iManage On-Premise

To connect Forcepoint DSPM to your iManage server, you will need to gather three key pieces of information:

1. Your Server's URL: The fully qualified domain name of your iManage server (e.g., imanage.mycompany.com).

2. An Application Client ID: A unique ID from your iManage Control Center that identifies the Getvisibility application.

3. A Service Account: A dedicated iManage user account with specific permissions for scanning.

This guide will walk you through the steps for your iManage administrator to find this information and how to use it to configure the connector.

Network Access Requirement

Before you begin, ensure the Forcepoint DSPM server has network access to your on-premise iManage server's API. You may need to configure internal firewall rules to allow this connection.

Prerequisites

Before you begin, ensure you have the following:

• Administrative access to your on-premise iManage Control Center.

• The fully qualified domain name (hostname) of your on-premise iManage server (e.g., imanage.mycompany.com).

• A dedicated iManage service account with a username and password.

Part 1: Obtain Your Client ID (via iManage Control Center UI)

This step must be performed by your internal iManage administrator.

1. Log in to your on-premise iManage server.

2. Click on your username in the upper-right corner and select Control Center.

3. From the side menu, navigate to Applications.

4. Select Desktop Auth Client from the list.

5. Copy the Client ID value. This ID is used to identify the Forcepoint DSPM application to your iManage server. You will need this for Part 2 and Part 4.

Part 2: Get Access Token and Customer ID (via API)

You can use a command-line tool like curl to perform these one-time steps. Replace your.imanage.server.com with your on-premise server's actual hostname in the commands below.

A. Get Access Token

Run the following command in your terminal. Be sure to replace the placeholder values (YOUR_USERNAME, YOUR_PASSWORD, YOUR_CLIENT_ID) with your actual service account credentials and the Client ID from Part 1.

curl -X POST "https://your.imanage.server.com/auth/oauth2/token" \
-d "username=YOUR_USERNAME" \
-d "password=YOUR_PASSWORD" \
-d "grant_type=password" \
-d "client_id=YOUR_CLIENT_ID"

The JSON response will contain your access_token.

B. Get Customer ID

Run the next command, replacing YOUR_ACCESS_TOKEN with the access_token value you received from the previous step.

curl -X GET "https://your.imanage.server.com/api" \
-H "X-Auth-Token: YOUR_ACCESS_TOKEN"

The JSON response will contain your customer_id.

Part 3: Configure iManage Roles & Permissions (via iManage Control Center UI)

This is performed in the iManage Control Center to grant the service account the necessary permissions.

1. Navigate to Control Center > Roles.

2. Create or edit the role assigned to your service account.

3. Grant the following privileges:

   • For Scanning: System Access > Read-only

   • For Tagging: Document > Import / Create

   • For Moving Files: Document > Delete

   • For Revoking Permissions: System Access > Not Read-only

Part 4: Configure the iManage Connector in Forcepoint DSPM

1. In the Forcepoint DSPM, navigate to Administration > Data Sources.

2. Find iManage in the list and click New Scan.

3. Fill in the connector configuration fields:

1. Click Save.

Part 5: Run the Scan

1. Find your newly configured iManage connection in the list.

2. Click the ... (three-dot) menu on the right.

3. Select Start trustee scan to scan permissions (Optional).

4. Once the trustee scan is complete (optional), click the ... menu again and select Start file scan to scan content.

Part 6: View Results

• Permission and access issues can be viewed in Dashboard > Access Governance (if you ran the trustee scan).

• File classification and content results can be viewed in Dashboard > Enterprise Search.