New features are continuously being added to iManage Control Center. See what enhancements and feature changes are available in each update.
For features introduced in 2025 updates, refer to:
For features introduced in older updates, refer to:
April 2025
Content Security Policy header
Content Security Policy (CSP) is a computer security standard designed to prevent cross-site scripting (also known as XSS), clickjacking, and other code injection attacks that result from the execution of malicious content within a trusted web page context.
The CSP header is an HTTP response header that modern browsers use to enhance the security of a document or web page. This header lets you restrict which resources, such as JavaScript, CSS, and images, that can be loaded, as well as the URLs from which they can be loaded.
This feature adds a default CSP header for iManage Work Web and lets you define a custom CSP header if you need more tailored control. You can choose to use the default header or create a custom header in iManage Control Center.
This feature offers CSP header control for the following types:
Main CSP Header: Enhances security by applying CSP to the entire Work Web application, protecting it against common scripting attacks, and preventing the application from being framed by malicious sites.
Dialog CSP Header: Offers enhanced security that’s similar to the Main Content Security Policy Header but doesn’t restrict framing, as dialogs are frequently used by add-ons and extensions.
For each CSP header type, you can use the default CSP header or define a custom CSP header for more tailored control. You can also test the default or custom CSP header rules without enforcing them to ensure that they behave as expected. These capabilities are configured using the following settings on the Web Client Settings page in iManage Control Center.
Default (default): Specifies that the default CSP header is used. When Default is selected, the default CSP header is populated automatically in the corresponding form field and can’t be modified.
Custom: Specifies that a custom CSP header is used. When Custom is selected, the corresponding form field is available for edit and a custom header must be provided.
Report Only: When this option is selected, CSP header rules are evaluated but not enforced. This lets you test CSP header settings without the risk of disrupting existing functionality. This option is selected by default.
NOTE: The default state for the main and dialog CSP headers is to use the default header and to have the report only option selected.
For more information about configuring CSP headers, refer to the Web Client Settings page and to the Content Security Policy implementations in iManage Work Web Help Center article.
Web Client Settings page updates
The Web Client Settings page in iManage Control Center is used to configure iManage Work Web settings and options. In this update, the following changes are made to the General and Features tabs of this page:
The Features tab is renamed Defaults.
The Default Language setting is renamed Language.
The Default tab on login setting is renamed Login tab.
Numerous settings are moved from the Features (now Defaults) tab to the General tab.
The Internet Explorer Warning Message setting is removed.
Two new settings, Content view and Details view, are added to the Defaults tab.
The Defaults tab and a portion of the General tab are shown in the following figures:
Settings tab name change
The Features tab on the Settings page is renamed Defaults in this update to better reflect the purpose of these settings. All settings for which an admin can configure a default option for new users are moved under this tab. Users may override these settings in iManage Work Web.
General and Defaults tab settings changes
In this update, several settings are moved from the Defaults (formerly Features) tab to the General tab, and one setting is moved from the General tab to the Defaults tab. Also, the Default Language and Default tab on login settings are renamed.
The Internet Explorer Warning Message setting is removed because Microsoft retired Internet Explorer on June 15, 2022. Users using Internet Explorer to connect to iManage Work Web will no longer see a banner recommending using a fully supported browser.
The table below summarizes the changes to the Web Client Settings page:
Table: Web Client Settings page updates
Former setting name and tab | New setting name and tab | Summary of changes | ||
|---|---|---|---|---|
Setting name | Tab | Setting name | Tab | |
Default Language | General | Language | Defaults | Setting renamed and moved |
Customize Logo | General | Customize Logo | General | No change |
Username Format | Features | Username Format | General | Setting moved |
Metadata Format | Features | Metadata Format | General | Setting moved |
Enable additional tab | Features | Enable additional tab | General | Setting moved |
Default tab on login | Features | Login tab | Defaults | Setting renamed |
Lookup field dropdown limit | Features | Lookup field dropdown limit | General | Setting moved |
Allow users to perform bulk security updates | Features | Allow users to perform bulk security updates | General | Setting moved |
New Folder in iManage File/Location Selection dialog | Features | New Folder in iManage File/Location Selection dialog | General | Setting moved |
Enable static asset delivery via Microsoft Azure's Content Delivery Network | Features | Enable static asset delivery via Microsoft Azure's Content Delivery Network | General | Setting moved |
Enable Work 10 Desktop for Windows Auto Updates App Banner | Features | Enable Work 10 Desktop for Windows Auto Updates App Banner | General | Setting moved |
Internet Explorer Warning Message | Features |
| Setting removed | |
Enable Search Language Selection | Features | Enable Search Language Selection | General | Setting moved |
Title-click operation for files | Features | Title-click operation for files | General | Setting moved |
Enable web-based email sending | Features | Enable web-based email sending | General | Setting moved |
Enable open in Gmail | Features | Enable open in Gmail | General | Setting moved |
Enable iHelp | Features | Enable iHelp | General | Setting moved |
Content view | Defaults | New setting | ||
Details view | Defaults | New setting | ||
New Default Web Client settings
The following settings are added to the Defaults tab:
Content view: Specifies the default starting view type in iManage Work Web for all users. This setting includes selections for:
View Type: Indicates the way the default starting view type is displayed:
Grid (default): Uses grid view to display items in iManage Work Web. The Grid Row Height option is displayed when this option is selected.
List: Uses list view to display items in iManage Work Web.
Grid Row Height: Specifies the density of grid rows.
Comfortable
Compact (default)
Tiny
Details view: Indicates whether the Details panel is visible by default for all iManage Work users.
Yes (default): Specifies that the Details panel is visible by default.
No: Specifies that the Details panel is hidden by default.
NOTES:
The default settings apply to users who have never changed them in iManage Work Web (such as a new user). If a user changes their settings, the user settings take precedence, even if the default settings in Control Center are changed later.
These settings don’t apply to the File Open and File Save As dialogs.
March 2025
Absolute timeout
iManage Work currently includes an idle session timeout feature for users. This capability specifies the length of time a user session can remain inactive before it’s automatically terminated. Idle session timeout can be set for each application in iManage Control Center, including software that integrates with iManage Work to access data or to add more features to an iManage Work client application. For more information about managing idle session timeout, refer to Adding an application.
This service update introduces an absolute timeout capability for iManage Work at cloudimanage.com users. This feature enhances security by automatically ending user sessions after a predefined period, regardless of user activity.
With absolute timeout, you set the maximum duration that a user session can last, regardless of whether the user is active. When the time limit is reached, the user session is terminated, and the user must re-authenticate.
NOTE: When a user session ends due to an absolute timeout, the user may not have to re-authenticate to applications that use and automatically refresh access tokens. To check if your application has refresh tokens enabled, refer to Adding an application.
Absolute timeout:
Ensures that sessions don't remain active indefinitely, even with continuous use, reducing the risk of prolonged exposure.
Helps meet regulatory requirements by enforcing regular re-authentication.
Is typically set to a longer duration (for example, 18–20 hours) to allow for a full workday session to complete before requiring re-authentication.
Configuring absolute timeout
Absolute timeout is configured using the access-token endpoint. This endpoint lets you enable and disable absolute timeout, and set the length of time before a user has to reauthenticate.
IMPORTANT: All current user access tokens are immediately revoked when the following configuration changes occur:
When the absolute timeout feature is enabled.
When the absolute timeout duration is decreased.
This revocation of user access tokens means that all iManage Work users on cloudimanage.com will need to re-authenticate to iManage Work applications when these changes are made.
For more information about absolute timeout API requests, refer to Absolute Timeout for OAuth Tokens in cloudimanage.com.
NOTE: The ability to configure absolute timeout will be added to iManage Control Center in a future update.
Support additional lookup field limits
The Lookup field dropdown limit setting in iManage Control Center configures the number of suggestions displayed in the drop-down list of iManage Work Web lookup fields. This setting was expanded in this update to include the following additional values:
500
1000
For more information about this iManage Work Web setting, refer to Settings.
February 2025
Enabling bulk security actions
A new configuration option has been introduced for administrators to allow iManage Work users to perform bulk security updates for documents, emails, workspaces, and folders. For more information about these capabilities, refer to:
Selecting multiple documents in a folder and aligning security to that of the folder
Updating folder security and applying changes to its children
NOTE: Bulk security updates applied by your users can be overwritten by the Refile Service. If you're using Refile Service to perform background security updates, we recommend you review the information in Considerations when using the Refile Service for security updates before activating this feature.
By default, these capabilities are turned off. To turn on these new capabilities for users:
Sign in to iManage Control Center and browse to Work Clients > Web Client > Settings > Features.
Set Allow users to perform bulk security updates to Yes.
Select Save.
After turning on Allow users to perform bulk security updates, the actions in the following table are available in the Context Menus tab within iManage Control Center.
NOTE: You must manually add these actions to the appropriate context menus in iManage Control Center for these workflows to be available to users. For instructions on adding these actions to the respective menus, refer to Context Menus.
Table: Context Menus
Tab | Action | Description |
|---|---|---|
Documents | Edit user/group permissions | Allows user/group permissions to be updated for one or more documents. |
Match security to parent folder | Allows for the security of one or more documents to be aligned with its parent folder. | |
Emails | Edit user/group permissions | Allows user/group permissions to be updated for one or more emails. |
Match security to parent folder | Allows for the security of one or more emails to be aligned with its parent folder. | |
Matters | Apply security to contents | Allows for workspace security settings to be propagated to its children. |
Folders | Apply security to contents | Allows for folder security settings to be propagated to its children. |
The following figure shows an example of the new actions added to the Context Menus Documents tab:
In addition to the new Context Menus actions, the following workflows are enabled in iManage Work when Allow users to perform bulk security updates is set to Yes:
The option to “Apply security changes to children” when workspace security is changed.
The option to “Apply security changes to children” when folder security is changed.
The option to “Match security to destination” when a folder(s) is moved.
The option to “Match security to destination” when a document(s) is moved.
