Enable Mimecast Cloud Authentication

Document created by user.oxriBaJeN4 Employee on Sep 9, 2015Last modified by user.oxriBaJeN4 Employee on Mar 27, 2017
Version 3Show Document
  • View in full screen mode

Cloud Password Authentication is available for all customers and is typically used when your organization wants to manage and use specific Mimecast passwords when accessing Mimecast.

 

The steps in this guide describe how to enable Cloud Password Authentication using Mimecast to verify a user.

 

Preparing cloud Passwords

Define password complexity and expiration

These settings effect Mimecast Cloud passwords only and are applied to all users in the organization.

 

  1. Login to the Administration Console
  2. Navigate to the Password Complexity and Expiration section of the Administration | Account | Account Settings menu.
    Password_Complexity_and_Expiration.png
  3. Edit the settings to suit your organization's security requirements.

 

Create a Mimecast Cloud password

  1. Login to the Administration Console.
  2. Navigate to the Administration | Directories | Internal Directories menu.
  3. Select the primary domain of the user you want to set a Cloud password for.
  4. Select the primary email address of the user you want to set a Cloud password for.
  5. In the permissions section of the Email Address - Update page, enter and confirm the new password.
  6. Optionally select:
    • if the password should expire or not using the Password Never Expires option,
    • and if the user should be forced to change the password the next time they login using the Force Change at Logon setting.

 

Create an Authentication Profile

An Authentication Profile is referenced by a Mimecast Application Setting which is in turn applied to a group of users. It is possible to edit existing Authentication Profiles or create new ones depending on your requirement.

 

To create or edit an existing Authentication Profile:

 

  1. Login to the Administration Console.
  2. Navigate to the Administration | Services | Applications menu.
  3. Select the Authentication Profiles button.
  4. To edit an existing Authentication Profile select it from the list. Alternatively, to create a new profile select the New Authentication Profile button.
  5. Add a Description. This will be used to reference the profile when it is later selected in an Application Setting.
  6. Select the option you would like to apply from the Allow Cloud Authentication drop down list.

    Unless the Enforce SAML Authentication for Administration Console setting is used, Cloud Authentication will always be available for the Administration Console, regardless of the option selected here.

  7. Select a time period from the Authentication TTL drop down list.

    This is applicable to Mimecast for Outlook, Mimecast for Mac, and Mimecast Mobile only and defines the length of time a binding issued after a successful authentication is valid for.

     

    When the time elapses and the binding expires, the application uses the credentials originally entered by the user to automatically request a new binding. The user is only prompted to re-enter a password if the password has changed.

     

  8. Select Save and Exit to complete the configuration.

 

Optionally define Permitted IP Ranges

To add an additional layer of security Mimecast provides optional Permitted IP Range settings for the Administration Console, End User Applications, and Gateway authentication attempts.

 

To configure Permitted IP ranges for the Administration Console:

 

  1. Login to the Administration Console.
  2. Navigate to the Administration | Account | Account Settings menu.
  3. Open the User Access and Permissions section.
  4. In the Admin IP Ranges text box, enter the public IP address ranges you want to restrict access to in CIDR format, one range per line.

 

To configure Permitted IP Ranges for End User Applications:

 

  1. Login to the Administration Console.
  2. Navigate to the Administration | Services | Applications menu.
  3. Select the Authentication Profiles button.
  4. To edit an existing Authentication Profile select it from the list. Alternatively, to create a new profile select the New Authentication Profile button.
  5. Select the check box to enable Permitted Application Login IP Ranges.
  6. In the Permitted Application Login IP Ranges text box enter the public IP address ranges you want to restrict access to in CIDR format, one range per line.
  7. Select Save and Exit to apply the new settings.

 

To configure Permitted IP Ranges for Gateway authentication using SMTP or POP:

 

  1. Login to the Administration Console.
  2. Navigate to the Administration | Services | Applications menu.
  3. Select the Authentication Profiles button.
  4. To edit an existing Authentication Profile select it from the list. Alternatively, to create a new profile select the New Authentication Profile button.
  5. Select the check box to enable Permitted Gateway Login IP Ranges.
  6. In the Permitted Gateway Login IP Ranges text box enter the public IP address ranges you want to restrict access to in CIDR format, one range per line.
  7. Select Save and Exit to apply the new settings.

 

Other options

An Authentication Profile is applied to a group of users.

 

A given user can only have one effective profile at a given time. Consequently you may want to add additional authentication options to your Authentication Profile.

 

Apply the Authentication Profile to an Application Setting

Once your Authentication Profile is complete, you need to reference it in an Application Setting in order for it to be applied. To do this:

 

  1. Login to the Administration Console.
  2. Navigate to the Administration | Services | Applications menu
  3. Select the Application Setting that you want to use.
  4. Use the Lookup button to find the Authentication Profile you want to reference and click the Select link on the lookup page.
    Application_Settings_select_Authentication_Profile.png
  5. Select Save and Exit to apply the change.

 

Next Steps

To test your configuration and verify that your Authentication Profile has been configured correctly:

 

  1. Open or navigate to a Mimecast application.
  2. Enter your primary email address.
  3. You should be able to select to enter a Cloud password.
  4. Enter your Cloud password and login.

 

You should be granted access to the application.

1 person found this helpful

Attachments

    Outcomes