Advanced Account Administration Differences

Document created by user.oxriBaJeN4 Employee on Sep 11, 2015Last modified by user.oxriBaJeN4 Employee on Sep 26, 2018
Version 12Show Document
  • View in full screen mode

This guide describes the differences between master and mail processing accounts, if you have implemented got advanced account administration.

 

Master Accounts

 

Menu Items

 

If Advanced Account Administration is being used on your account, the Administration Console menu items are the same, but the functionality covered below differs from a standard Mimecast account:

 

Menu Item
Sub Menu
Description
Administration | AccountDashboardDisplays the dashboard for the master account.
Audit LogsTracks activity in the master account.
RolesBy default, only the Master Administrator role is available.
Account SettingsControls the settings for the master account.
HierarchyEnables master administrators to view and manage the hierarchy of the advanced account administration setup. See the Advanced / Federated Account Administration: Account Structures page for full details.
Administration | GatewayAuthorized OutboundsDisplays a list of authorized outbound IP addresses used by the Advanced Account Administration setup.
Administration | ServicesDirectory SynchronizationDisplays the linked organization's directory connectors.
JournalingDisplays a list of the organization's linked journal connectors.
Administration | DirectoriesInternal Directories

Provides a read only view of the nested account's internal domains, as well as the federated administration domain belonging to the master account. The ability is also provided to:

  • Unlink a domain via a right click menu item. See the Configuring Internal Domain / Subdomains page for full details.
  • Delete a domain on a master account with no mail processing accounts (advanced account administration accounts only). 
Imports

Allows administrators to import data to Mimecast. For example:

  • Creating addresses for the federated administration domain.
  • Importing users into mail processing accounts, specifying the remoteaccountcode for each address.

 

Account Settings

 

In your Mimecast Account Settings, the following additional options are available:

 

Feature
Description
Enable Policy Inheritance

Allows mail processing nested accounts to consider the policies configured on group / master accounts, if all relevant accounts have this option enabled. This option can only be enabled by Mimecast Support.

Enable Federated Administration

Enables additional roles to allow federated administration of group / mail processing nested accounts. This option can only be enabled by Mimecast Support.

Enable Federated Content View

Allows federated administrators to have content view permissions for all nested accounts that have enabled federated administration. This option can only be enabled by Mimecast Support.

Federated Administration DomainSpecifies the domain name used for federated administration.

 

Roles

 

By default, only the following roles are available on the master account:

  • Master Administrator
  • Migration Administrator

 

Master Administrator

 

The master administrator role can:

  • Manage the Advanced Account Administration hierarchy.
  • Add internal domains.
  • Link internal domains to mail processing accounts.
  • Import mail processing account users by specifying the remoteaccountcode for the addresses.
  • Define email security policies where policy Inheritance is enabled.

 

The master administrator role can't:

  • Perform email security related actions (e.g. quarantine management).
  • Configure settings apart from Account Settings for the accounts that are part of the Advanced Account Administration setup.
  • See mail flow for any account that is part of the Advanced Account Administration setup.
  • Configure federation functionality.

 

Migration Administrator

 

Account_Roles.pngThe Migration Administrator has the following attributes:

  • Read only access to all sections on the Master account and read / write access to the Directories | Import menu item.
  • Read only access to all sections on nested accounts (e.g. grouping and mail processing).
  • Read / write access to the Directories | Import menu item.
  • Read / write access to manage "User Home Location" on the master account.
  • Has permission to trigger "Directory Synchronization" on the master and all mail processing accounts.
  • This role would be eligible for federation.

 

Outbound, Directory, and Journal Connectors

 

  • The master account shows all the nested account's authorized outbound addresses.
  • Directory connectors configured on mail processing accounts are automatically copied to the master account.
    Nested accounts can run directory synchronizations independently of the master account. As a result a user address may have been added to the nested account, but not be visible on the master account. When this happens,mail for this user address is not processed. This is corrected when the master account's directory synchronization takes place. If you've newly created mail enabled objects and cannot wait for automatic synchronziation, run a manual directory synchronization from the master account.

Imports

 

Master_account_directories_imports.pngAdministrators logged on to the master account can import users to the master or any nested account. A remoteaccountcode field is used in the spreadsheet to identify which account to add the user to. Additionally a Allow Address Migration field can be used to migrate addresses from one Mail Processing account to another.

 

Master Administrators can import user addresses directly into administrator roles for mail processing accounts. Supported roles are:

  • Basic Administrator
  • Helpdesk Administrator
  • Gateway Administrator.

 

Mail Processing Accounts

 

Mail processing accounts are similar to standard Mimecast accounts with a few exceptions.

  • Within the internal domains, it isn't possible to add new domains. These must be added to the master account.  The master account allocates the new domain to the appropriate mail processing account(s).
  • Any authorized outbounds added to the account automatically display in the master account.
  • Any journal connectors added to the account automatically display in the master account.
  • Any directory connectors are copied to the master account.

 

Imports

 

When importing, mail processing accounts have the following differences:

  • Mail_Processing_account_Directories_Import.pngIf importing email addresses using a spreadsheet, these are automatically learned by the Master account.
  • The Import to Group option is not available.
  • A Notification Email field is available in the Directories | Imports menu item. This is used to notify a user when addresses cant be saved to the master account, because the same address already exists that is linked to another remoteaccountcode as described above.

 

See Also...

 

Attachments

    Outcomes