This guide describes the differences between master and mail processing accounts, if you've implemented got advanced account administration.
If Advanced Account Administration is being used on your account, the Administration Console menu items are the same, but the functionality covered below differs from a standard Mimecast account:
|Menu Item||Sub Menu||Description|
|Administration | Account||Dashboard||Displays the dashboard for the master account.|
|Audit Logs||Tracks activity in the master account.|
|Roles||By default, only the Master Administrator role is available.|
|Account Settings||Controls the settings for the master account.|
|Hierarchy||Enables master administrators to view and manage the hierarchy of the advanced account administration setup. See the Advanced / Federated Account Administration: Account Structures page for full details.|
|Administration | Gateway||Authorized Outbounds||Displays a list of authorized outbound IP addresses used by the Advanced Account Administration setup.|
|Administration | Services||Directory Synchronization||Displays the linked organization's directory connectors.|
|Journaling||Displays a list of the organization's linked journal connectors.|
|Administration | Directories||Internal Directories|
Provides a read only view of the nested account's internal domains, as well as the federated administration domain belonging to the master account. The ability is also provided to:
Allows administrators to import data to Mimecast. For example:
In your Mimecast Account Settings, the following additional options are available:
|Enable Policy Inheritance|
Allows mail processing nested accounts to consider the policies configured on group / master accounts, if all relevant accounts have this option enabled. This option can only be enabled by Mimecast Support.
|Enable Federated Administration|
Enables additional roles to allow federated administration of group / mail processing nested accounts. This option can only be enabled by Mimecast Support.
|Enable Federated Content View|
Allows federated administrators to have content view permissions for all nested accounts that have enabled federated administration. This option can only be enabled by Mimecast Support.
|Federated Administration Domain||Specifies the domain name used for federated administration.|
By default, only the following roles are available on the master account:
- Master Administrator
- Migration Administrator
The master administrator role can:
- Manage the Advanced Account Administration hierarchy.
- Add internal domains.
- Link internal domains to mail processing accounts.
- Import mail processing account users by specifying the remoteaccountcode for the addresses.
- Define email security policies where policy Inheritance is enabled.
The master administrator role can't:
- Perform email security related actions (e.g. quarantine management).
- Configure settings apart from Account Settings for the accounts that are part of the Advanced Account Administration setup.
- See mail flow for any account that is part of the Advanced Account Administration setup.
- Configure federation functionality.
- Read only access to all sections on the Master account and read / write access to the Directories | Import menu item.
- Read only access to all sections on nested accounts (e.g. grouping and mail processing).
- Read / write access to the Directories | Import menu item.
- Read / write access to manage "User Home Location" on the master account.
- Has permission to trigger "Directory Synchronization" on the master and all mail processing accounts.
- This role would be eligible for federation.
Outbound, Directory, and Journal Connectors
- The master account shows all the nested account's authorized outbound addresses.
- Directory connectors configured on mail processing accounts are automatically copied to the master account.Nested accounts can run directory synchronizations independently of the master account. As a result a user address may have been added to the nested account, but not be visible on the master account. When this happens,mail for this user address is not processed. This is corrected when the master account's directory synchronization takes place. If you've newly created mail enabled objects and cannot wait for automatic synchronziation, run a manual directory synchronization from the master account.
Administrators logged on to the master account can import users to the master or any nested account. A remoteaccountcode field is used in the spreadsheet to identify which account to add the user to. Additionally a Allow Address Migration field can be used to migrate addresses from one Mail Processing account to another.
Master Administrators can import user addresses directly into administrator roles for mail processing accounts. Supported roles are:
- Basic Administrator
- Helpdesk Administrator
- Gateway Administrator.
Mail Processing Accounts
Mail processing accounts are similar to standard Mimecast accounts with a few exceptions.
- Within the internal domains, it isn't possible to add new domains. These must be added to the master account. The master account allocates the new domain to the appropriate mail processing account(s).
- Any authorized outbounds added to the account automatically display in the master account.
- Any journal connectors added to the account automatically display in the master account.
- Any directory connectors are copied to the master account.
When importing, mail processing accounts have the following differences:
- If importing email addresses using a spreadsheet, these are automatically learned by the Master account.
- The Import to Group option is not available.
- A Notification Email field is available in the Directories | Imports menu item. This is used to notify a user when addresses cant be saved to the master account, because the same address already exists that is linked to another remoteaccouncode as described above.