Attorney Portal
The Attorney Portal is the attorney-facing interface within The One Legal. Licensed attorneys log in directly at legal.theonestack.com to manage their MSP clients' legal work — handling matters, reviewing contracts, drafting policies, and tracking retainer billing.
Who Uses the Attorney Portal
The Attorney Portal is for:
- Primary attorney — The main attorney of record for your MSP, handling all legal work
- Associate attorneys — Additional attorneys who assist with specific matters or practice areas
- Of counsel — Attorneys engaged on a specific matter or project basis
- Paralegals — Support staff who handle administrative legal tasks under attorney supervision
- Outside counsel — Attorneys who need restricted access to review documents and comment on matters, without full platform access
MSP users (owners, technicians) do not access the Attorney Portal. They access Legal via Hub SSO to TheOnePortal. The Attorney Portal is exclusively for legal professionals.
Attorney Authentication
The Attorney Portal requires TOTP multi-factor authentication for all attorney accounts — this is mandatory and cannot be disabled.
First Login
When your attorney accepts an invitation:
- They click the invite link in the email
- They set a password meeting the requirements: 12+ characters, complexity required
- They are prompted to set up TOTP MFA:
- A QR code is shown (compatible with any TOTP app: Google Authenticator, Authy, 1Password, etc.)
- They scan the QR code and enter the 6-digit verification code to confirm setup
- MFA is now active — required on every subsequent login
Daily Login
- Navigate to
legal.theonestack.com - Enter email and password
- Enter the 6-digit TOTP code from the authenticator app
- Access is granted
Account Security
- Failed attempt lockout: 3 consecutive failed login attempts lock the account for 15 minutes
- Session timeout: Sessions expire after 8 hours of inactivity
- MFA recovery: Contact platform admin if the TOTP device is lost — recovery requires identity verification
Attorney Dashboard
After login, the attorney sees a personalized dashboard:
- Open matters — Matters assigned to them in
openorin_progressstatus - Pending reviews — Contracts submitted for review awaiting their attention
- Unread messages — Unread encrypted conversation messages across all matters
- Retainer summary — Monthly retainer status: hours used vs. included, upcoming billing
- AI briefing — A daily AI-generated summary of their pending workload (generated at 6:00 AM UTC)
Attorney Roles
| Role | Access Level |
|---|---|
admin | Full platform access including team management, billing, and all client data |
partner | Full access to matters, reviews, retainers, templates, and policies |
associate | Can handle assigned matters and reviews; cannot create retainers or publish templates |
of_counsel | Can view and comment on assigned matters and documents; cannot initiate new work |
paralegal | Can draft documents and log hours; cannot publish templates or finalize reviews |
Outside Counsel Access
Outside counsel is a restricted role for attorneys who need to review specific matters or documents without seeing the full MSP client base. This is appropriate for:
- Specialist attorneys engaged for a specific compliance matter
- An attorney providing a second opinion on a contract
- A vendor's counsel reviewing a shared document
Granting Outside Counsel Access
- Navigate to Team in the sidebar
- Click Invite Partner
- Set the role to Of Counsel
- Under Access Restrictions, select:
- Matter-scoped: Restrict access to specific matter IDs
- Document-scoped: Restrict access to specific documents in the vault
- Set an Access Expiration (required for of counsel roles)
- Send the invitation
Outside counsel logs in with the same TOTP MFA flow but sees only the matters and documents explicitly shared with them.
Attorney Features
Matters
- View all matters assigned to their account
- Claim unassigned open matters
- Update matter status
- Log billable hours
- Attach documents
- Communicate via encrypted messages
Contract Reviews
When an MSP submits a contract for review:
- The review appears in the attorney's Reviews queue
- They click Claim to take ownership
- They read the submitted contract (in-browser viewer or downloaded PDF)
- They complete the review by entering:
- Summary: Overall assessment of the contract
- Recommendations: What the MSP should negotiate, flag, or accept
- Risk Level: Low / Medium / High / Critical
- Notes: Detailed notes on specific clauses
- They click Complete Review — the MSP is notified
Policy Templates
Attorneys can create, edit, version, and publish policy templates. See Template Library for full details.
Retainer Management
Attorneys create and manage retainers. They log hours against retainers through the matter hours log. Monthly payouts are processed automatically via Stripe Connect on the 1st of each month.
AI Advisory
Attorneys can generate AI-assisted legal advisory documents:
- Navigate to AI Advisory
- Click New Advisory
- Select the category and describe the legal question
- AI (Claude Sonnet) generates a detailed legal advisory draft
- The attorney reviews, edits, and publishes it
- Published advisories become available to the MSP team
Team Management
Admins can manage the attorney team from the Team page:
- Invite: Send email invitations to new attorneys or staff
- Roles: Change attorney roles at any time
- Access: Restrict outside counsel to specific matters or documents
- Deactivate: Immediately revoke access for a departing team member
When a team member is deactivated:
- Their session is immediately terminated
- Their matters are unassigned and appear in the open queue
- Their messages and work history are preserved
- Their vault access keys are revoked
Analytics (Attorney View)
Attorney-facing analytics include:
- Hours logged per month (vs. included hours by retainer)
- Matters by status and type
- Review volume and turnaround time
- Revenue by month (retainer fees + overage)
- Client breakdown of hours
Navigate to Analytics to see the full dashboard.