/
iManage

iManage

Owned by Eric Schullek
Last updated: Nov 20, 2024 by Eric Schullek
23 min read

Overview for configuring iManage to connect to CAM

CAM integrates with the iManage Work Cloud, Cloud iManage and iManage on-premises environments.

Note: The procedure for configuring iManage Work Cloud/Cloud iManage and iManage on-premises is almost the same. You can still utilize the provide screenshots and steps for both.

Warning: The user, and not Litera, is responsible for creating the enterprise proxy application (because CAM/Litera is not the one deciding where their proxy connector is to be placed) AND then proceeding with the app registration steps.

Two apps are to be setup:

  • The enterprise proxy application

  • The app registration for CAM

  • To integrate CAM with the iManage Work Cloud, the iManage cloud servers must be configured using the below steps.

  • To connect an on-premises iManage environment, the iManage server needs to be accessible from the internet. This can be done as follows:

    1. Expose the iManage Server via a static-ip/firewall. Click here for information on whitelisting CAM’s IP.

    2. Use Azure Proxy.

    3. Add trusted-ip restriction as an additional security measure.

You can add and manage multiple iManage servers, define the workspaces' naming convention, the template rules to be applied, and the default folder metadata.

Warning: The Client ID & the Client Secret ID must be updated in the IManage Control Center (IMCC) to support API Authentication and enable CAM to integrate with the iManage Server. Read here for detailed instructions to update the Client ID & Secret ID.

Configuring NRTAdmin Access

For iManage, create an NRTAdmin account role in iManage that does not have the View Document permission granted to the role. Assign this to the CAM iManage account. That allows CAM to read all metadata but cannot download or view the document or its content.

The NRTAdmin role assigned to the account must be granted permission to access iManage Control Center.

The NRT Admin account is necessary for the CAM connection to iManage in many modules!

This is so we can:

  1. Provision workspaces: the ability to create, modify, secure, and delete workspaces.

  2. Work with Metadata: the ability to create, modify and delete metadata

  3. Manage Users/Groups: the ability to create, modify, disable & manage group memberships

Signs of a missing NRTAdmin acct or no Control Center access:

  1. CAM can’t access iManage Control Center with the account.

  2. Generate Template doesn’t return results.

iManage Configuration

CAM iManage Control Center (IMCC)

Tip: First, whitelist the CAM IP's listed in the following table on iManage before uploading the zip into IMCC.

Pre-reqs

  1. Whitelist URLs

  2. Ensure the iManage connection is a “Virtual” account type.

Whitelist URLs

Whitelist if your tenant is hosted in any of the following zones:

Zone

Whitelist the IP

Whitelist the IP

Zone

Whitelist the IP

Whitelist the IP

US(prosperoware.io)

18.205.167.41

34.198.68.230

UK(prosperoware.co.uk)

18.130.49.85

3.9.236.119

EU(prosperoware.eu)

52.214.142.149

54.76.178.8

Us West(Oregon)(camuswest.com)

44.234.16.65

52.38.245.112

Apac(Singapore)(camapac.com)

3.0.77.244

52.76.160.89

Australia (Sydney)(pwcamau.com)

13.55.127.223

3.105.163.118

Canada(Central)(pwcamcanada.com)

3.96.104.12

3.96.240.119

 

For iManage Work Cloud or On Premise

  1. Download the iManage Authentication and Web Extension

    1. Navigate to Administration > Downloads and download the iManage Web Extension package. This package includes the iManage Authentication Manifest file and CAM Commands web extension. If once downloaded, you wish to edit the CAM Command web extensions, please skip to 2a.

    2. If you do not want to use/upload the CAM Commands web extension, click on Basic CAM IMCC package without the web extensions for the Authentication Manifest file only.

  2. Upload iManage Authentication (and Web Extensions if applicable)

    1. For steps on editing CAM Commands and extensions, visit: CAM Commands | Deploying Web Extensions .

      1. Add the redirect urls as directed in IMCC under Authentication, use the table: iManage | Redirect Endpoint URI

    2. In the iManage Control Center, in the left-hand side panel under Configure, select System Setup>Applications.

    3. In the Applications page, click the + sign on the top-right side of the page.

    4. Click Upload Package and upload the downloaded file.

    5. The details from the file are auto-populated on the Configuration and Authentication page. Do not
      edit the auto-populated information. Click Continue

    6. Update the Security details.

    7. Click Finish.

  3. For http://cloudimanage.com configurations:

    1. For steps on editing CAM Commands and extensions, visit: CAM Commands | Deploying Web Extensions .

      1. Add the redirect urls as directed in IMCC under Authentication, use the table: iManage | Redirect Endpoint URI

    2. Please set the refresh token in iMCC as Yes. If the refresh token is set to No in iMCC, the External configuration may show as Red and error.

    3. In the iManage Control Center, in the left-hand side panel under Configure, select System Setup>Applications.

    4. In the Applications page, click the + sign on the top right-hand corner of the page.

    5. Search for Prosperoware – CAM and follow the instructions until completion.

  4. Editing the web extensions (iManage Work or On-Premise)

    1. For steps on configuring CAM Commands and extensions, visit CAM Commands | Deploying Web Extensions .

      1. Add the redirect urls as directed in IMCC under Authentication, use the table: iManage | Redirect Endpoint URI

    2. If the web extensions package is to be used, the extension files should be updated to your system.

    3. Extract and open up the CAM_IMCC_web_extensions.zip file.

    4. Go into the web_extensions folder.

    5. There should be six files:

  • AspNetManageFolderMenuItem.yaml ---- This allows the user to Manage Folders and create on-demand folders from CAM.

  • AspNetDeleteFolderMenuItem.yaml ---- This allows to delete not-required and empty folders from iManage Web and DeskSite.

  • AspNetCreateWorkspaceMenuItem.yaml ---- This allows the Workspace Wizard (Request Workflow) to appear in Work 10.

  • AspNetEditNameAndProfileMenuItem.yaml ---- This allows the end user to Update Workspace, Folder name, or Profile from the iManage system. Based on the criteria set in CAM:

    • in External system configuration for workspace and/or

    • in Template editor for the folder and/or

    • in Layout for Profile.

  • AspNetShareFolderMenuItem.yaml --- This allows end users to share a folder if a user has access to the workspace (read/write or above) and also has CAM permission to share.

  • AspNetShareDocumentMenuItem.yaml --- This allows end users to share a document if a user has access to the workspace (read/write or above) and also has CAM permission to share.

Note: User can enter the default value as follows:

  • Domain name i.e tenant name to which you want to connect web commands. E.g "http://Test.prosperoware.io".

  • Application id ("CAM_TEAM_APP_ID" : "2fb4fc8a-fd7a-4fb0-9ff7-dedf63555ba2") to connect with CAM Teams App. After installation CAM into the MS Team app, login into the CAM Team app.

 

  1. For steps on config get the wizard ID from CAM

    1. Login to the CAM tenant.

    2. In your browser (preferably Chrome or Firefox), Inspect the page (CTRL+SHIFT+I).

    3. In the Chrome/Firefox inspection panel, click on the Network tab if not selected.

    4. Click on the Plus icon in CAM to get to a workspace wizard

    5. In the inspection panel, in the 'Name' Column, an entry called 'workspacewizard' appears toward the bottom of the list.

    6. Click on the first 'workspacewizard' entry.

    7. Inside the Network Tab, click on the Response Tab.

    8. In Chrome scroll right until you see "wizardId". In Firefox, wizardId will display right on the screen.

      The number following, such as " 2b04aeff4cb52638a3c46420668faa0d " is the Wizard ID.

    9. Add the wizardid into the URL like such: https://tenantname.prosperoware.io/workspacewizard?wizardId=2b04aeff4cb52638a3c46420668faa0d.

  2. Zip the files backup after making the changes.

iManage Server Configuration

Go to Administration > External System Configuration > Settings and ensure that the iManage integration is active and click Save.

Map iManage Server to CAM

  1. Click the iManage tab.

  2. In the panel for iManage Server click the Add New button.

  3. In the window for iManage Server Setup- Add New, type information in the provided fields, based on the table below.

  4. Click Save. You can add multiple iManage Servers.

Field

Description

Field

Description

Is Azure Proxy Used?

Select Yes to set this server to access using Azure Proxy server

Is version 10.3 or above?

If the user selects Yes, then the “User id and Password“ field will hide and authentication will be done through a common authentication dialog.

Litera recommends that the account be virtual if using Azure Proxy, which is the option in iManage configuration is Is 10.3= No

Note: Users need to register CAM app in the Controls Center for an access support OAuth 10.3 or above.

Enter the Redirect URLs accordingly to your region from the list given in @ section Azure Proxy Server app to access on behalf of CAM >Redirect Endpoint URI's

Server Name

Enter a name for the server. This is a required field. (e.g. iManageProd). Note: Spaces or .,*? are not allowed in the name.

URL

The address of the server. This is a required field. The URL should be like https://servername-mobility.imanage.work for cloud systems

Changes to URL’s/ Domains

If URL’s or domains/subdomains need to be changed, make the edits here and click re-validate, and save. If this is due to a cloud migration, or link workspaces are affected, please read the following guide: Migration to Cloud iManage

Azure Proxy

If Is Azure Proxy Used? is set to Yes, then the below 4 fields are displayed. Read here for detailed instructions to retrieve these fields.

Litera recommends that the account be virtual if using Azure Proxy, set the option in this iManage configuration to Is 10.3= No

You are responsible of creating the enterprise proxy application (because CAM/Litera is not the one deciding where their proxy connector be placed).

Application Id

Enter the Application (client) ID from the Azure Active DirectoryPortal.

Application Password

Enter the application password.

Directory (Tenant) Id

Enter the Directory Id from the Azure Active Directory.

Get Token button

It will be enabled once URL, Application Id, Application Password and Directory (Tenant) Id is entered.

Click the Get Token button, and enter the log in details. On successful login, the token is generated.

User Id

Enter the user name to access the server. This is a required field.

Password

Enter the password to access the server. This is a required field.

Validation

Click the Validate button to verify the the login credentials for the server.

Token

On a successful validation a token is auto-generated and displayed here. If the validation is unsuccessful, a Validation Failed message is displayed.

Is Default

Select Yes to set this server as the default repository. If the repository name is not specified in the uploaded CSV file, the data will be updated to the default repository.

Dynamic Group

Select Yes to create a dynamic group in the iManage workspace. Selecting this option will allow for multiple users to be added to the dynamic group. Read Dynamic Groups for more details to create and add users to the group.

Note: The dynamic group creation option specified in the CSV file will override the option set here.

Default Database

Select the default database for iManage. The options available for selection here are the database pre-configured in the iManage.

Default Security

Set the default security for the workspace.

  • Public: Set Read/Write access to the workspace

  • View: Set Read only access to the workspace

  • Private: Restricts the access rights to the owner only. The owner can update the ACL to the workspaces.

Notes: 

  • The default security specified in the CSV file will override the security set here.

  • If a default security option is not set, CAM will default security to private.

Default Password

The default password set here needs to match iManage’s password requirements:

  • At least 12 characeters

  • At least 1 uppercase letter

  • At least 1 lowercase letter

  • At least one number or special character: ! # $ % & ' ( ) * + , - . / : ; < = > ? @ [ ] ^ _ ` { | } ~ “

Tip: It is recommended that all iManage connections (on-premises, private cloud, and cloudimanage.com) follow the same rules if filling out the default password section.

Server Alias

Use for CAM commands. Set to CloudiManage.com. If you get the warning This error is due to a missing configuration in CAM, it means the server alias might be wrong. This should match with the iManage URL.

Permission Mapping

Set permission based on CAM Roles. Common CAM roles are following:

  • Admin - System administrators responsible for CAM User Management and Workspace Management

    For e.g. A user added as: alexey.marcus@prosperoware.com|true#23/12/2019*Admin$false

  • Editor - CAM users with Edit permissions to access CAM Workspace Management

    For e.g. A user added as: alexey.marcus@prosperoware.com|true#23/12/2019*Editor$false

  • Watcher - CAM users with Read permissions only to access CAM Workspace Management

    For e.g. A user added as: alexey.marcus@prosperoware.com|true#23/12/2019*Watcher$false

Save the server information. The permissions for these roles can only be edited after the server information has been saved. If the server details have not been saved, the Edit button will be grayed out. If hovered over, a tooltip will warn users about this.

Click on each type of Security Role to update their respective permissions.

Read

This allows access to only view documents, properties/metadata, etc.

Read Write

This allows full access to the document (view and edit), but limited control on properties/metadata and no ability to change security (including for the folder, workspace, etc.)

Full Access

This allows full access to the document (view/edit/share) and full control over properties/metadata and also the security (including for the folder, workspace, etc.)

Actions

  • Edit- Allows the permission mapping to be edited.

  • Save- Saves the mapping.

  • Cancel- Cancels the currently entered changes.

Add multiple tokens in the server configuration for iManage

Adding additional Client Tokens for different credentials or tokens to the client is possible. This feature is applicable to those tenants who have their own client stack. It will be used for Data Sync and ETL/Data Uploader processes.

To configure a recently added iManage server or edit/update the existing servers' details with new Token, follow the below steps:

  1. Select the System you want to edit/update as shown in the following screenshot.

  2. Click on the Edit option.

  3. Click on Add Client Token. The Server setup -Edit dialogue box appears.

  4. Click on Add Client Token. The Add Client Token dialogue box opens.

  5. Enter the following details.

Fields

Description

Name

Enter a unique name. By default, it displays “Client Token”. User can change to a new unique name.

Provider

Displays default provider as Client. 

User Id

Enter the username to access the server. This is a required field.

Password

Enter the password to access the server. This is a required field.

Validation

Click the Validate button to verify the login credentials for the server.

Token

On a successful validation a token is auto-generated and displayed. If the validation is unsuccessful, a Validation Failed message is displayed.

  1. Click Add to add new token or click Cancel to cancel the dialogue

Note: A permission similar to No Access can also be applied when adding users/groups to a workspace/folder with permission as Deny. The workspace/folder will not be visible to the users/groups. For e.g. Permission updated as: alexey.marcus@prosperoware.com|false#23/12/2019*Admin$false

The list of information is displayed in the following columns:

Column Name

Description

Column Name

Description

Repository

The server name entered above. Click on the link to open the iManage login page. Hover your cursor over the name to view the server URL.

Credentials

Will display Configured, if the user name and password are successfully validated during configuration.

Last Modified

The last updated date and time

Last Modified By

Name of the user who was logged in when the change was made

Status

The health status of configured system

Is Default

Is updated based on selection made during configuration.

Dynamic Group

Is updated based on selection made during configuration.

Server

Click Edit to edit the configuration set up. The iManage Server Setup- Edit window is displayed.

Make the necessary changes and click Update. Click Delete to remove the server setup.

Metadata

Click Manage to map the Metadata to the repository. The Metadata Mapping window is displayed.

Caution: By design, after successfully adding a client token, the userid and password details associated with that user will show empty if a user tries to edit that client token.

Mapping Metadata

Best Practice- Don’t use invalid characters in the metadata creation or mapping.

In the Metadata Mapping window, the columns are updated with the metadata auto-mapped from CAM to iManage. If the columns are not populated, click the Auto Discover button to automatically find and map the metadata from CAM to iManage. The default database displayed in the Select Database drop-down is based on the database selected in the iManage server configuration.

  • A matrix of default iManage to CAM Metadata Mapping is found here iManage to CAM Metadata Mapping, or in the Litera Customer Center.

  • How to Map metadata documentation from a general perspective is located: Metadata

To manually add and map additional metadata:

  1. Click the Add Metadata button.

  2. In the Add Metadata Mapping window type information in the provided fields, based on the table below,

Column Name

Description

Column Name

Description

CAM

Select the metadata from CAM to be mapped to iManage. To assign a metadata, either click the drop-down menu and select from the list or manually enter the value, which will auto-complete if it is assigned in Administration>Metadata.

iManage

Select the metadata from iManage to map to CAM. The drop-down will include all the metadata defined in the iManage database.

Is Unique Identifier

Select Yes to set the metadata value as a unique identifier. When a job is uploaded with a unique metadata, CAM will only modify the iManage workspace(s) that have the unique metadata assigned. If the unique metadata does exist in any of the existing workspace(s), CAM will create a new workspace for the uploaded job.

  1. Click Save.

Tip: You can also copy metadata mapping from one database to another. Use the CopyFrom parameter in a CSV job to copy the metadata mappings from one DB to the other. All the metadata mapping will be copied from the source database to the target database.

The list of information is displayed in the following columns:

Column Name

Description

Column Name

Description

CAM

List of the metadata from CAM mapped to iManage.

iManage

List of the metadata from iManage mapped to CAM

Unique Identifier

Is updated based on selection made when adding metadata

Action

Click to edit the mapped metadata. The Edit Metadata Mapping window is displayed. Make the necessary changes and click Update. Click Delete to delete the metadata mapping.

Note: • CAM supports all special characters that iManage supports for metadata values !@#$%^&*()+[]{​}​;"|:<>/<>/.

Workspace Name Rules and Format

To define the iManage workspace names rules and format to be applied:

  1. Click the iManage tab.

  2. In the panel for Workspace Name Rules and Format click the Add New button.

  3. In the window for Rule Creator, type information in the provided fields, based on the table below:

Field

Description

Field

Description

Is Default

Select Yes to set the workspace name as the default format.

Note: If the workspace name is not specified in the CSV file uploaded via the Jobs tab or in the SQL file uploaded via the Data Uploader, the workspace name set as default here, will determine the workspace name format.

Rule

Enter a name for the rule

Format

Enter a format for the workspace name to displayed. A sample rule is displayed as the placeholder in the format field.

Tip: The naming format is suggested as "Client ID- Matter ID- Matter Name" {@ClientId@ - @MatterId@ - @MatterName@}

Metadata

Displayed if No set as default option.

Select the metadata from the drop-down. The metadata drop down will display both the metadata name and the display name added. To assign a metadata, either click the drop-down menu and select from the list or manually enter the value, which will auto-complete if it is assigned in Administration>Metadata. In the corresponding text box, type the metadata value to be matched for the rule to be applied. To add more than one metadata to the rule click the '+' sign at the end of the text box. Select the search operator from the drop-down. You can also combine the two search operators.

  • AND: Use AND to search and include all the selected metadata values.

  • OR: Use OR to broaden your search criteria.

The Workspace rule will only be applied if the search criteria matches with the metadata defined here.

  1. Click Save.

The list of information is displayed in the following columns:

Column Name

Description

Column Name

Description

Rule

The rule name entered above.

Format

Workspace name format specified above

Is Default

Is updated based on selection made when adding workspace name

Action

Click to edit the workspace name and rules. The Edit Rule Creator window is displayed. Make the necessary changes and click Update. Click Delete to delete the rule setup.

Template Rules

To define the iManage template names rules and format to be applied:

  1. Click the iManage tab.

  2. In the panel for Template Rules click the Add New button.

  3. In the window for Rule Creator, type information in the provided fields, based on the table below:

Field

Description

Field

Description

Is Default

Select Yes to set the workspace name as the default format.

Note: If the template format is not specified in the CSV file uploaded via the Jobs tab or in the SQL file uploaded via the Data Uploader, the template set as default here will be applied to the workspace created.

Template

Select a template from the drop-down. The drop-down will include all the templates created in Administration> Template Editor. To remove a template click the x.

Rule

Enter a rule name

Metadata

Displayed if No set as default option.

Select the metadata from the drop-down. To assign a metadata, either click the drop-down menu and select from the list or manually enter the value, which will auto-complete if it is assigned in Administration>Metadata. In the corresponding text box, type the metadata value to be matched for the rule to be applied. To add more than one metadata to the rule click the '+' sign at the end of the text box. Select the search operator from the drop-down. You can also combine the two search operators.

  • AND: Use AND to search and include all the selected metadata values.

  • OR: Use OR to broaden your search criteria.

The following operators are available:

  • =

  • <>

  • <

  • >

  • <=

  • >=

  • !=

The Template rule will only be applied if the search criteria matches with the metadata defined here.

  1. Click Save.

The list of information is displayed in the following columns:

Column Name

Description

Column Name

Description

Rule

The rule name entered above.

Template

The template selected for the rule.

Action

Click to edit the template rules. The Edit Rule Creator window is displayed. Make the necessary changes and click Update. Click Delete to delete the template URL

Folder Metadata

Use the Default Folder Metadata section to add all the folder metadata that will be inherited from the workspace level.

  1. Click the iManage tab.

  2. In the panel for Default Folder Metadata click the Add New button.

  3. In the window for Add Default metadata, type information in the provided fields, based on the table below,

Field

Description

Field

Description

Metadata

Select the metadata from the drop-down. To assign a metadata, either click the drop-down menu and select from the list or manually enter the value, which will auto-complete if it is assigned in Administration>Metadata. The metadata selected here will be applied to all the default folders in iManage.

Note: The default folder metadata set here only applies to folders and does not copy down to the search folders. Client and matter metadata must be specified on the search folders specifically. Read here for instructions to add search folders.

  1. Click Save

The list of information is displayed in the following columns:

Column Name

Description

Column Name

Description

Metadata

Folder Metadata selected above.

Action

Click to edit default metadata. The Edit Default Metadata window is displayed. Make the necessary changes and click Update. Click Delete to delete the default metadata.

Group Rule

To define the default group security to be applied to the workspaces created in iManage.

Note: If more than one rule matches the criteria then matched groups will be added to the workspace ACL.

  1. Click the iManage tab.

  2. In the panel for Default Group Rules click the Add New button.

  3. In the window for Edit Rule Creator, type information in the provided fields, based on the table below:

Field

Description

Field

Description

Is Default

Select Yes to set the workspace name as the default format.

Note: If the Group rule name is not specified in the CSV file uploaded via the Jobs tab or in the SQL file uploaded via the Data Uploader, the group rule set as default here will be applied to the workspace created.

Metadata

Displayed if No set as default option.

Select the metadata from the drop-down. To assign a metadata, either click the drop-down menu and select from the list or manually enter the value, which will auto-complete if it is assigned in Administration>Metadata. In the corresponding text box, type the metadata value to be matched for the rule to be applied. To add more than one metadata to the rule click the '+' sign at the end of the text box. Select the search operator from the drop-down. You can also combine the two search operators.

  • AND: Use AND to search and include all the selected metadata values.

  • OR: Use OR to broaden your search criteria.

The following operators are available:

  • =

  • <>

  • <

  • >

  • <=

  • >=

  • !=

The Template rule will only be applied if the search criteria matches with the metadata defined here.

Select Group

Select a group from the drop-down. The drop-down will include all the groups created in CAM. To remove a group click the x.

Select Permission

Select permission based on CAM Roles from the drop-down. Admin Or Editor Or Watcher. Click here for permission details.

Rule

Enter a rule name

  1. Click Save.

The list of information is displayed in the following columns:

Column Name

Description

Column Name

Description

Rule

Rule name.

Permission

Permission selected above.

Is Default

Is updated based on selection made when creating workspace.

Groups

List Group names selected above.

Action

Click to edit default metadata. The Edit Rule Creator window is displayed. Make the necessary changes and click Update. Click Delete to delete the group rule.

Document Metadata

To define the default metadata to be applied to the documents within the folders within the workspaces created in iManage:

  1. Click the iManage tab.

  2. In the panel for Default Document Metadata click the Add New button.

  3. In the window for Add Default metadata, type information in the provided fields, based on the table below:

Field

Description

Field

Description

Metadata

Select the metadata from the drop-down. To assign a metadata, either click the drop-down menu and select from the list or manually enter the value, which will auto-complete if it is assigned in Administration>Metadata. The metadata selected here will be applied to all the documents in iManage.

  1. Click Save

The list of information is displayed in the following columns:

Column Name

Description

Column Name

Description

Metadata

Folder Metadata selected above.

Action

Click to edit default metadata. The Edit Default Metadata window is displayed. Make the necessary changes and click Update. Click Delete to delete the default metadata.

Workspace Edit Name Rule

This allows the end user in the iManage system to edit a Workspace name based on the metadata and the criteria set here. Otherwise the edit option will be disabled.

  1. Click the iManage tab.

  2. In the panel for Workspace Edit Name Rule click the Add New button.

  3. In the window for Add Rule, type information in the provided fields, based on the table below:

Field

Description

Field

Description

Metadata

Select the metadata from the drop-down. The metadata drop down will display both the metadata name and the display name added. To assign a metadata, either click the drop-down menu and select from the list or manually enter the value, which will auto-complete if it is assigned in Administration>Metadata.

In the corresponding text box, type the metadata value to be matched for the rule to be applied. To add more than one metadata to the rule click the '+' sign at the end of the text box. Select the search operator from the drop-down. You can also combine the two search operators.

  • AND: Use AND to search and include all the selected metadata values.

  • OR: Use OR to broaden your search criteria.

The Workspace Edit Name rule will only be applied if the search criteria matches with the metadata defined here.

Rule

Enter a name for the rule

  1. Click Save.

The list of information is displayed in the following columns:

Column Name

Description

Column Name

Description

Rule

The rule name entered above.

Action

Click to edit the metadata name and rules. The Edit window is displayed. Make the necessary changes and click Update. Click Delete to delete the rule setup.

Azure Proxy Server app

Register App on your Azure Portal to be accessed for provisioning from CAM. The following details are required during External System Configuration: the Directory(Tenant) Id, Application Id, and password, follow these steps.

IMPORTANT: iManage has a defect that causes the Azure proxy connection to break when the client upgrades to the ON-PREMISES iManage 10.4.6 version. This is an iManage issue and they resolved it in version 10.4.7.

The Workarounds are:

  1. Not Upgrading iManage Server to 10.4.6. Upgrade to a version higher than that (10.4.7+)

  2. Do not use Azure Proxy if that is not an option if you have to stay on 10.4.6. If you have questions, reach to your implementation team.

Two apps are to be setup: 1- the enterprise proxy application, then 2- the app registration for CAM

You are responsible of creating the enterprise proxy application (because CAM/Litera is not the one deciding where their proxy connector be placed). Then create the app registration below.

  1. If your client is on premise, and going to use Azure Proxy, the client or partner or Litera implementation person should reach to Litera Devops (support@litera.com) to enable a dedicated CC lambda. This alleviates any bandwidth or concurrency issues with jobs.

  2. Create your enterprise proxy application according to the above warning. For those who do not know how to do this, install the connector and set up the proxy app per this Microsoft guide step by step: Add an on-premises application for remote access through application proxy in Microsoft Entra ID. - Microsoft Entra ID . Then continue with Step 2.

  3. Login to “Azure portal”. https://portal.azure.com/#home, with Global Admin Access

  4. Go to “Azure Active Directory”.

  5. Click on “App registration” in the left sidebar.

  6. Click on the “New Registration” tab.

  7. Set a name for it, and select Multitenant - Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox). Multi tenant is required so that if you have multiple tenants for CAM (sandbox, prod, test) they can utilize this connection.

  8. Fill in the Redirect URIs, select Web, and enter redirect URIs listed at the bottom Redirect Endpoints.

  9. Click Register to register the Add-in. The system will show a successfully created message with the information created.

  10. Find the Application ID and Directory (Tenant) Id field.

  11. This goes to the Application ID and Directory(Tenant) Id field in the iManage configuration panel in CAM.

  12. Click the Certificates and Secrets in the left sidebar.

    1. Create a New client secret.

    2. Copy, this goes into the Application Password field.

  13. Click API permissions in the left sidebar.

    1. Now configure new permissions, Click on "+ Add a permission".

    2. Select APIs my Organization uses and find user_impersonation permission.

    3. Now click add permission again. Add Delegated Permissions provided below and click on Add permissions. (This is if Microsoft doesn’t already add this automatically)

    4. Select APIs my organization uses and select Client's Proxy Server Name.

    5. Select user_impersonation and click Add permissions.

    6. Select "Grant admin consent for <global admin user>".

  14. Click Authentication in the left sidebar.

    1. Ensure Redirect URIs (iManage | Redirect Endpoint URI 's) are listed under the heading Web.

    2. Next select both Implicit grant - Access tokens and ID tokens.

    3. Click Save.

  15. Click Expose an API in the left sidebar.

    1. Click +Add a Scope It will prompt Application ID URI, click Save, and continue.

      1. Enter Scope nameUser.Read.

      2. Select Who can consent? : Admins and users.

      3. Enter Admin consent display nameUser.Read.

      4. Enter Admin consent display descriptionUser.Read.

      5. Click Add scope.

      6. Add one more scope to access the client Proxy, click +Add a Scope.

      7. Enter Scope nameuser_impersonation.

      8. Select Who can consent? : Admins and users.

      9. Enter Admin consent display nameuser_impersonation.

      10. Enter Admin consent display descriptionuser_impersonation.

      11. Click Add scope.

    2. click +Add a client application.

      1. Enter Client ID: Application (client) ID of Client's Proxy Server App.

      2. Select both checkboxes under Authorized scopes.

      3. Click Add application.

      4. Add CAM's application, click the+Add a client application.

      5. Enter the Client ID : Application (client) ID of CAM app, click Overview in the left sidebar and copy it.

      6. Select both checkboxes under Authorized scopes.

      7. Click Add application.

      8. in IMCC setup the Authentication and tokens as specified below https://pdocs.atlassian.net/wiki/spaces/CCAM/pages/29491219#iManage-Token-Expiry-Extension

  16. The Azure proxy Setup is completed. Go back to the iManage configuration and continue the iManage setup.

  17.  

Litera recommends that the account be virtual if using Azure Proxy, which is the option in iManage configuration is 10.3= No

Delegated Permissions to the client's Proxy Server

Delegated Permission

Description

user_impersonation

Allow application to Access Client's proxy on behalf of the signed-in user.

Delegated Permissions on Microsoft Graph

Delegated Permission

Description

User.Read

Allows users to sign-in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users.

Redirect Endpoint URI's

Redirect Endpoint URI's are as follows:

Domain

Region

URI

Staging

US East

https://4cpwp6xw51.execute-api.us-east-1.amazonaws.com/v1/cam/auth/redirect

Production

UK (eu-west-2)

https://5cerfmm2b5.execute-api.eu-west-2.amazonaws.com/v1/cam/auth/redirect

Production

EU (eu-west-1)

https://y20ve77is6.execute-api.eu-west-1.amazonaws.com/v1/cam/auth/redirect

Production

US East

https://90uqmfzsbl.execute-api.us-east-1.amazonaws.com/v1/cam/auth/redirect

Production

APAC (ap-southeast-1)

https://c9efufodx8.execute-api.ap-southeast-1.amazonaws.com/v1/cam/auth/redirect

Production

USWest

https://1aj9ofu8f8.execute-api.us-west-2.amazonaws.com/v1/cam/auth/redirect

Production

Sydney Australia (ap-southeast-2)

https://43b9imoxzb.execute-api.ap-southeast-2.amazonaws.com/v1/cam/auth/redirect

Production

Canada

https://5y7l4fx7x1.execute-api.ca-central-1.amazonaws.com/v1/cam/auth/redirect

 

iManage Token Expiry Extension

There are two ways to increase the Token Expiry for iManage, depending on what setup the client has used.

iManage Cloud steps

For iManage cloud, the configurations are made in IMCC.

a. Open IMCC

b. On the left navigation, open Settings-> Applications.

c. Open the Prosperoware CAM application (or the name for the CAM app that you have configured) from that page.

 

d. Find the Authentication section.

e. Click Edit.

f. The user can configure both the Refresh token expiry period and the access token expiry period.

 

iManage on-premises with Azure Proxy steps

For on-premises systems, this token is used in the External System Configuration-iManage panel.

a. First, ensure the Azure proxy application is configured: iManage | Azure Proxy Server app

b. Update the Azure token period according to the Microsoft article here: Configurable token lifetimes - Microsoft identity platform / Set lifetimes for tokens - Microsoft identity platform

c. If not configured already, open the External System Configuration-Imanage window.

d. Click edit on the system to be configured.

e. Enter the application id, and click Get token. Now your token is provided.

 

Related content

Let's Connect📌

☎ +1 630.598.1100
☎ ‪+44 20 3880 1550‬
📧 support@litera.com
💻 https://www.litera.com/support/

📝 Support is available:
4 am - 8 pm US Eastern
(9 am - 1 am GMT/BST
7 pm - 11 am AET) on normal business days (excluding holidays)

© 2024 Litera