iManage Security Policy Manager Administration Guide

In addition to importing client definitions, you can manually register client definitions using the iManage Security Policy Manager administration console.

Creating the new client

On the Home page, click View Clients.
Alternatively,
Select Clients in the left navigation page. The Clients dashboard appears.
On the Clients dashboard, select Add Client. The Add Client page appears.
There are two steps in the wizard to add a client:
1. General Details
2. Security
In the General Details pane
1. Enter the unique client identifier, in the Client ID field. This is a mandatory field. Client ID can be any combination of numbers, letters and/or special characters. The length limit is 32 characters.
2. Enter the name, in the Client Name field. This is a mandatory field. The length limit is 255 characters.
3. Enter any desired description for the client in the Notes field. This is NOT a mandatory field.
  NOTE:
  If the Work URL Templates setting is configured under the Settings page, then in the Notes field, icon appears.
  1. Select . The Add Work Link dialog box appears.
  2. Select one of the options provided:
    Paste Work Link: You can add a different work document/folder url to the one configured in the Settings page. You can test the link by clicking Test Work Link.
    Select Document by ID and Version: You can add the document Id and version. In this option, the URL configured in the Settings page is considered. For iManage Work at cloudimanage.com, this would be in the form: https://cloudimanage.com/work/link/d/{{DATABASE}}!{{DOCUMENT_ID}}.{{DOCUMENT_VERSION}}
    Select Folder ID: You can add the folder Id. In this option, the URL configured in the Settings page is considered. For iManage Work at cloudimanage.com, this would be in the form: https://cloudimanage.com/work/link/f/{{DATABASE}}!{{FOLDER_ID}}
  3. Enter the relevant details based on your selection.
  4. Enter a brief and relevant text that provides a context to the content in the link in the Link Text field. and then click Add Link.
4. Your name appears as the default administrator for the client in the Client Administrators field.
  - By default, you are added as administrator type Administrator. You can also choose to be added as Staffing Administrator. To change the type:
    1. Select on the right of the row.
    2. Select Set Type.
    3. Choose from Administrator or Staffing Administrator, and then Save.
    NOTE:
    For more information on local administrator types, see Users and Roles.
5. You can add more administrators to the client. You can add users as well as user groups as the administrators. Click Add. The Add Administrators dialog box appears. Your role defines which types of administrator you can add.
  NOTE:
  You have the option to filter the displayed user list based on user, type, job and/or practice area.
  1. Click on the row of a user/group or select the check box next to a user/group. You can select more than one user/group at a time. To select all available users/groups, select the uppermost check box on the left, or, if a user/group has already been selected, you can also select Select All n Items, where n represents the number of items available for selection. Then, click OK to choose a user(s)/group(s) to be the administrator(s) for the client. This is NOT a mandatory field. A client administrator can update client level details as well as delete the client.
    NOTE:
    You may choose to not assign any user/group as an administrator for the client.
    
    Click on the row of the administrator or select the check box next to the administrator. Then, click Remove Selected . You are presented with an option to specify the reason for removal; if a reason is entered, this will be visible in the client timeline.
    Alternatively,
    Click x on the row of the client administrator to remove them from the role. You are presented with an option to specify the reason for removal; if a reason is entered, this will be visible in the client timeline.
    
    If you do not add any client specific administrator for the client, then any user with an applicable global role administers (the corresponding aspect(s)) of this client.
  2. When an item is selected, a line displays above the lists stating "These users will be added as Administrator". Select Administrator to choose the administrator type.
    Choose from Administrator, Conflicts Administrator or Staffing Administrator, and then select OK.
6. Click Next.
The Security pane appears. In the Security pane, click one of the following security policies for the client:
- Open - Access to matters for this client is open by default. Matters can be individually secured to ensure access to authorized users only.
- Restricted - Access to matters for this client is only available to authorized users. Authorized users are named in the client staffing team unless the matter is individually secured. Matter team restrictions can be made more restrictive than the client staffing team or less restrictive. Select this behavior through one of the following options.
  - Matter staffing required to be Limited to users named under Client staffing (checkbox checked).
  - Matter staffing is not required to be Limited to users named under Client staffing (checkbox not checked).
Select Finish to complete the client creation process. The Clients dashboard appears and you can view the client you added in the Viewing Clients Dashboard. You can now add security instructions for users who will be added to staffing, and add users to staffing.

Add security instructions (memo) for client staffing

You can configure instructions for the users who (will) have access to the client, using the Client Security Memo. There are different memo types for different scenarios.

For detailed information on how to use and the configure security memos and scheduled awareness reminders available, see Client Security Memo section in Updating Security Policy.

NOTE:

For text (not email) Security Memos, if the Work URL Templates setting is configured under the Settings page, then in the Memo field, icon appears.

Click . The Add Work Link dialog box appears.
Select one of the options provided:
- Paste Work Link: You can add a different work document/folder url to the one configured in the Settings page. You can test the link by clicking Test Work Link.
- Select Document by ID and Version: You can add the document Id and version. In this option, the URL configured in the Settings page is considered. For iManage Work at cloudimanage.com, this would be in the form: https://cloudimanage.com/work/link/d/{{DATABASE}}!{{DOCUMENT_ID}}.{{DOCUMENT_VERSION}}
- Select Folder ID: You can add the folder Id. In this option, the URL configured in the Settings page is considered. For iManage Work at cloudimanage.com, this would be in the form: https://cloudimanage.com/work/link/f/{{DATABASE}}!{{FOLDER_ID}}
Enter the relevant details based on your selection.
Enter a brief and relevant text that provides a context to the content in the link in the Link Text text box. and then click Add Link.

Add client staffing

On the Home page, select View Clients.
Alternatively,
Select Clients in the left navigation page. The Clients dashboard appears.
On the Clients dashboard, select the client required. The client opens at the matters tab.
Select the Client Details tab.
Select the Staffing tab.
The Staffing pane appears.
In the Staffing pane, you can add team members and basic team members to the client, set the responsible attorney for the client, and define assistant settings.
Staffing Pane Conventions

The interface allows you four ways to perform an action in this pane. You may choose to use any of these ways based on your convenience, while adding, removing, transferring users, and setting / unsetting responsible attorney.
For example,
Select the check box next to a Team Member, then click Set as Responsible Attorney.
Click on the required row to select the Team Member, then click Set as Responsible Attorney.
Click corresponding to the Team Member, then click Set as Responsible Attorney.
Click next to Add Members, then click Set Responsible Attorney. The Set Responsible Attorney dialog box appears. You can select a user from the list.
1. Add Members
  1. Types of Member
    1. Team Member
      Team Member implies the list of users (legal representatives) who could be part of the teams working on underlying matters. Team Members can access client content, receive notifications and approve user access requests.
      Client teams are defined when adding clients as well as during updates to the client. The users are part of the staff of the firm. The security policy defined for the client and subsequently for the underlying matters, establish whether the client team forms a part of the matter team. If an underlying matter is secured at client level, then the client team becomes the matter team.
    2. Basic Team Member
      A Basic Team Member can perform all the tasks designated for a Team Member, except approving access requests—basic team members do not receive access request notifications.
  2. Add Team Member (and set Access Period)
    1. To add users/groups to the client team individually, click Add Members.
    2. Select the check boxes next to the users/groups to select the users/groups. To select all available users/groups, select the uppermost check box on the left, or, if a user/group has already been selected, you can also select Select All n Items, where n represents the number of items available for selection. Alternatively, click the required rows to select the users/groups.
      TIP:
      If you require a set of users/groups to have unlimited access, and another set of users/groups to have a limited access period, you can select one of these sets of users/groups accordingly before adding the users/groups as members in the steps below.
    3. Click View Selected to view the list of users/groups selected to be part of the client team as Team Members. (To deselect the users/groups selected, click Deselect.)
    4. When users/groups are selected, an editable line appears above the user/group list, and which by default states:
      "These users will be added as Team Members with an Unlimited Access Period". To add Team Members, leave the editable setting Team Members as is.
      1. To provide access to the client to the selected users/groups for an unlimited period, leave the editable setting Unlimited Access Period as is.
      2. To restrict the duration of access to a defined period, after which period the access is automatically revoked:
        Click the editable setting Unlimited Access Period. A dialog Set the Access Period for Selected Users appears.
        Select Access Period is Time Limited.
        From the date picker, select the date and time up to which you want to provide access to the users/groups. If you do not specify a time, then the system will default the time to midnight in the time zone of the server.
      NOTE:
      You can also set the access duration limit after you have added a user/group to the client staffing. See Set Access Period.
    5. When adding these type of team members, you can optionally add a comment in the Reason field about why those team members were added. This reason is visible in the Timeline tab.
    6. Select OK.
      - If any of the selected users or groups are conflicted on the client, a warning message displays. If your role permits, you can proceed to add such users to staffing but they will not have access to content.
      The selected users/groups are added to the client team.
      The users/groups that are added to the client staffing must acknowledge the security memo, if the acknowledge criteria is required for the client.
  3. Add Basic Team Member (and set Access Period)
    1. To add users/groups as Basic Team Members, click Add Members.
    2. Select the check boxes next to the users/groups to select the users/groups. To select all available users/groups, select the uppermost check box on the left, or, if a user/group has already been selected, you can also select Select All n Items, where n represents the number of items available for selection. Alternatively, click the required rows to select the users/groups.
      TIP:
      If you require a set of users/groups to have unlimited access, and another set of users/groups to have a limited access period, you can select one of these sets of users/groups accordingly before adding the users/groups as members in the steps below.
    3. Click View Selected to view the list of users/groups selected to be part of the client team as Basic Team Members. (To deselect the users/groups selected, click Deselect.)
    4. When users/groups are selected, an editable line appears above the user/group list, and which by default states:
      "These users will be added as Team Members with an Unlimited Access Period". To add Basic Team Members:
      1. Click on the editable setting Team Members. A dialog Set the User Type for Selected Users appears.
      2. Select Basic Team Member.
    5. Select the Access Period for the Basic Team Members:
      1. To provide access to the client to the selected users/groups for an unlimited period, leave the editable setting Unlimited Access Period as is.
      2. To restrict the duration of access to a defined period, after which period the access is automatically revoked:
        Click the editable setting Unlimited Access Period. A dialog Set the Access Period for Selected Users appears.
        Select Access Period is Time Limited.
        From the date picker, select the date and time up to which you want to provide access to the users/groups. If you do not specify a time, then the system will default the time to midnight in the time zone of the server.
      NOTE:
      You can also set the access duration limit after you have added a user/group to the client staffing. See Set Access Period.
    6. When adding these type of team members, you can optionally add a comment in the Reason field about why those team members were added. This reason is visible in the Timeline tab.
    7. Select OK.
      - If any of the selected users or groups are conflicted on the client, a warning message displays. If your role permits, you can proceed to add such users to staffing but they will not have access to content.
      The selected users are added. You can view the list of Basic Team Members in the Staffing page. The users that are added to the client as Basic Team Members must acknowledge the security memo, if the acknowledgement criteria is required for the client.
  NOTE:
  You have the option to filter the displayed user list based on User, Type, Job Title, Practice Area, Time Posted Exceeds and/or Document Activity Exceeds.
  The User Activity filters reflect the Activity Feeds in Settings>General. If a self-maintaining rule is in place for the client, the User Activity values when Custom filtering is selected will reflect that of the self-maintaining rule.
2. Responsible Attorney
  The responsible attorney is the role that approves or rejects user matter access requests. If the security policy defined is 'Restricted' and the access request option selected is 'Access requests require approval by the responsible attorney or an administrator', then you must set a responsible attorney for the client. You can set a responsible attorney only from the client team members who have access for unlimited duration and not from other roles.
  1. To set a responsible attorney for matters related to the client, select the check box next to a client team member or click on the required row to select the client team member, then click Set as Responsible Attorney.
    Alternatively,
    Click corresponding to the client team member, then click Set as Responsible Attorney.
    or
    Click > Set Responsible Attorney. The Set Responsible Attorney dialog box appears. You can select a team member from the list.
    The responsible attorney is set for the client.
  NOTE: SUPPORT STAFF
  In addition to the three user types described, there is another user type that can access a client, "Support Staff". Support Staff are firm staff members who are not part of the client team but have other roles to perform. For example, secretarial staff, administrative staff, finance staff, and so on. These users are assistants to one or more "Timekeepers". Timekeepers are Team Members or Basic Team Members. If you have configured Assistants to automatically follow Timekeepers in the Settings page, then an Assistant gets automatically added to the Client staffing as Support Staff and continues to remain on the staffing until at least one Timekeeper to whom they are assistant to remains on the staffing of the client. Support Staff have access to the client content but will not receive any notifications, unless specifically added as recipients. For additional information on the Support Staff role, see Users and Roles. For additional information on Assistants, see Managing assistants.
3. Set, Edit or Unset Access Period
  If a user/group has access to a client with "Team Member" or "Basic Team Member" role, you can restrict their access duration to a defined period, if this was not already done so when the user/group was initially added. You can also modify the access duration of users whose request was time-limited when they were added to the client, or after their auto-approval when the Access Request for the client was set to "Access requests are granted automatically and are time limited".
  1. To edit, set, or unset the Access Period, click > Set Access Period in the row of a user/group.
    Alternatively, if you want to set access duration for more than one user/group at a time, select the check boxes next to the users/groups. To select all available users/groups, select the uppermost check box on the left, or, if a user/group has already been selected, you can also select Select All n Items, where n represents the number of items available for selection. Then click Set Access Period.
    The Set Access Period dialog box appears.
    1. Select the Access Period is Unlimited radio button to remove restrictions on access duration for the selected user(s), that is, to unset the Access Period.
    2. Select the Access Period is Time Limited radio button to restrict access duration for the selected user(s) to a specific date and time in the future. From the date picker, select the date and time up to which you want to provide access to the users/groups. If you do not specify a time, then the system will default the time to midnight in the time zone of the server. If the user(s) selected already had time-limited access and you wish to change the date and time, you can edit the date and time in the date picker as required.
  2. Click OK. The access duration is set for the selected users/groups.
4. Set User Type
  1. To change the user access type of users/groups on client staffing, select the check box next to the client staffing member or click on the row of a client staffing member. To select all available users/groups, select the uppermost check box on the left, or, if a user/group has already been selected, you can also select Select All n Items, where n represents the number of items available for selection. Then click Set User Type.
    Alternatively,
    Click corresponding to the client staffing member, then click Set User Type.
    The Set User Type dialog box appears.
  2. Select one of the two options: Team Member or Basic Team Member.
  3. Click OK. The user type is changed.
  NOTE:
  The support staff member is an assistant and was auto-added to the staffing along with the timekeeper. If you move the support staff member (assistant) to one of these two user types, then the association with the timekeeper is removed and the assistant continues on the client staffing of their own accord. If you then remove the timekeeper from the staffing, the assistant is not removed.
5. Remove a staffing member
  1. To remove a staffing member / group from the client, select the check box next to the staffing member / group or click on the row of a staffing member / group. To select all available users/groups, select the uppermost check box on the left, or, if a user/group has already been selected, you can also select Select All n Items, where n represents the number of items available for selection. Then click Remove Selected.
    Alternatively,
    Select adjoining a staffing member / group, then click Remove.
    NOTE:
    If you are removing a timekeeper from the staffing, all the associated assistants are also removed, unless the assistant is also assisting another timekeeper in the staffing.
  2. If you are removing a user from staffing and:
    1. Client security is Restricted (Not limited to users named under Client staffing) and there are individually secured matters under the client which also have that user on staffing, then a dialog is displayed with option to remove the user from client and matter staffing, or remove the user from client staffing only.
      - Select OK to confirm your selection.
    2. Client security is Restricted (Limited to users named under Client staffing) and there are individually secured matters under the client which also have that user on staffing, then a warning dialog is displayed with options to remove the user from client and matter staffing, or remove the user from client staffing only but adjust client security to "Not limited to users named under Client staffing" type (to enable the user to be retained on matter staffing).
      - Select OK to confirm your selection.
  3. You are then presented with an option to remove the staff member without adding them as a historical user. This option is designed to rectify occurrences when staff members have been incorrectly added to a team, subsequently preventing them from staffing opposing matters that may impact the asset. If you do not want to add the staff member as a historical user, toggle this option off. The staff member will not be considered for team separation. You can add a comment to specify a reason for removal; if a reason is entered, this will be visible in the client timeline.
  4. If an additive self-maintaining rule is in place:
    1. A message displays advising that users removed from staffing will be prevented from re-addition to the team via self-maintaining rules. You can alter this behavior by editing the omitted users list.
    2. Select View omitted users checkbox if you want to edit the omitted users list after closing the dialog box.
    3. Select Yes to proceed.
6. Under Assistant Settings you can enable or disable Ensure Assistants Automatically Follow Their Timekeepers. This setting defines whether automatic access is enabled for assistants when their timekeepers are added to the asset. When enabled, assistants follow their timekeepers on or off the asset, as described in Managing assistants.