One of the methods for Administrators and end users to login to Mimecast is Password Authentication. A user will identify themselves by their primary email address and use a password that Mimecast will use to verify the identity of the user requesting access to the system.
All password authentication systems require a source of truth where the user’s identity is maintained along with their current password. Mimecast supports a number of different authentication sources and provides various ways to establish communication to each.
Cloud Passwords are securely stored and maintained in your Mimecast account. Although an additional Mimecast specific password needs to be remembered, this authentication source provides the following benefits:
- No additional infrastructure or configuration is required.
- Simple to manage and maintain, passwords can be set on bulk using a spreadsheet import and / or set individually in the Administration console.
- Password complexity and expiry policies can be enforced.
- Administrators are always able to access Mimecast regardless of the availability of the company infrastructure.
This authentication source uses the company domain to verify the identity of a requesting user. This provides the following benefits:
- Administrators and end users use their primary email address and familiar domain password to login to Mimecast.
- All password complexity and expiry policies are maintained in the company directory, reducing the administrative overhead of this process.
In order to achieve this Mimecast must have a way to contact the company directory to verify that the password provided by the user is valid for the requesting primary email address. The following options are available:
This method uses Basic Authentication over HTTPS to the default Office 365 Exchange Web Services endpoint. Access is granted based on the response received from this request.
LDAP Directory Connector
Using the same inbound LDAP(S) connection used for a LDAP(S) Directory Sync, Mimecast contacts either an on-premises Active Directory or Domino Directory server for each login attempt. Access is granted based on the response received from this request.
Active Directory Federation Services (AD FS)
This method uses a HTTPS connection with a copy of the AD FS Token Signing Certificate to contact the AD FS usernamemixed endpoint. Access is granted based on the response received from this request.
Exchange Web Services (EWS)
This method uses Basic Authentication over HTTPS to an Administrator defined Exchange Web Services endpoint. Access is granted based on the response received from this request.