Overview
Legora's iManage integration allows your users to pull in documents directly from iManage.
Introduction
This document provides a detailed overview of the integration between Legora and iManage, including key features, deployment timeline, security measures, and requirements for customers. Additionally, it includes a Q&A section to address common questions.
Legora is an approved technology partner with iManage, allowing us to fully utilize their work API, uploading and syncing documents with matter ID attached, facilitating audits.
Key Features
File and Folder Selection
The integration includes a file and folder picker, enabling users to upload documents from iManage into Legora.
Helps users navigate their document structure in iManage and select the desired files and folders.
Secure Authentication and Connectivity
Legora employs iManage’s native authentication system for secure user validation.
No user credentials are passed through Legora; instead, an access token is used to fetch and parse documents from iManage.
Legora uses a short-lived token on behalf of the authenticated user. As a result, the user can upload only those documents they have access to, in accordance with the access controls currently enforced in your iManage instance.
Compatibility
Compatible with both on-premises and cloud-based iManage deployments:
On-Premises Deployments: Requires a secure endpoint for Legora to access iManage.
Cloud Deployments: Pre-established connection for a seamless integration experience.
Deployment Timeline
The integration can be deployed within 7 days from when the following conditions are met:
A secure endpoint for Legora to access iManage (for on-premises deployments).
Adding the Legora application in iManage
The URL through which users access iManage.
Security Measures
Our approach to security is to eliminate all risks for our customers, taking the best measures possible to allow safe integration with customers’ sensitive information.
Key Security Measures
Access Token Management: Legora acquires an access token through native iManage authentication (both SSO and email/password). Tokens expire after 30 minutes and are invalidated upon logout.
No Credential Storage: No user credentials are ever passed through Legora. Authentication occurs directly between a user’s client and their iManage instance.
Read-Only Operations: Only read operations are performed by Legora, ensuring that no information or documents in iManage can be modified or deleted.
Endpoints Used by Legora Backend
/auth/oauth2/token
/auth/oauth2/revoke-token
/api/v2/customers/{customerId}/dialog-tokens
/api
/work/api/v2/customers/{customerId}/libraries/{libraryId}/documents/{id}/download
/work/api/v2/customers/{customerId}/libraries/{libraryId}/folders/{id}/children
/work/api/v2/customers/{customerId}/libraries/{libraryId}/documents?containerId=id
Requirements for Integration
For the integration to proceed, the following requirements must be fulfilled:
User Access to iManage: Legora needs to redirect user browsers to a URL through which users can access iManage.
Network Access to iManage: Legora must be able to access iManage using the same URL that users have. Any network restrictions (e.g., VPN, IP whitelisting) must be addressed.
Cloud iManage deployment: See “Cloud iManage Setup” below for details.
Legora application should be added in your iManage instance
On-Premises deployment - Application Registration in iManage:
Name: Legora
API Key: [Generate a key]
API Secret: [Generate a secret]
Application type: Web
Client Type: Public
Redirect URL: https://app.eu.legora.com/imanage (or https://app.us.legora.com/imanage for US setups)
Client Secret: Same as “API Secret”
Client Secret Expires: Never
Allow Refresh Token: No
Access Token Expiry: 30 minutes
Allow Access To: All users (unless specifying a subset of users for the integration)
Differences Between Cloud and On-Premises Deployments
Cloud Deployment: Easier application registration, no manual configuration required.
On-Premises Deployment: May require additional networking configuration to ensure Legora can connect to iManage.
Cloud iManage Setup
(Note: The previous requirement for a signed third-party agreement has been canceled. The application is now readily available in the iManage Application marketplace for selection in the Control Center.)
Adding the Legora application
Legora application is readily available for all Cloud iManage clients in the iManage Application marketplace. Customers simply add Legora Application:
Go to Control Center
Click “Add Application”
Search for Legora and select.
Disable Allow Refresh Token and set Access Token Expiry as 30 mins.
Allow access to users.
Review and finish.
After the registration is done, the setup is complete. The Legora team enables the connector on their side, and as soon as that's done, you are able to synchronise documents from iManage into Legora.
Note: Please let the Legora team know if you use a custom subdomain to access your
iManage Cloud instance.
If you use the standard URL — https://cloudimanage.com — no action is
needed.
If you use a custom URL, typically with a subdomain (e.g.,
https://acme.cloudimanage.com), please inform us, so we can ensure the
integration is configured correctly on our end.
Frequently Asked Questions
Q: How does the file and folder picker work?
A: The file and folder picker allows users to navigate their iManage document structure and select specific files or folders to upload into Legora. Link to video showcasing the feature.
Q: How does Legora ensure secure authentication?
A: Legora uses iManage’s native authentication system, acquiring an access token upon successful authentication. No user credentials are passed through Legora, enhancing security.
Q: What are the key security measures taken by Legora?
A: Key measures include access token management, no credential storage, and read-only operations to ensure data security and integrity.
Q: What are the requirements for integrating Legora with iManage?
A: Users must have access to iManage, Legora needs network access to iManage, and an application must be registered in iManage with specific values provided.
Q: What are the differences between cloud and on-premises deployments?
A: Cloud deployments are simpler with pre-established connections, while on-premises deployments may require additional networking configuration.
Q: How does Legora enforce per-user permissions?
A: The Legora iManage integration utilises individual user credentials rather than a service account. This ensures that all access to iManage via Legora is governed by the user's existing permissions; therefore, neither Legora nor the user can access any content that the user would not normally be able to access directly through iManage. Permission escalation is not possible.
Q: What prevents privilege escalation?
A: Legora does not have a service-user in your iManage, so it’s not technically possible to do any privilege escalation.
Q: At what point are user permissions checked during document retrieval?
A: When a user connects and authenticates to iManage, Legora obtains a token on behalf of that specific user. This token is valid for only 30 minutes, unless otherwise configured in your iManage instance. Each time a new upload dialog is initiated, Legora verifies the user token. If the token has expired, the user will be prompted to re-authenticate and obtain a new valid token. Similarly, the token is sent and validated with every request to iManage. Therefore, if a user’s access to the client matter is revoked during this 30-minute period, they will not be able to see the document in iManage.