This guide describes how user email addresses can be either manually or automatically managed to control access to your Mimecast account.
Email addresses represent user accounts in your environment. These addresses can be used to control your user's accounts and perform the following:
- Assign permissions to access Mimecast user tools.
- Set a cloud password.
- Set specific password complexity and lockout settings.
- Populate attributes.
- Manually configure an alias address.
- Assign an administrative role to a user.
During the implementation of your Mimecast account, internal domains are added and email addresses are populated in them. This can be achieved in the following ways:
- Automatically when processing email by capturing the email addresses.
- Manually by an administrator, either individually or via a spreadsheet Import.
- A directory synchronization using directory connections.
Listing Your Domains / Email Addresses
To list your internal domains, and the email addresses in them:
- Log on to the Administration Console.
- Click on the Administration toolbar button.
- Click on the Directories / Internal Directories menu item. A list of your domains is displayed.
- Click on a Domain. A list of the domain's users is displayed.
The following types of addresses may appear in this list, denoted by the icon to the left of the address:
|Manually Created||Addresses that have been added manually, or created based on email processing for a user that does not have a directory account. This could be a staff member who has left (e.g. their directory account has been deleted) or a fax machine / Unix based email address.|
|Created by Message in Transit|
Addresses that have been "created by a message in transit" are created when a new Mimecast user sends an outbound message, (if the sending address has not yet synchronized from the Active Directory).
Once a synchronized address is deleted from Active Directory, the Mimecast address type changes from "Extracted from Directory" to "Created by Message in Transit". This helps administrators identify which users are currently being synced via Active Directory.
|Extracted From Directory||Addresses that are synchronized SMTP objects from the domain controller. For more information on synchronizing your organization's directory, view the Directory Synchronization section.|
|Manually Imported||Addresses created from a Spreadsheet Import.|
|Distribution List||Synchronized Distribution List (DL) or Security Groups with SMTP addresses from the domain controller. For more information on synchronizing your organization's directory, view the Directory Synchronization section.|
Working with Email Addresses
The list of email addresses has the following buttons that provide additional functionality:
|Allows you to create an email address. See the Email Address Properties section below for more details.|
|Purge Selected Addresses||Deletes the selected email addresses including linked aliases. This can only be performed by an administrator with super administrator privileges. A warning will be displayed to confirm the removal of the address and all list entries. Addresses will not be purged while emails are still being processed for the address (e.g. if related emails are held). Administrators can prevent the purge from taking place by removing the address from the purge list.|
|Import Delegate Mailboxes|
Allows you to import delegated mailboxes. Delegate mailbox access can be used to link separate email archives together. To allow delegate access, click on an email address and select the Delegate Mailbox menu option. See the End User Applications: Configuring Delegate Mailbox Access page for full details.
This button is only available when logged on as an Administrator with protected permissions.
|Export a list of email addresses to a .XLS, or CSV file.|
|View||Filters the list of email addresses displayed by: |
Email Address Properties
Adding or changing an email address requires you to complete the addresses properties:
- Click on the New Address button to create an email address.
- Click on an existing Email Address.
- Complete the Address Settings section as required.
Field Name Description Email Address The field is only editable when adding an email address. As it is the unique identifier for this user and their associated email archive, the address can't be modified once it's been created, and once the email is processed for that address. Global Name The full name of the email address user. This is normally displayed in the recipient's FROM field in their mail client. This field is only populated for LDAP addresses. Internal Address Shows whether the email address is considered to be internal or external. Administration Console Role Displays the administrative role that the user is assigned to or "None" if the user account does not belong to a role. Click on the Role Edit button to access the Role Editor. Address Alias For A primary email address can have any number of alias addresses. Click on the Lookup button to assign an alias address to the primary address. This indexes emails processed for both addresses in a single archive. If this is not done, a separate archive view is created for the primary address, and another for the alias.
- Complete the Permissions section as required:
Field Name Description Password / Confirm Password
Creates a cloud password for the email address. This password can only be authenticated in Mimecast, and doesn't affect the network password in the organization's infrastructure. This password can be used for the end user services, or for POP and SMTP connections. Mimecast will first attempt to authenticate users based on the LDAP password, and then their cloud password, either of which is accepted.The use of non-ASCII characters in passwords is not recommended, as they may prevent user authentication.
Force Change at Logon This option forces the cloud password to expire. This is helpful if setting similar cloud passwords for end users, that they are required to change when they first log in. Password Never Expires Prevents the expiration of the user account’s cloud password. This is useful for administrator or system accounts. Maximum Reset Attempts Made Should a user request their cloud password to be reset, a password reset code is sent to them. If they fail to enter this code successfully ten times, the password reset functionality is locked for their account. This option shows as selected in this scenario. Click on the Reset Count button to unlock the password reset functionality on their account. Account Locked Indicates if the user account is locked and users will not be able to log in to Mimecast. Click on the Unlock Account button to unlock an account. Account Disabled If selected, users are prevented from logging in to Mimecast applications using cloud passwords. This doesn't affect email delivery to the address. If directory synchronization is enabled, we'll automatically disable Mimecast user accounts if the:
- "useraccountcontrol" attribute is set to "0".
- User account no longer exists in the directory.
Archive Start Date
Should the same email address be required for different users, and the new user shouldn't have access to the previous user's archive, this field can be used to separate the archive for the new user. For example, an employee leaves the organization (John Smith, email@example.com). A new employee joins the organization one month later (Jane Smith, firstname.lastname@example.org). If the address is re-allocated to the new user, Jane will have access to all the ex-employee’s archive, as they share the same email address. To prevent this, you can create a new archive for the new employee by entering an Archive Start Date. You should ensure that the Archive Start Date is the start date for the new employee, to ensure that there is no overlap in the viewable archive content.
Allow SMTP Email Submission Allows users to submit emails directly to Mimecast. This is generally useful for remote users, and applies to TCP/IP port 25 and 587. Allow POP Access This option permits a user to retrieve email from a Mimecast mailbox directly, as opposed to retrieving emails from a mail server. Effective Group Application Settings Displays the name of the Application Settings Definition that applies to this email address. These settings dictate the user permissions for this email address.
- Click on the Save and Exit button.