This guidance is outdated and has been superseded by the content in the Single Sign-On space.
This guide will explain how to configure Mimecast SAML Authentication using the underlying Windows Azure Active Directory instance of an Office 365 tenant as an Identity provider.
Configure Azure Active Directory
Windows Azure Active Directory can be accessed from the Office 365 Admin Center by selecting the Azure AD option in the Admin section of the left hand side menu.
Once you have successfully logged in to the Windows Azure Management Portal, follow these steps to create the required Azure Application:
- Click on the Active Directory item in the Windows Azure management Portal and navigate to the Applications menu.
- Click Add from the menu bar at the bottom of the screen to start a guided wizard.
- On the What do you want to do screen, click Add an application my organization is developing.
- Give the application a name, for example "Mimecast Administration Console" and leave the default Web Application and/or web api selected.
- On the App Properties screen add a Sign-On URL and an App-ID URI. These values will depend on the region where the Mimecast account is hosted, and the Mimecast application that will be used. Please see the Global SAML URLs and Audience Values article for details on the values to use. The Sign-On URL relates to the Destination section and the App-ID URI relates to the Audience section.
Note that there are specific values for Azure AD
- Click the tick icon to complete the configuration.
- While still in the application menu, click the View Endpoints button from the menu bar at the bottom of the screen.
- From the App Endpoints pop up copy the URL for the Federation Metadata Document and keep this to hand as it is required for the Mimecast configuration to import the Azure settings.
This completes the Azure AD configuration. Repeat these steps for each application you want to use SAML authentication with.
Once you have configured Azure AD with the required settings you must configure an Authentication Profile in the Mimecast Administration Console. View the [OUTDATED] Configuring Mimecast SAML Authentication Settings SAML_Authentication_Settings article for guidance on this.