Configuring iManage Cloud module

iManage Cloud (hosted and managed on iManage’s cloud) is a leading cloud platform for intelligent document and email management, essential for professional services and Government data. It centralizes organization, enhances security, and streamlines collaboration on critical work products, boosting productivity and ensuring governance. 

For more details, refer to the official "iManage documentation"

By default, HYCU provisions dedicated HYCU-managed OAuth 2.0 pre-approved clients for iManage tenant types (Prod or Trial). These are available as "OAuth 2.0 Cloud Accounts," which significantly streamlines iManage deployment and protection.

1. Before you Start

Users managing service accounts and the HYCU application in iManage Control Center must be assigned the “Global Management” role, encompassing "App Management" and "User Management" privileges. For details, see the iManage "Global privilege descriptions" documentation.

The provisioned service account in the iManage Control Center must be a "Backup and Restore" type Service Account. This account is required to add iManage Cloud as a SaaS module in HYCU R-Cloud.

HYCU's access to the iManage v2 API is via a registered HYCU application. However, its access is unaffected by HYCU application security settings because it leverages a Backup and Restore Service Account. As a system-level account, it operates outside app-level restrictions.

2. Configuring iManage Cloud

In the following example, the signed-in user “Bella Gibson” (bella.gibson@demohycu.com) with the “Global Management” role will register HYCU R-Cloud as an application. Furthermore, this user is part of the “NRTADMIN” group also called an iManage system administrator. This group includes the most complete access to all features.

2.1 Signed-In User: Verifying Global Management Role

This step is critical, as only users with "Global Admin" roles can see the "Applications" section in the navigation menu and register the HYCU application. There are multiple approaches to managing user privileges, and this is beyond the scope of this documentation. For details, refer to the iManage “Roles" documentation.

Sign in to the “iManage Work” web interface and navigate to the “iManage Control Center” web interface.

Next, navigate to “ACCESS → Roles” in the navigational menu on the left-hand side of the interface.

Next, on the “Roles” interface, switch to "Global Management" roles if you are currently in the "Library-Level Management" role context.

Next, within the "Global Management Roles" context, click the "DETAILS" tab. You will then see that this role has ‘App Management’ and ‘User Management‘ privileges.

Within the "Global Management Roles" context, validate user group membership. Upon clicking the "USERS" tab, you will observe that "Bella Gibson" is an "Admin" role member. Although this step is not mandatory for HYCU's backup and restore functionalities, it is necessary given this user's responsibility for managing library content.

2.2 Signed-In User: Verifying Library Management Role

As discussed, to manage all data across all iManage Work Libraries, the user "Bella Gibson" must be part of the "NRTADMIN" group in each individual library. The procedural steps are similar to "2.1 Signed-In User: Verifying Global Management Role", with the key difference being that the group (not role) membership needs to be identified within the Library Management context.

Sign in to the “iManage Work” web interface and navigate to the “iManage Control Center” web interface.

Next, navigate to “ACCESS → Users” in the navigational menu on the left-hand side of the interface.

Next, on the “Users interface”, switch to “Library-Level Management” from “Global Management”.

Next, in the “Library-Level Management” check the user group membership. Click on the “user”, and a new page will appear. Click on the “Groups” tab. The user “Bella Gibson” is a member of a Global Admin Group named “NRTADMIN”.

2.3 Creating a Service Account

If you do not have a service account created, follow these steps. For details, refer to the iManage documentation: "Create a service account."

In iManage Control Center, browse to “Access→ Service Accounts”. At the top of the page, select “+ Create Service Account”.

Next, in the “Create Service Account” page, enter service account details as described in the following table. Click “Create account and generate auth key” tab. The service account is created, and a confirmation dialog is displayed.

The service account is created, and a confirmation dialog is displayed. The sign-in credentials (email address and auth key) for the service account are shown on the confirmation page. You can copy these values by selecting the associated “Copy” button. Click “Close” after copying the key.

Note: You should copy and save the key for use when signing in. If you lose the key, you'll need to reset it by "Reset the authorization key".

2.4 Adding the HYCU Application

iManage Cloud authorizes HYCU R-Cloud to integrate with iManage as an application (app). This authorization grants HYCU R-Cloud access to iManage data via the OAuth 2.0 API using a Client ID and Secret.

Procedure

Navigate to “SETTINGS → Application” in the navigational menu on the left-hand side of the interface and select “+Add Application”.

The “Add Application” page opens and displays the list of applications available for you to add. Search for “HYCU” application using the Search for Application field at the top of the dialog Select the “HYCU” application to add, then select “Authentication” to configure the OAuth settings for API access.

Note: The available HYCU application type is determined by the HYCU tenant type.

Next, on the "Add Application" page, update the authentication fields and click “Access”.

Next, on the “Add Application” page, select "Custom Allow access to" to configure access for the user “Bella Gibson”. Click “Review”.

Note: Since 'Bella Gibson' is the iManage Library Admin, it is always a good practice to follow the least privilege policy.

Next, on the "Add Application" page, review the configuration and click “Finish”. This will register the HYCU application in iManage Control Center.

Note ?: You do not need to retrieve the Client ID and Client Secret for HYCU's authorization. Since HYCU uses an inbuilt HYCU-managed application for accessing the registered HYCU Application in iManage, the Client ID and Secret information is handled by the Cloud Account. The only key factor is selecting the correct OAuth Type Cloud Account (Prod or Trial).

3. Adding iManage as an R-Cloud module in HYCU R-Cloud

Let’s cover the procedure for adding iManage as a Source.

Login to HYCU R-Cloud, click on the “Settings” in the top-right corner of the screen. Click on the “Sources” tab.

Next, in the Sources dialog box, select the “SAAS” page and click “New”.

Next, on the “Sources → New” page, enter the following information, and click “Save”.

The R-Cloud module has been added to the list of SaaS sources. The status of the added source should be green (✅). Click “Close.” All protected Libraries (Databases) are discovered and available as separate SaaS applications in HYCU.

Keep in mind that Configuring Data Movers for iManage is not an optional step. Please enable “Data Movers” under Backup Option.

WARNING ⚠️: Using production application credentials to protect an iManage sandbox(trial) instance can lead to the following error: 'Error code: 500 Message: aiohttp.client_exceptions.ClientResponseError: 400, message='Bad Request', url='https://cloudimanage.com/auth/oauth2/token'.' This indicates that the registered HYCU application and the application credentials used do not belong to the same iManage tenant types. Always ensure you are using the correct application credentials, service account username, and auth key.

4. Points to Remember

4.1 iManage Cloud Key Terminologies

4.2 iManage Cloud data hierarchical structure