Integrations
The One Legal integrates with several products in The One Stack and external services. This page covers all integration points, data flows, setup steps, and failure behavior.
Hub
Type: Platform foundation Direction: Hub → Legal
| Data | What Flows |
|---|---|
| Authentication | MSP users authenticate to Legal via Hub SSO — no separate login required |
| Organization context | Legal uses the Hub org ID and user roles to scope access |
| Billing entitlements | Hub billing checks whether the org has an active Legal subscription |
| Product navigation | Legal appears in the Hub Bar for all authorized users |
Setup: Automatic when Legal is activated in Hub. No configuration required.
If broken: If Hub SSO fails, MSP users cannot access Legal. Check Hub status at status.theonestack.com. Attorneys with direct accounts can still log in at legal.theonestack.com.
CRM
Type: Client data and compliance sync Direction: Bidirectional
| Data | Direction | Details |
|---|---|---|
| Organization list | CRM → Legal | Client orgs available in policy assignment wizard |
| Contact list | CRM → Legal | Contacts available for e-signature assignment |
| Compliance score | Legal → CRM | Policy compliance % shown on CRM company record |
| Signed policies | Legal → CRM | Policy list visible on CRM company Legal tab |
| Matter activities | Legal → CRM | Matter-open events logged as CRM activities |
Setup: Automatic when both products are active. Verify at CRM → any company record → Legal tab.
If broken:
- Client organizations may not appear in the Legal policy wizard
- Compliance scores will not update in CRM
- To diagnose: check that
CRM_INTEGRATION_KEYis set on the Legal API (contact support)
PSA
Type: Ticket-to-matter workflow Direction: Bidirectional
| Data | Direction | Details |
|---|---|---|
| Matter creation | PSA → Legal | Open a matter from a ticket with pre-filled context |
| Contract review | PSA → Legal | Submit a contract for attorney review from a ticket |
| Template browsing | PSA → Legal (read) | Browse published templates from PSA sidebar |
| Matter link | Legal → PSA | Matters with type incident can link to a PSA ticket |
Setup: Automatic when both products are active. Verify at PSA → any ticket → right sidebar → Legal section.
If broken:
- The Legal sidebar section may not appear in PSA tickets
- Matter creation from PSA will fail
- To diagnose: check that
PSA_INTEGRATION_KEYis set on the Legal API
People
Type: HR document attachment Direction: Legal → People (primarily)
| Data | Direction | Details |
|---|---|---|
| Signed employment agreements | Legal → People | Automatically appear on the employee's Documents tab |
| Signed NDAs | Legal → People | Automatically appear on the employee's Documents tab |
| Employee contact list | People → Legal | Employees available for policy assignment when contact records exist |
Setup: Automatic when both products are active. Verify at People → any employee → Documents tab.
If broken:
- Signed employment agreements will not appear automatically in People
- HR team will need to manually track legal document status
- To diagnose: check that the People integration key is configured on the Legal API
Security (The One Defend / Security)
Type: Legal hold and compliance sync Direction: Bidirectional
| Data | Direction | Details |
|---|---|---|
| Legal hold placement | Security → Legal | Security requests a legal hold during incident investigation |
| Hold status | Legal → Security | Security can query whether a hold is active for specific data |
| Compliance status | Legal → Security | Security can query client compliance scores |
Setup: Requires security integration key configuration. Contact support.
If broken:
- Legal hold requests from Security will not reach Legal
- Security incidents with legal implications may not be flagged appropriately
- Compliance status shown in Security may become stale
TheOnePortal
Type: Client-facing policy acknowledgement Direction: Legal → Portal (push notifications and documents)
| Data | Direction | Details |
|---|---|---|
| Policy documents | Legal → Portal | Policies in client_review status appear for signing |
| Signing completion | Portal → Legal | Acknowledgement data (name, IP, timestamp) returned to Legal |
| Notifications | Legal → Portal | Clients notified when new policies require their attention |
Setup: Automatic when both products are active and clients are accessing TheOnePortal.
If broken:
- Clients will not see policies in TheOnePortal to sign
- Policies will remain in
client_reviewstatus indefinitely - To diagnose: verify
PORTAL_SSO_SECRETis configured on the Legal API; verify clients can access TheOnePortal
Azure SignalR
Type: Real-time encrypted conversation delivery Direction: Server → browser push
| Data | What Flows |
|---|---|
| New messages | Encrypted ciphertext pushed to all connected clients in the conversation |
Setup: Automatic via SIGNALR_CONNECTION_STRING environment variable. No user configuration required.
If broken:
- Matter conversations still work but require page refresh to see new messages
- Real-time delivery is degraded to polling behavior
- Contact support if SignalR connectivity is persistently failing
Azure Key Vault
Type: Document encryption key storage Direction: Internal (not user-facing)
What it does: All document and conversation encryption keys (DEKs) are stored exclusively in Azure Key Vault. No DEKs are stored in the database.
If broken:
- Existing documents cannot be decrypted and will appear inaccessible
- New documents cannot be encrypted and uploads will fail
- This is a critical dependency — Azure Key Vault availability is required for all vault operations
Stripe Connect
Type: Attorney payout processing Direction: Legal → Stripe → Attorney bank account
| Data | What Flows |
|---|---|
| Monthly payout amount | Legal → Stripe |
| Payout status | Stripe → Legal |
Setup: Your attorney configures their Stripe Connect account. Contact your attorney to complete Stripe onboarding if payouts are failing.
If broken:
- Monthly payouts to attorneys will fail
- Retry logic is automatic — up to 3 retries on payout failure
- Both the attorney and MSP owner are notified on payout failure
The One Bus
Type: Platform event bus Direction: Legal → Bus (emit only)
Legal emits the following events to the platform event bus:
| Event | Trigger |
|---|---|
legal.matter.created | New matter submitted |
legal.matter.closed | Matter moved to closed status |
legal.policy.published | Policy reaches published/signed status |
legal.review.completed | Contract review completed by attorney |
These events are consumed by other products (e.g., PSA can react to legal.matter.created to link a ticket).
If broken: Events will not be emitted. Other products relying on these events may be out of sync. Check event bus health at Hub → Status.