Integrations

Each integration uses OAuth 2.0. Triconvey never sees or stores your username or password — you authenticate directly with the provider and we receive a short-lived token that's refreshed automatically.

Where to set this up: inside the app, go to Integrations from the sidebar. Connect requires the can_manage_integrations permission, which Business Owner and Business Administrator roles have by default.

LTSA

Web Filing for Form A / B / C / PTT, LOTR transparency declarations, and title searches.

Read guide

Clio Manage

Pull matters, contacts, and documents from Clio. Read-only sync today; bidirectional planned.

Read guide

How Triconvey stores tokens

OAuth tokens are encrypted with AES-256-GCM using a per-tenant data key wrapped by AWS KMS. The plaintext key never touches disk.
CSRF state for the OAuth handshake is stored in a single-use, expiring database row — replays are rejected.
Access tokens are refreshed automatically before expiry. If a refresh fails (token revoked at the provider, scopes changed), Triconvey clears the stored credential and prompts you to reconnect.
Disconnecting deletes the stored token from Triconvey immediately. Revoking the OAuth grant on the provider's side is a separate step you can do at any time.