In addition to importing client group definitions, you can manually register client group definitions using the iManage Security Policy Manager administration console.

Overview and business rules

You can manually register client group definitions using the iManage Security Policy Manager administration user interface. A client group includes clients that have certain commonality. For example, subsidiary firms can be grouped under one client group, clients being handled by a specific set of users can be grouped under one client group, and so on.

However, there are certain business rules that govern the clients that are brought under a client group:

  • Clients that you can add under a client group have to conform to the following rules:
    • Only open clients can be added to an open client group.
    • Both restricted and open clients can be added under a restricted client group. In such a case, the security policy of clients will be Restricted and the open matters under the open client changes to 'restricted by client'.
  • A client can be part of only one client group. A client that is grouped doesn't appear on the client dashboard.
  • A client need not be grouped at all and can remain independent of any client groups. Likewise, a client group may not have any clients under it. 
  • After a client is included in a client group, client-level settings are disabled. The details added at the client group level automatically apply to the clients. 
    • When a client is added to a client group, the client staffing is reset to reflect client group staffing. 
    • A user in conflict at client level within the client group, automatically becomes conflicted at the client group level. 
    • An opposing team set at the client level within the client group, automatically becomes opposing at the client group level. 
  • All the underlying matters within the clients in the client group automatically become part of the client group. 
  • When you remove a client from a client group, the client group-level settings continue to exist for the client. For example, client group staffing becomes the client staffing, client group security policy becomes the client security policy, client group administrator (of a given type) becomes the client administrator (of that type), and so on.
  • Client group Holds are applied to any clients added to the client group. Note that:
    • If a client is under a hold that the client group is not under, that client cannot be added to the client group.
    • Holds applied as a result of a client being added to a client group, remain on the client, if that client is removed from the client group.
    • Matters under matter-level holds, and/or their parent assets, can be added to client groups. In such case, the client group hold is also applied to the matter.
      • Holds applied as a result of a matter being added to a client group, remain on the matter, if that matter's parent asset is removed from the client group.

Creating the new client group

  1. On the Home page, select View Client Groups
    Alternatively
    Select Clients in the left navigation page.
    The Clients dashboard opens. 

  2. On the Clients dashboard, select  > Add Client Group. 
    The Add Client Group page opens. 
    There are two steps in the wizard to add a client group:
    1. General Details
    2. Security

  3. In the General Details pane,
    1. Client Group ID is a mandatory field. If this isn't displayed, it indicates that a Client Group ID has been automatically generated and isn't editable by users. (For details about the corresponding setting, refer to ID generation.) If Client Group ID has a tooltip icon  beside it, this means that you can optionally specify the Client Group ID; if it is left blank, an ID will be automatically generated.
      Otherwise, enter a unique identifier for the client group in Client Group ID. A manually-entered Client Group ID can be any combination of numbers, letters and/or special characters. The maximum length is 32 characters.
    2. Enter the name in the Client Group Name field. This is a mandatory field.
      NOTE: The length  limit for the Client Group Name field is 255 characters.

    3. Enter any desired description for the client in the Notes field. This is NOT a mandatory field. 

      NOTE:

      If the Work URL Templates setting is configured under the Settings page, then in the Notes field, the icon is displayed.

      1. Select.
      2. In the Add Work Link dialog, select one of the options provided:
        • Paste Work Link: You can add a different work document/folder url to the one configured in the Settings page. You can test the link by ing Test Work Link.
        • Select Document by ID and Version: You can add the document ID and version. In this option, the URL configured in the Settings page is considered. For iManage Work at cloudimanage.com, this would be in the form: https://cloudimanage.com/work/link/d/{{DATABASE}}!{{DOCUMENT_ID}}.{{DOCUMENT_VERSION}}
        • Select Folder ID: You can add the folder Id. In this option, the URL configured in the Settings page is considered. For iManage Work at cloudimanage.com, this would be in the form: https://cloudimanage.com/work/link/f/{{DATABASE}}!{{FOLDER_ID}}
      3. Enter the relevant details based on your selection.

      Enter a brief and relevant text that provides a context to the content in the link in the Link Text field and then select Add Link.

    4. Your name appears as the default administrator for the client group in the Client Group Administrator field. You can add more administrators to the client group. You can add users as well as user groups as ‌administrators. Your role defines which types of administrators you can add.

    5. Select Add.

      NOTE:

      You have the option to filter the displayed user list based on user, type, job title, and/or practice area.

    6. In the Add Administrators dialog, select the row of a user or select the check box next to a user. You can select more than one user at a time. To select all available users, select the uppermost check box on the left, or, if a user has already been selected, you can also select Select All n Items, where n represents the number of items available for selection. Then, select OK to choose a user(s) to be the administrator(s) for the client group. This is NOT a mandatory field. A client group administrator can update client group-level details as well as delete the client group. 

      NOTE:

      You may choose to not assign any user as an administrator for the client group:
      Select the row of the administrator or select the check box next to the administrator. Then, select Remove Selected. You are then presented with an option to specify the reason for removal; if a reason is entered, this will be visible in the Viewing Historical Changes.
      Alternatively,
      Select x on the row of the client group administrator to remove them from the role. You are then presented with an option to specify the reason for removal; if a reason is entered, this will be visible in the Viewing Historical Changes.

      If you don't add any client group specific administrator for the client group, then any user with 'Client and matter administrator' role administers this client group.

      When an item is selected, a line displays above the list stating "These users will be added as Administrator". Select Administrator to choose the administrator type.
      Select Administrator, Conflicts Administrator or Staffing Administrator, and then select OK.

    7. Select Next.
  4. In the Security pane, select one of the following security policies for the client group.

    • Open - Access to matters for this client group is open by default. Matters under the client group can be individually secured to ensure access to authorized users only.

    • Restricted - Access to matters for this client group is only available to authorized users. Authorized users are named in the client group staffing team unless the matter is individually secured. Matter team restrictions can be made more restrictive than the client group staffing team or less restrictive. Select this behavior through one of the following options.
      • Check box checked, making the following statement true: The staffing of Matters that are changed to restricted is limited to users named under Client Group staffing.
      • Check box not checked, making the following statement false: The staffing of Matters that are changed to restricted is limited to users named under Client Group staffing.
  5. Select Finish to complete the client group addition process. The Clients dashboard appears and you can view the client group you added in the dashboard. Refer to Viewing Client Group Dashboard.

Add clients to the client group

  1. Select Clients in the left navigation page. The Clients dashboard appears. 

  2. On the Clients dashboard, select the required client group. The client group opens on the Matters tab.

  3. Select the Clients tab.
  4. In the Clients pane, you can add clients under the group. 

    1. Select Add Clients.
      The Add Clients to Group dialog opens. The list of all clients is displayed. 

      NOTE:

      If the client group security policy is 'open', then only clients with 'open' security policy and aren't part of any other client group, are displayed.

      If the client group security policy is 'restricted', then all the clients that aren't part of any other client group are displayed.

    2. Select the clients you want to add, by:
      1. Using a semicolon-separated list of clients to filter the client list, and then bulk-add the filtered clients. For more information about how to do this, refer to Filters.
        Or
      2. Manually selecting the checkboxes next to the clients or selecting the row of the clients to select the clients to be added into the client group. To select all available clients, select the uppermost check box on the left, or, if a client has already been selected, you can also select Select All n Items, where n represents the number of items available for selection.

    3. Select OK. The clients are added to the client group.

      NOTE:

      All the users in conflict with the clients that are added to the group, are by default conflicted at the client group level too.

Add security instructions (memo) for client group staffing

  1. You can configure instructions for the staff members who have access to the client group, in the Client Group Security Memo field. There are different memo types for different scenarios.

    For detailed information on how to use and the configure security memos and scheduled awareness reminders available in this field, refer to Client Group Security Memo section in Updating Security Policy.

    NOTE:

    For text (not email) Security Memos, if the Work URL Templates setting is configured under the Settings page, then in the Memo field, the icon is displayed.

    1. Select
    2. In the Add Work Link dialog, select one of the options provided:
      • Paste Work Link: You can add a different work document/folder url to the one configured in the Settings page. You can test the link by selecting Test Work Link.
      • Select Document by ID and Version: You can add the document ID and version. In this option, the URL configured in the Settings page is considered. For iManage Work at cloudimanage.com, this would be in the form: https://cloudimanage.com/work/link/d/{{DATABASE}}!{{DOCUMENT_ID}}.{{DOCUMENT_VERSION}}
      • Select Folder ID: You can add the folder ID. In this option, the URL configured in the Settings page is considered. For iManage Work at cloudimanage.com, this would be in the form: https://cloudimanage.com/work/link/f/{{DATABASE}}!{{FOLDER_ID}}
    3. Enter the relevant details based on your selection.
    4. Enter a brief and relevant text that provides ‌context to the content in the link in the Link Text text box and then select Add Link.

  2. There is also a checkbox to Automatically send the Security Memo to new staff. If this is selected, any new staff added to the client group will receive the memo. If this checkbox is selected, then it is mandatory to enter text in the Memo text box. Select Save to apply changes.

  3. If the Automatically send the Security Memo to new staff check box is selected, a further check box is also displayed: Security memo must be acknowledged before access is granted. Check this if you want to ensure that users acknowledge the security memo in User Console before they are given access to content in policy managed systems such as iManage Work, iManage IRM, Elite, File System etc. Select Save to apply changes.

  4. You can also schedule Awareness Reminders of the Security Memo to help ensure that users are reminded regularly of their obligations with regards need-to-know access. Scheduled Awareness Reminders are not sent by default, but can be sent on a scheduled basis, as follows:
    1. Select the Edit button below 'Scheduled Awareness Reminders'.
    2. A pop-up window, Edit Scheduled Awareness Reminder displays. Select the Frequency of Review drop-down list.
    3. Choose the frequency that you'd like the reminder to be sent, from the following options: Never, One Week, One Month, Three Months, Six Months, One Year, or Custom.
      1. If your selection is Never, One Week, One Month, Three Months, Six Months, or One Year, the Due Date of the next Awareness Reminder that'll be sent is displayed in accordance with your selection. Select Save.
      2. If your selection is Custom, there are some additional options to configure, as follows:
        1. Select the Select Time Period dropdown first. The options available are: Days, Weeks, Months, or Years.
        2. Select in the Custom Period text box and enter the number of Time Periods (that is, the number of Days, Weeks, Months, or Years according to your selection in 1. above) between which you wish to send the Awareness Reminders.
          (For example, if you wish to send reminders every 3 months, you'd choose Months from the Select Time Period, and the enter the number '3' in the Customer Period text box.)
        3. Per the time period you have set, the Due Date of the next Awareness Reminder that'll be sent is displayed.
        4. Select Save.

    4. The Scheduled Awareness Reminders field now displays text of type: "The Security Memo will be sent once every 3 months".

      NOTE:

      You can edit the Scheduled Awareness Reminder, or send a One-Off Awareness Reminder to all client group staffing, as and when required.

      For further information on how to do this, refer to Updating Security Policy.

Add client group staffing

  1. Select Clients in the left navigation page. The Clients dashboard appears. 

  2. On the Clients dashboard, select the required client group. The client group opens at the matters tab.

  3. Select the Staffing tab.

  4. In the Staffing pane, you can add the client group team members and basic team members, set the responsible attorney, and define assistant settings for the client group. When adding staffing of any type, you can optionally add a comment in the Reason field about why those members were added. This reason is subsequently visible in the Timeline tab.

    Staffing Pane Conventions

    The interface allows you four ways to perform an action in this pane. You may choose to use any of these ways based on your convenience, while adding, removing, transferring users, and setting / unsetting responsible attorney.

    For example,

    Select the check box next to a Team Member, then select Set as Responsible Attorney.

    Select the required row to select the Team Member, then select Set as Responsible Attorney.

    Select the icon corresponding to the Team Member, then select Set as Responsible Attorney.

    Select the icon to Add Members, then select Set Responsible Attorney. The Set Responsible Attorney dialog opens. You can select a user from the list.

    1. Add Members
      1. Types of Member
        1. Team Member
          Team Member implies the list of users (legal representatives) who could be part of the teams working on underlying matters. Team Members can access client content, receive notifications and approve user access requests.
          Client group teams are defined when adding client groups as well as during updates to the client groups. The users are part of the staff of the firm. The security policy defined for the client group, and subsequently for the underlying matters, establishes whether the client group team forms a part of the matter team. If an underlying matter is secured at the client level, then the client team becomes the matter team.
        2. Basic Team Member
          A Basic Team Member can perform all the tasks designated for a Team Member, except approving access requests—basic team members do not receive access request notifications.
      2. Add Team Member (and set Access Period)
        1. To add users/groups to the client group team individually, select Add Members.

        2. Select the checkboxes next to the users/groups to select the users/groups. To select all available users/groups, select the uppermost check box on the left, or, if a user/group has already been selected, you can also select Select All n Items, where n represents the number of items available for selection. Alternatively, select the required rows to select the users/groups.

          TIP:

          If you require a set of users/groups to have unlimited access, and another set of users/groups to have a limited access period, you can select one of these sets of users/groups accordingly before adding the users/groups as members in the steps below.

        3. Select View Selected to view the list of users/groups selected to be part of the client group team as Team Members. (To deselect the users/groups selected, choose Deselect.)
        4. When users/groups are selected, an editable line appears above the user/group list, and which by default states:
          "These users will be added as Team Members with an Unlimited Access Period". To add Team Members, leave the editable setting Team Members as is.
          1. To provide access to the client group to the selected users/groups for an unlimited period, leave the editable setting Unlimited Access Period as is.
          2. To restrict the duration of access to a defined period, after which period the access is automatically revoked:
            1. Select the editable setting Unlimited Access Period. A dialog box Set the Access Period for Selected Users appears.
            2. Select Access Period is Time Limited.
            3. From the date picker, select the date and time up to which you want to provide access to the users/groups. If you don't specify a time, then the system will default the time to midnight in the time zone of the server.

          NOTE:

          You can also set the access duration limit after you have added a user/group to the client group staffing. Refer to Set, Edit, or Unset Access Period.

        5. When adding these type of team members, you can optionally add a comment in the Reason field about why those team members were added. This reason is visible in the Timeline tab.

        6. Select OK.

          • If any of the selected users or groups are conflicted on the client group or any of its clients, a warning message displays. If your role permits, you can proceed to add such users to staffing, but they won't have access to content.

          The selected users/groups are added to the client group team. The users/groups that are added to the client group staffing must acknowledge the security memo, if the acknowledge criteria is required for the client group.

      3. Add Basic Team Member (and set Access Period)

        1. To add users/groups as Basic Team Members, select Add Members.

        2. Select the checkboxes next to the users/groups to select the users. To select all available users/groups, select the uppermost check box on the left, or, if a user/group has already been selected, you can also select Select All n Items, where n represents the number of items available for selection. Alternatively, select the required rows to select the users/groups.

          TIP:

          If you require a set of users/groups to have unlimited access, and another set of users/groups to have a limited access period, you can select one of these sets of users/groups accordingly before adding the users/groups as members in the steps below.

        3. Select View Selected to view the list of users/groups selected to be part of the client group team as Basic Team Members. (To deselect the users/groups selected, choose Deselect.)
        4. When users/groups are selected, an editable line appears above the user/group list, and which by default states:
          "These users will be added as Team Members with an Unlimited Access Period". To add Basic Team Members:
          1. Select the editable setting Team Members. A dialog box Set the User Type for Selected Users appears.
          2. Select Basic Team Member.
        5. Select the Access Period for the Basic Team Members:
          1. To provide access to the client group to the selected users/groups for an unlimited period, leave the editable setting Unlimited Access Period as is.
          2. To restrict the duration of access to a defined period, after which period the access is automatically revoked:
            1. Select the editable setting Unlimited Access Period
            2. In the Set the Access Period for Selected Users dialog, select Access Period is Time Limited.
            3. From the date picker, select the date and time up to which you want to provide access to the users/groups. If you don't specify a time, then the system will default the time to midnight in the time zone of the server.

          NOTE:

          You can also set the access duration limit after you have added a user/group to the client group staffing. Refer to Set, Edit, or Unset Access Period.

        6. When adding these type of team members, you can optionally add a comment in the Reason field about why those team members were added. This reason is visible in the Timeline tab.

        7. Select OK.

          • If any of the selected users or groups are conflicted on the client group or any of its clients—for example, listed as excluded users, a warning message displays. If your role permits, you can proceed to add such users to staffing but they won't have access to content.

          The selected users are added. You can view the list of Basic Team Members on the Staffing page. Users that are added to the client group as Basic Team Members must acknowledge the security memo, if the acknowledgement criteria is required for the client group.

      NOTE:

      You have the option to filter the displayed user list based on User, Type, Job Title, Practice Area, Time Posted Exceeds and/or Document Activity Exceeds.

      The User Activity filters reflect the Activity Feeds in Settings > General. If a self-maintaining rule is in place for the matter, the User Activity values when Custom filtering is selected will reflect that of the self-maintaining rule.

    2. Responsible Attorney

      The responsible attorney is the role that approves or rejects user matter access requests. If the security policy defined is 'Restricted' and the access request option selected is 'Access requests require approval by the responsible attorney', then you must set a responsible attorney for the client group. You can set a responsible attorney only from the client group team members who have access for unlimited duration and not from other roles.

      1. To set a responsible attorney for matters related to the client group, select the check box next to a client group team member or select the required row to select the client group team member, then select Set as Responsible Attorney.

        Alternatively,
        Select corresponding to the client group team member, then select Set as Responsible Attorney.

        or
        Select  > Set Responsible Attorney. The Add a Responsible Attorney dialog box appears. You can select a team member from the list. 
        The responsible attorney is set for the client group.

      NOTE: SUPPORT STAFF

      In addition to the three user types described, there's another user type that can access a client group, "Support Staff". Support Staff are firm staff members who aren't part of the client group team but have other roles to perform. For example, secretarial staff, administrative staff, finance staff, and so on. These users are assistants to one or more "Timekeepers". Timekeepers are Team Members or Basic Team Members. If you have configured Assistants to automatically follow Timekeepers in the Settings page, then a Assistant gets automatically added to the Client Group staffing as Support Staff and continues to remain on the staffing till at least one Timekeeper to whom they're assistant to remains on the staffing of the client group. Support Staff will have access to the client group content but won't receive any notifications (unless added as additional users to notification events). For additional information on the Support Staff role, refer to Users and Roles. For additional information on Assistants, refer to Managing Assistants.

    3. Set, Edit or Unset Access Period
      If a user/group has access to a client group with "Team Member" or "Basic Team Member" role, you can restrict their access duration to a defined period, if this was not already done so when the user/group was initially added. You can also modify the access duration of users whose request was time-limited when they were added to the client group, or after their auto-approval when the Access Request for the client group was set to "Access requests are granted automatically and are time limited".

      1. To edit, set, or unset the Access Period, select  > Set Access Period in the row of a user/group. 
        Alternatively, if you want to set access duration for more than one user/group at a time, select the check boxes next to the users/groups. To select all available users/groups, select the uppermost check box on the left, or, if a user/group has already been selected, you can also select Select All n Items, where n represents the number of items available for selection. Then, select Set Access Period
        The Set Access Period dialog box appears.
        1. Select the Access Period is Unlimited option to remove restrictions on access duration for the selected user(s), that is, to unset the Access Period.
        2. Select the Access Period is Time Limited option to restrict access duration for the selected user(s) to a specific date and time in the future. From the date picker, select the date and time up to which you want to provide access to the users/groups. If you don't specify a time, then the system will default the time to midnight in the time zone of the server. If the user(s) selected already had time-limited access and you wish to change the date and time, you can edit the date and time in the date picker as required.
      2. Select OK. The access duration is set for the selected users/groups.

    4. Set User Type

      1. To change the user access type of users/groups on client group staffing, select the check box next to the client group staffing member or select the row of client group staffing member. To select all available users/groups, select the uppermost check box on the left, or, if a user/group has already been selected, you can also select Select All n Items, where n represents the number of items available for selection. Then, select Set User Type.
        Alternatively,

        Select  corresponding to the client staffing member, then select Set User Type.

      2. In the Set User Type dialog, select one of the two options: Team Member or Basic Team Member

      3. Select OK. The user type is changed. 

        NOTE:

        The support staff member is an assistant and was auto-added to the staffing along with the timekeeper. If you move the support staff member (assistant) to one of these two user types, then the association with the timekeeper is removed and the assistant continues on the client staffing of their own accord. If you then remove the timekeeper from the staffing, the assistant isn't removed.

    5. Remove a staffing member
      1. To remove a staffing member/group from the client group, select the check box next to the staffing member/group or select the row of a staffing member / group. To select all available staffing members/groups, select the uppermost check box on the left, or, if a staffing member/group has already been selected, you can also select Select All n Items, where n represents the number of items available for selection. Then, select Remove Selected.

        Alternatively,
        Select  corresponding to a staffing member / group, then select Remove.

      2. If you're removing a user from staffing and:

        1. Client group security is Restricted (and "The staffing of Matters that are changed to Restricted is limited to users named under Client Group staffing" is set to false) and there are individually secured matters under the client group which also have that user on staffing, then a dialog is displayed with option to remove the user from client group and matter staffing, or remove the user from client group staffing only.
          • Select OK to confirm your selection.
        2. Client group security is Restricted (and "The staffing of Matters that are changed to Restricted is limited to users named under Client Group staffing" is set to true) and there are individually secured matters under the client group which also have that user on staffing, then a warning dialog is displayed with options to remove the user from client group and matter staffing, or remove the user from client group staffing only but adjust client group security to ""The staffing of Matters that are changed to Restricted is limited to users named under Client Group staffing" is set to false" type (to enable the user to be retained on matter staffing).
          • Select OK to confirm your selection.

      3. You are then presented with an option to remove the staff member / group without adding them as a historical user. This option is designed to rectify occurrences when staff members / groups have been incorrectly added to a team, subsequently preventing them from staffing opposing matters that may impact the asset. If you don't want to add the staff member / group as a historical user, toggle this option off. The staff member/group won't be considered for team separation. You can add a comment to specify a reason for removal; if a reason is entered, this will be visible in the Viewing Historical Changes.

      4. If an additive self-maintaining rule is in place:
        1. A message displays advising that users removed from staffing will be prevented from re-addition to the team via self-maintaining rules. You can alter this behavior by editing the omitted users list.
        2. Select View omitted users check box if you want to edit the omitted users list after closing the dialog box.
        3. Select Yes to proceed.

        NOTE:

        If you're removing a timekeeper from the staffing, all the associated assistants are also removed, unless the assistant is also assisting another timekeeper in the staffing.

    6. Under Assistant Settings, you can enable or disable Ensure Assistants Automatically Follow Their Timekeepers. This setting defines whether automatic access is enabled for assistants when their timekeepers are added to the client group. When enabled, assistants follow their timekeepers on or off the client group, as described in Managing Assistants.

Exclude systems from policy

You can exclude specified systems from policy. This feature should be used cautiously with full awareness of security implications. The client group will be 'Open' in the excluded system, regardless of the security policy specified in SPM.  

To exclude a system:

  1. Select Clients in the left navigation page. The Clients dashboard appears. 

  2. On the Clients dashboard, select the required client group. The client group opens at the matters tab.

  3. Select the Security tab.
  4. Under the Excluded Systems panel, select Add Excluded System. The New Excluded System dialog box appears.
  5. In the System Name field, enter the agent system name you want to exclude. As you type the value, the system will suggest the system names based on the string entered. 
  6. In the Reason field, enter the reason for excluding the system.
  7. Select OK. The system is excluded for the current client group.