Password Authentication

Document created by user.oxriBaJeN4 Employee on Sep 7, 2015Last modified by user.oxriBaJeN4 Employee on Dec 29, 2015
Version 2Show Document
  • View in full screen mode

One of the methods for Administrators and end users to login to Mimecast is Password Authentication. A user will identify themselves by their primary email address and use a password that Mimecast will use to verify the identity of the user requesting access to the system.

 

All password authentication systems require a source of truth where the user’s identity is maintained along with their current password. Mimecast supports a number of different authentication sources and provides various ways to establish communication to each.

 

Cloud

Cloud Passwords are securely stored and maintained in your Mimecast account. Although an additional Mimecast specific password needs to be remembered, this authentication source provides the following benefits:

 

  • No additional infrastructure or configuration is required.
  • Simple to manage and maintain, passwords can be set on bulk using a spreadsheet import and / or set individually in the Administration console.
  • Password complexity and expiry policies can be enforced.
  • Administrators are always able to access Mimecast regardless of the availability of the company infrastructure.

 

Enable Mimecast Cloud Authentication

 

Domain

This authentication source uses the company domain to verify the identity of a requesting user. This provides the following benefits:

 

  • Administrators and end users use their primary email address and familiar domain password to login to Mimecast.
  • All password complexity and expiry policies are maintained in the company directory, reducing the administrative overhead of this process.

 

In order to achieve this Mimecast must have a way to contact the company directory to verify that the password provided by the user is valid for the requesting primary email address. The following options are available:

 

Office 365

This method uses Basic Authentication over HTTPS to the default Office 365 Exchange Web Services endpoint. Access is granted based on the response received from this request.

 

Enabling Office 365 Domain Authentication

 

LDAP Directory Connector

Using the same inbound LDAP(S) connection used for a LDAP(S) Directory Sync, Mimecast contacts either an on-premises Active Directory or Domino Directory server for each login attempt. Access is granted based on the response received from this request.

 

Enable Directory Connector Domain Authentication

 

 

Active Directory Federation Services (AD FS)

This method uses a HTTPS connection with a copy of the AD FS Token Signing Certificate to contact the AD FS usernamemixed endpoint. Access is granted based on the response received from this request.

 

Enable Domain Password Authentication using AD FS

 

 

Exchange Web Services (EWS)

This method uses Basic Authentication over HTTPS to an Administrator defined Exchange Web Services endpoint. Access is granted based on the response received from this request.

 

Enable EWS Domain Authentication

Attachments

    Outcomes