view or delete a document.
NetDocuments
NetDocuments supports OAuth. CAM obtain the OAuth token from the NetDocuments Authentication dialog.
Permissions and Roles
You need to specify an Admin account with all permissions to create metadata, users & groups, workspaces, and folders.
Office 365/Azure AD
Office 365 supports OAuth + Application authentication. CAM App is registered within the Azure Portal and assigned needed permissions. Then this App Id is used to obtain the OAuth token from the Office 365 Authentication dialog.
Permissions and Roles
You need to specify an Admin equivalent account all permissions to create team, SharePoint site, OneDrive, channel, groups, users, etc.
Minimum permissions for Azure AD are:
...
Permission
...
Description
...
User.ReadWrite.All
...
To add internal users via Azure AD
...
User.Invite.All
...
To add external users via Azure AD
After Authentication Configuration is completed, Object Configuration page is enabled on the right side of page.
Enter the following information on Object Configuration page
System Limitations
Aderant Expert Sierra
Since Expert Sierra is on AWS and Aderant exposes the Database, the recommended way to connect is to leverage Aderant Cloud’s sync to an on-premises SQL database, and then use that as a source to CAM.
Object Configuration
...
| title | Object Configuration |
|---|
Select New Object Available options are:
Matter,
Metadata,
User,
Group,
Tab,
GroupMembership
After selecting New Object, the following fields are available to fill out to add new objects to be imported.
...
Field
...
Description
...
Relative URL
...
The url of the object in the source system
...
Method
...
The method to use when pulling the data. Options are: Get, Post, Put, Delete, Patch. For example, a GET, is a select of the data.
...
Content type
...
The type of the content in configuration format. E.g. Application/x-www-form-urlencoded, application/json
...
Choose the system
...
The system to create the object in. Available: Netdocuments, Imanage, or CAM
For example if you are trying to write to iManage choose iManage.
| Info |
|---|
An exception to this is if you are using a custom system parameter. For example, if you want to set the createiniManage parameter to true and have other mapping configurations, it is best to set the system to CAM, and ensure the mapping is done for the createiniManage parameter. |
...
Suggested parameters
...
The suggested parameters to set. Content-type, Authorization are available.
...
Custom parameters
...
Set custom parameters for the objects, with a field and value pair. Click +Add
...
</>Encode
...
If the record is base64 encoded, click encode.
...
Header
...
The request header. In configuration format, Application/x-www-form-urlencoded
View - Opens pop-up to view full Header contents.
...
Additional Basic Object Configuration
...
Additionally, you can include the API Call for same system to Fetch Data and Flattening Response containing Nested Objects by toggling ON. To configure see the below.
...
Response
...
The response pane.
View - Opens Pop-up to view full response content
Click Next to save Basic Object Configuration and it will also fetch the response. It contains Page Info i.e. Total Records and Total pages in the response. And records per page i.e. FirstRecord : 1 and LastRecord : 50
Additional Basic Object Configuration
To configure Additional Basic Object Configuration, opens the accordion as follows:
...
Fields
...
Description
...
Relative URL
...
Specify the Endpoint URL. Based on the requirements you can replace actual Id to Uniqie_id in the Endpoint URL that helps to identify the backend process from where to replace id in the URL.
...
Method
...
Select Method type from the drop down to perform an action.
GET
...
Mapping
...
To set the mapping of fields used for creation of the object.
For example, if you want to create an item in iManage, set the createiniManage parameter to true. It is best to set the system to CAM, and ensure the mapping here is done for the createiniManage parameter.
Response pane is displayed for user to configure:
...
...
Field
...
Description
...
Pagination By:
...
Sorting Parameter to be used. Select from
Response URL
Query Parameters
No Pagination
...
Pagination field
...
Field to be used for pagination, select from the list or manually enter the value by setting Custom Value On.
...
Result field
...
Select object name.
| Info |
|---|
It is possible to add the following dynamic values for custom parameters for source system objects:
These values will be resolved at runtime and replaced with the proper value. |
Click Save Fields and On successful response configuration, map the CAM fields and Web response by clicking Add Map Or Edit existing mapped fields.
Eval Expressions
For the Eval expressions within the Field Mapping, enter the javascript code for the expression.
For example, the firm wants to create a workspace in iManage for the Create iManage Workspace attribute with the following criteria:
If createiniManage parameter =true and the status of the workspace is not draft, then create the workspace. This will work in this script if the parameter createinimanage exists in the mapping.
...
| language | js |
|---|
...
Fetch OAuthThis is a combination of Application + OAuth or UserId/Password. Applications such as Office365 support this type of authentication. In an Application-based authentication, the application is registered in the underlying system and pre-assigned certain permissions.
|
| Expand | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||
Authentication type UserId/PasswordWhen OAuth is not supported, the User Id and Password are used to obtain the authentication session (token) and then the session Id is passed in all subsequent calls.
|
| Info |
|---|
Note: For all authentication types, a warning will appear if an incorrect configuration is entered and CAM will not allow saving until the error is corrected. |
Authentication Details of External Systems
iManage
iManage supports OAuth and User Id & Password-based authentication. OAuth is supported in cloudimanage.com and 10.3 versions of the private cloud.
For Permissions and Roles, you need to specify the NRTADMIN account. This is required for CAM to be able to create users, groups, and metadata. Please note the “View Documents” permission is not required unless CAM is used for document sync or Business Continuity.
In the future, CAM will support two different authentications:
CAM authentication without permission to download and delete documents.
Client NRTADMIn with permission to download and delete documents. This account will be stored in the Client’s AWS or Azure. Therefore CAM will never have direct permission to view or delete a document.
NetDocuments
NetDocuments supports OAuth. CAM obtains the OAuth token from the NetDocuments Authentication dialog.
For Permissions and Roles, you need to specify an Admin account with all permissions to create metadata, users & groups, workspaces, and folders.
Office 365/Azure AD
Office365 supports OAuth + Application authentication. The CAM App is registered within the Azure Portal and assigned the needed permissions. Then, this App Id is used to obtain the OAuth token from the Office365 Authentication dialog.
For Permissions and Roles, you need to specify an Admin-equivalent account for all permissions to create teams, SharePoint sites, OneDrives, channels, groups, users, etc.
The minimum permissions for Azure AD are:
Permission | Description |
|---|---|
User.ReadWrite.All | The permission is required to add internal users via the Azure AD. |
User.Invite.All | The permission is required to add external users via the Azure AD. |
After the Basic Authentication Configuration is completed, the Object Configuration panel is enabled on the right side of the page.
Enter the information on the Object Configuration page (see next section).
System Limitations
Aderant Expert Sierra
Since Expert Sierra is on AWS and Aderant exposes the Database, the recommended way to connect is to leverage Aderant Cloud’s sync to an on-premises SQL database, and then use that as a source to CAM.
Object Configuration
| Expand | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||||||||||||||||||||||||||||||||||
Additional Basic Object ConfigurationTo configure Additional Basic Object Configuration
Eval ExpressionsFor the Eval expressions within the Field Mapping:
If createiniManage parameter =true and the status of the workspace is not draft, then create the workspace. This will work in this script if the parameter createinimanage exists in the mapping.
 |
...
Field
...
|
...
|
| Expand | ||
|---|---|---|
| ||
Schedule
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
|
...
 Note: When CAM maintenance is |
...
underway, it stops scheduled job 30 mins before maintenance, and on |
...
initiating a Sync Now |
...
operation, it will show warning message. Single/Multiple objects (Users & Groups, Metadata, etc.) can be independently scheduled for sync at a specific time interval.
|
...
Once Source System is configured it will be listed at Administration -> Source System Configuration.
Quick Actions
...
Action
...
Description
...
View
...
Shows the configuration details.
...
View Jobs
Status of scheduled Jobs.
...
|
Once Source System is configured it will be listed at Administration -> Source System Configuration.
Quick Actions
...
Action | Description | ||
|---|---|---|---|
View | Shows the configuration details. | ||
View Jobs | Status of scheduled Jobs.
Note: In Data Uploader, or SSI or CAM in general, When a provisioning job for a team or channel or site is received, CAM creates a separate job for each tab or app in addition to the Team creation or provisioning job. For provisioning users, or groups or workspaces or folders, there is only one job when bulk updating or creating records from DU or SSI. E.g. one record will show for Data Upload. Then a record shows for the subsequent action of Create Workspace if the job was creating workspaces from DU. | ||
Upload Logo | Logo to display for source system. | ||
Export | System Configuration is exported at JSON file. Note: To Import the configuration file click on hamburger sign at top of the page and select Import Source System. | ||
Delete | Delete the source system. |
Pagination
For pagination, use the CSV Parameters for Source Systems
...
to set pagination. The parameters are supported for GET and POST commands.
For example, here’s how to
...
set up pagination for Simple Legal:
...
| Info |
|---|
It is possible to add the following dynamic values for custom parameters for source system objects:
These values will be resolved at runtime and replaced with the proper value. |
Role Permission Mapping
CAM roles can be mapped to the external system role.
Permission Mapping | Set permission based on CAM Roles. Common CAM roles are following:
Examples are as follows: Users: Adding an Admin ( iManage Full Access) bob.bradely@demofirm.com|true#23/12/2019*Admin$true Adding an Editor (iManage Read/Write access) firstnamelastname2@firmname.com|true#null*Editor$true Adding a Watcher (iManage Read only) firstnamelastname3@firmname.com|true#null*Watcher$true Denying Access (iManage No Access) firstnamelastname4@firmname.com|false#null*Deny$true Groups: For example, adding an editor group PartnersGroup|true#11/3/2021*Editor$true
Click on the hyperlink of the CAM Role to show the CAM permissions available for the role.
| ||||
Click on each type of Security Role to update their respective permissions. | |||||
Read | This allows access to only view documents, properties /metadata etc | ||||
Read Write | This allows full access to the document (view and edit), but limited control on properties /meta-data and no ability to change security (including for the folder, workspace etc) | ||||
Full Access | This allows full access to the document (view/edit/share) and full control over properties /meta-data and also the security (including for the folder, workspace etc) | ||||
Managing Files of Source System Integration
In V2 of the Source System Integration, the Jobs submit JSON files instead of CSV files in the backend to avoid overloading the queue processor.
Old Version Compatibility
If a firm requires the older version of Source System Integration
...
(V1), make the following changes to the appsettings.config file:
| Code Block |
|---|
\<setting name="v2Enabled" serializeAs="String"\>
\<value\>False\</value\>
\</setting\> |
| Tip |
|---|
Tip: We recommend using the V2 version of Source System Integration for more efficient processing! |
New Version Features
In addition to the new submission in JSON, there is a new folder where
...
the new CSVs are stored when the JSONs are uploaded. This folder is called newCSV. The CSVs are created and then converted from these files in this folder to JSON. If a job fails, this would be the folder that contains the JSON files to troubleshoot.
Generated CSVs still reside in the generatecsv folder for all jobs.
Archived CSVs still reside in the archivecsv folder for any successfully completed jobs over time.
...
...
Related Topics
iMange | NetDocuments | M365 |