iManage Work

This page describes how to configure Aiimi Insight Engine to crawl an iManage Work Library. The library can be hosted in iManage's cloud environment or a local on-premises server.

Each library needs a dedicated security sync and source connector. If you have multiple libraries in the environment, each must be setup individually.

Prerequisite Setup

The iManage Administrator must complete these steps outside of Aiimi Insight Engine.

System Information

This information is needed from the iManage environment:

API Endpoint - The API endpoint address of the system hosting the library.

For iManage cloud environments, this will be https://cloudimanage.com/.
For on-premises systems, this will be something like https://aiimi-qa-iman.aiimi.com/.
- Do not include the API path, nor any /work/ components.

Library - The ID of the library that will be crawled. This can be found in iManage Control Centre.

Permission Mode - To correctly permission trim documents, the iManage security model (Optimistic, Pessimistic or Hybrid) is needed. Reach out to iManage for support finding your permission mode.

The Aiimi Insight Engine, iManage source connector does not support Pessimistic mode.

User Credentials

Aiimi Insight Engine will access iManage as a user defined in the iManage library. This user must have access to all of the content that needs to be discovered. If you want to use the Content Management features, the user must have access to perform add, update and/or delete operations.

Set up a local user account.

Assign a password and make a note, it will be needed later.

Assign roles, group membership and/or access permissions as needed to access the content.

For example assigning the NRTADMIN role will allow a full access to all content.

Application Registration

Register and enable a new application within iManage. For help registering a new application see the iManage support article for your environment.

The following settings should be used:

Setting

Value

Name

Aiimi Workplace AI

Description

Aiimi Workplace AI

Client ID

Randomly generated GUID - You can use the client secret generator to create this. But make sure you regenerate the Client Secret so they are different.

Client Secret

Click generate to populate this value.

Publisher

Aiimi Ltd

Website

https://aiimi.com

[email protected]

Application Type

Native

Redirect URL

Not used, so set to a safe value.

e.g. the Url of the iManage environment.

Client Secret Expires

We recommend setting this to match your security policy.

Allow Refresh Token

Access Token Expiry

We recommend setting this to match your security policy, but at least 30 minutes.

Allow Access To

Select the user created previously.

Select Save.

Aiimi Insight Engine Setup

You can set this up with a command line utility or manually if you want more control over the configuration.

Command Line Utility

This will update the settings and create credentials, metadata and syncs as described in the Manual setup.

Open command line utility as an administrator.

Run the following script.

Check the storage path and update the <LIBRARY_ID> in this script before running it. For example: (C:\) and <HUMAN_RESOURCES>.

C:\InsightMaker\Utils\InsightMaker.Source.iManageWork.Utils\InsightMaker.Source.iManageWork.Utils.exe configure --library <LIBRARY_ID>

This will present you with a number of prompts for information. Enter the relevant information and hit enter.

The command line operation has additional options that allow you to override it's operation. You can reuse existing configurations if required (e.g. to share a security sync).
To see your options run: C:\InsightMaker\Utils\InsightMaker.Source.iManageWork.Utils\InsightMaker.Source.iManageWork.Utils.exe help configure

Manual

If you need finer control over the configuration, follow these steps for setup.

Security - Deny Permission Trimming

iManage Work has a NO ACCESS permission level. This is implemented in Aiimi Insight Engine by using Deny permissions.

Navigate to the Control Hub > Global Settings > General > Miscellaneous.
Check 'Apply Deny Permission Trimming'.
Select Save Changes.

Security - Security Descriptors

iManage Work requires the user to have access to both the file and the parent folder. This is implemented in Aiimi Insight Engine using secondary security syncs and Security Descriptors.

Navigate to Control Hub > Security > Descriptor Groups.
Select New Security Descriptor Group.
Name - iManage.
Match Mode - Select Single from the dropdown.
Check Allow Privileged Bypass.
Select Create Group

Metadata Fields

Aiimi Insight Engine needs to track some iManage properties to ensure the accuracy of crawls. This is stored as metadata in Elastic. See our guide on adding or changing, entities, Metadata for assistance on this.

Create the following Keyword metadata entities:

iManageLibraryId
iManageWorkspaceId
iManageObjectType

Credentials

The security sync and source connector use the same two credentials. You need to create one username and password and one client and secret credential. Use our Credentials guide for help creating them.

Create a Username and Password credential for the user credentials from the prerequisites.
Create a Client ID and Secret credential for the application registration from the prerequisites.

Security Sync

Create an iManageWorkSecurity security sync. If you are only planning to use one connector for this library, the Source ID should match the ID of the companion security sync. See our Security Configuration Guides for additional support creating this.

Source Connector

Create an iManageWork source configuration. If you are only planning to use one connector for this library, the Source ID should match the ID of the companion security sync. See our Source Configuration Guides for additional support creating this.

Create a new security configuration.
Source System - Select iManageWork from the dropdown.
API Endpoint - Enter the endpoint used to access iManage Work.
- Cloud instances will likely be: https://cloudimanage.com.
Disable Certificate Validation - Check this to no validate the HTTPS certificate used by iManage.
- This allows connections to systems with self-signed certificates.
- This does increase security risk.
Client ID and Secret - Select the Client ID and Secret credential created for the iManage application.
Username and Password - Select the Username and Password credential created for the iManage user.

Library ID - Enter the ID of the library to sync.
Owner - Enter owners to only include their workspaces in this crawl.
- This is not case sensitive and does support wildcards.
CUSTOM1 - Enter a CUSTOM1 alias' to only include workspaces with this alias in the crawl.
- CUSTOM1 is normally known as Client ID.
- This is not case senstivie and does not support wildcards.

Permission Mode - Select how conflicting permission should be interpreted from the dropdown.
Security Sync ID - If the ID of this source is not the same as the companion security sync, set the Security ID.
1. If they are the same, this feel can be left blank.
2. The other options on this tab allow a subset of workspaces to be selected and are optional if you want to crawl everything with a single connector.

Entity Mappings - You can map the entity fields to properties from iManage.
- Enter the full entity field in the left column. For example, entities.Websites.category.
- Enter the iManage customX field in the right column.
Metadata Mappings - You can map the metadata fields to properties from iManage.
- Enter the full metadata field in the left column. For example, metadata.webtype.
- Enter the iManage customX field in the right column.

Please check the data types match. Reference the iManage API documentation to find the available types. We do not support the _description fields.

PreviousGoogle Vault NextJira

Last updated 13 days ago