This guide outlines the methods that administrators can use to secure end user authentication to Mimecast
Why You Should Secure Authentication
Whilst password complexity and expiry rules can help prevent a password from being compromised, there are still ways that passwords can be stolen. Causes range from using the same password on more than one internet account, to more sophisticated phishing and social engineering attacks.
As the impact of a compromised account can be devastating for a business, we offer additional layers of security for our password authentication features. These are:
- IP address filtering
- 2 Step Authentication.
Permitted IP Ranges
We offer granular options to secure all authentication attempts using the source IP address of the connecting user. When this feature is enabled, we only accept authentication attempts from administrator defined IP addresses. All other attempts are blocked.
When permitted IP ranges are enabled, failed login attempts from outside of the defined ranges, won't trigger any account lockout policies maintained by your organization.
It is possible to configure different permitted IP ranges for:
- The administration console: These are configured in the Admin IP Ranges option in your account settings. See the User Access and Permissions section of the Your Mimecast Account Settings page for full details.
- End user applications: These are configured at the authentication profile level, and apply to connection attempts from the following applications:
- Mimecast for Outlook
- Mimecast for Mac
- Mimecast Mobile
- Any custom application consuming the Mimecast API.
See the Configuring a 2-Step Authentication Profile page for full details.
- Gateway connections via SMTP or POP. These are configured at the Authentication Profile level. See the Configuring a 2-Step Authentication Profile page for full details.
2-step authentication is an additional layer of security for password authentication. It requires users to provide their password and a unique verification code to access the administration console and our end user applications. Verification codes can be delivered via email, SMS, or generated using a 3rd party authenticator application.
See the 2-Step Authentication Overview page for full details.