Mimecast offers a number of ways to manage users and groups. The steps below describe how to best leverage the available features.
Step 1: Add your internal email domains
Before users can be created you will need to add your organizations internal email domains to Mimecast. When your account was originally provisioned at least 1 internal domain would have already been added.
Please see the Email Domains guide to learn about adding and managing Mimecast Internal Domains.
Step 2: Set up Directory Sync
Once all of your internal email domains have been added you can sync users and groups from Office 365 to Mimecast using a cloud to cloud connection from Mimecast to Windows Azure Active Directory. This allows you to automate user and group management, and optionally add user attributes to Mimecast users that can be used to apply policies, or in Stationary layouts.
Step 3: Set up additional sign-in options for Mimecast Applications
All Mimecast applications allow users to sign-in using a Mimecast Cloud password.
To allow users to sign-in to Mimecast applications using their Office 365 password there are 3 options available. See below for details:
|Mimecast Application||Domain||Azure SSO||SAML SSO|
|Mimecast Personal Portal||x||x||x|
|Secure Messaging Portal (internal users)||x|
|Mimecast for Outlook||x||x||x|
|Mimecast for Mac||x|
Domain (Same Sign-On)
- A user provides their primary email address and password to the application.
- The Administration Console, Mimecast Personal Portal, and the Secure Messaging Portal require the user to enter these details each time the user accesses the application.
- Mimecast for Outlook, Mimecast for Mac, and Mimecast Mobile only require the user to enter these details the first time they use the application and then again each time the user' s password changes.
- Behind the scenes Mimecast contacts Office 365 and uses Basic Authentication to verify the user.
SAML Single Sign-On (SSO) using Windows Azure Active Directory
- A user provides their primary email address to the Administration Console or the Mimecast Personal Portal and is redirected to Windows Azure.
- If the user already has an active Azure session in their web browser the user will be immediately redirected back to the Mimecast application and granted access.
- If the user does not have an active Azure session in their web browser the user will need to sign-in to Azure with their email address and password before being redirected back to the Mimecast application and granted access.
SAML Single Sign-On (SSO) using a third party IdP
- Please see the SAML Single Sign-On (SSO) section for guidance on this.