When deploying Mimecast for Outlook, it is important to consider how your users will authenticate when gaining access to the features provided by the application. The following authentication options are available:
Users are required to open the Mimecast for Outlook Account Options and enter their password. You can choose to use one of the following authentication providers to validate the user's credentials:
- Mimecast - Enable Mimecast Cloud Authentication
- Active Directory - Enable Directory Connector Domain Authentication
- Active Directory - Enable Domain Password Authentication using AD FS
- Active Directory - Enable EWS Domain Authentication
As a user's password changes they'll need to re-enter their password in order to continue to use the Mimecast for Outlook features.
Mailboxes Hosted in Office 365
If your organization uses Office 365, you can use Password Protected authentication as described above and use Office 365 as the authentication provider to validate user's credentials.
See the Enabling Office 365 Domain Authentication page for full details.
Windows Integrated (Exchange 2010 to 2016 only)
Domains users, using a domain joined computer are authenticated automatically as they open Microsoft Outlook. Behind the scenes Mimecast for Outlook uses Windows Integrated Authentication against an administrator defined Exchange Web Services URL to authenticate users.
See the Integrated Windows Authentication (IWA) Connectivity page for full details.
Using a Reverse Proxy (e.g. Microsoft Threat Management Gateway Server)
If you publish your Exchange server to the internet using a reverse proxy server, you must ensure that requests from the Mimecast IP range are routed directly through to your Exchange Client Access server for this feature to be successful.
If your organization uses an Identity Provider (e.g. Microsoft Active Directory Federation Services, Okta, or OneLogin) users can use this provider to authenticate using Mimecast for Outlook. See the Single Sign-On (SSO) page for full details.