Advanced Account Administration and Federated Account Administration are designed in a hierarchy that links the different account types together, as shown in the descriptions below.
Accounts can be linked to each other to support an account hierarchy which provides segregated storage and/or security configuration features.
Note: Account hierarchy can only be applied within one specific jurisdictional region. Cross-regional account hierarchies (accounts on multiple Mimecast grids) are currently not supported.
Both Advanced Account Administration and Federated Account Administration optionally offer:
The account types are described below:
|Account Type||Advanced Account Administration||Federated Account Administration|
|Master Account||The Master account is used for Hierarchy Management. Administrators on the Master register the Domain names and allocate them to the nested Mail Processing accounts. The Master either retrieves the user addresses via the Directory Connectors of the nested Mail Processing accounts or via manual Imports. The Master can also import users directly into the nested accounts, as well as migrate users between the nested accounts. The Master can import Administrators for select Roles into the nested Mail Processing accounts, but itself by default has only one Administrator Role. The account has a read-only view of the Authorized Outbound IP addresses, Internal Domains, Directory and Journal Connectors of the nested Mail Processing accounts.||The Master account is used for Hierarchy Management only and by default has only one Administrator Role. It has a read-only view of the Authorized Outbound IP addresses and Internal Domains within the setup.|
|Group Account||Group accounts are used to group nested Mail Processing accounts together. There are no Administrative Roles available on Group accounts. They hold a read-only view of the Authorized Outbound IP addresses, Internal Domains, Directory and Journal Connectors of the Mail Processing accounts nested underneath them.||Group accounts are used to group nested Mail Processing accounts together. There are no Administrative Roles available on Group accounts. They hold a read-only view of the Authorized Outbound IP addresses and Internal Domains of the accounts nested underneath them.|
|Mail Processing Account|
These are the accounts that process email. They cannot add new Internal Domains, as the Master account will allocate these to the Mail Processing account. Imported user addresses are automatically copied to the Master account, and disallow imports of addresses from other Mail Processing accounts. Such migrations can only be performed by the Master account.
User addresses cannot be imported into Groups and are not automatically added to the Internal Domains based on outbound email flow. Manual Directory Synchronization on the Mail Processing account triggers a manual sync on the Master account.
Mail Processing account Directory Connectors are automatically copied to the Master account when they are created, while Journal Connectors and Authorized Outbound IP addresses are automatically linked to the Master account when they are created.
|These are the accounts that process email and are identical to regular Mimecast accounts.|
Managing Account Hierarchy
From the Master account, navigate to Account | Hierarchy. You will be presented with this screen:
Use the folder view on the left to navigate between the nested accounts. Click a Group account folder to view the nested Mail Processing accounts. Click the View Details button of the Linked Account to view the Account Settings for that account.
The View menu allows you to filter the list by Unlinked or Linked Accounts. Click the Consolidated View button for a full list of the Group and Mail Processing accounts linked to this Master account.
Right-click an account to change it's Parent account to move it to another location within the Hierarchy.