A user is the basic entity for accessing the iManage Work documents and applications. This is most often an individual person, but it can also be a service account to perform automated tasks. iManage Work requires users to be created or imported. This can be done manually, periodically through a directory service such as Microsoft Windows Active Directory, or when migrating users to a new iManage Work system. The iManage Work system administrator then assigns roles to those users, adds users to groups, and optionally applies access rights to individual users when their default access rights need to be modified.

Each iManage Work library has its own list of validated users. To gain access to a library, a user must be added to each library individually. A user's access to containers or documents within a library is defined by the combination of the following factors:

  • Security Policy Manager grants or denials. Security Policy Manager (SPM) is an optional iManage application that manages user access to system resources, including iManage Work.
  • The default security of the item (such as public or private or view)
  • The access permissions the user is granted to those items (private, read, read/write, or full access)
  • The user's membership in groups.
  • The role the user is granted. For more information, see Roles.

For more information about administering users in iManage Control Center, see Users.

The following topics are available:

Creating users

Users for an iManage Work system are created in one of the following ways: Migration, directory service, and manually.


Users may be migrated from an existing source database to a iManage Work installation. This happens typically during an initial iManage Work system setup but can also occur after an acquisition, merger, or for a large group of new users. It requires the assistance of your designated customer success manager (CSM) or your implementation partner.

Directory service

Users may be added through a company's network. A directory service, such as Microsoft's Active Directory, or accessing another directory service through Lightweight Directory Access Protocol (LDAP), can be used to maintain the user list and their statuses. The iManage Work system provides tools that periodically synchronize the company's networked users as iManage Work users. The tools and synchronization are coordinated among your designated customer service manager or your implementation partners, and company network administrators.

Using a directory service allows user accounts to be managed by the company's network administrator, and iManage Work can detect changes and update its user list accordingly. This includes creating, activating, or deactivating users. Their status can be imported automatically through an iManage Work system Windows service named DirectorySync. This service can be scheduled to run periodically, such as every minute, once a day, or as frequently as needed. It synchronizes the iManage Work user list with the connected directory service. Their status can also be changed explicitly within iManage Control Center. iManage Work does not store passwords for users imported through a directory service. Their authentication is provided through their directory service's identification provider.


An iManage Work system administrator can manually create a user. This can be as a virtual user or an enterprise user.

  • Virtual users are those who could not be migrated or accessed through a directory service. That means a virtual users exists only in iManage, and not as part of the organization's network account. Once created, these users can be converted to an enterprise user. While a Virtual user, they must be managed manually, such as if they change names or are to deactivated. The iManage system administrator can add, activate, or deactivate users directly through iManage Control Center.
  • An enterprise user is maintained by the organization's network. A Virtual user who is converted to an enterprise user will be assimilated into their network during the next directory service synchronization.

External Users

This is a user who is marked as an external user in their user profile. These users can be either a virtual or enterprise account type in iManage Work. An external user has no initial access to any container or document. They must be granted explicit access to each item. This is intended for users who should have access iManage Work but on a limited or temporary basis. For example, these may include outside consultants, temporary employees, or users who are not in the organization's domain.

External users may not be included in regular users groups or roles. They can only be included in groups marked as external groups, or roles marked as external roles.

Preferred library

A preferred library is a library that stores a user's configuration and is their default library. Each user is required to have a preferred library, and can have only one preferred library.

This configuration will be always be used even if users access another library. The configuration items include:

  • Forms. This is the list of visible properties and the arrangement of those properties within dialog boxes for iManage Work 10 clients.
  • My Matters. This is a list of Matter Shortcuts a user has created, or is subscribed to.
  • My Favorites. This is a list of bookmarks for documents and locations by the user.
  • Recent matters. This is a list of the last 20 matters accessed by the user in the previous 30 days
  • Language preference.

As a default library, it will be the library that is first used for searches.

  • When a user creates a new document, the library selected in the New Document Profile dialog is automatically set to the library. If the user enters a different user’s name in the Author field in the New Document Profile dialog, the selected library automatically switches to the preferred library assigned to the user named in the Author field.
  • When a user first opens the Search dialog, the selected target for the search will be set to this library. If the user changes the target database for the search, that setting will remain in effect until the user explicitly changes it.

Roles, groups, and access rights

Users can be assigned roles that define the set of permissions or actions they can take. They can also be assigned to groups that associate multiple users to a common set of security access levels.

See Privileges, Roles, and Groups, and Security for more information.