An Authentication Profile allows you to define the methods that users in your organization can use to authenticate with Mimecast applications.
Benefits of the profile model
- Multiple authentication methods can be made available for users in a single profile.
- Profiles are applied to groups lowering the administrative overhead of maintaining settings on a per user basis.
- Permitted IP Range settings are also applied at the group level, allowing different settings for different users.
How an Authentication Profile is applied
An Authentication Profile is referenced by a Mimecast Application Setting which is in turn applied to a group of users. This configuration is made in the Administration Console.
An Application Setting defines which Mimecast applications users can access and the features that can be used within each application.
In the situation where you want to provide different levels of access to applications and / or specific application features, you should define this using different Application Settings.
Within each Application Setting you can reference the same Authentication Profile.
This helps to maintain a consistent, easy to manage authentication experience while allowing the flexibility in defining what applications and features different users can access.
The Default Authentication Profile
Every Mimecast service contains a Default Authentication Profile. By default this is referenced by the Default Application Settings. These defaults are applied when a user connects to Mimecast and is not part of a group referenced by a specific Application Setting.
The defaults can be used to apply the same settings to all users in your organization. However a more secure approach is to define your organization's most restrictive settings in this profile and create new profiles that can be applied to groups as they are referenced in new Application Settings.
To learn about the different Authentication Options available and how to enable them, see the Authentication Options page.