Global SAML URLs and Audience Values

Document created by user.oxriBaJeN4 Employee on Oct 23, 2015Last modified by user.oxriBaJeN4 Employee on Jul 25, 2017
Version 14Show Document
  • View in full screen mode

This article contains reference information for the global URLs and audience values that should be used when configuring an Identity Provider for Mimecast SAML Authentication.

 

Audience

 

The SAML audience, also referenced as an identifier, specifically relates to the setting that defines this element in a SAML response:

<Conditions NotBefore="2015-03-05T11:04:54.518Z" NotOnOrAfter="2015-03-05T12:04:54.518Z">
  <AudienceRestriction>
  <Audience>host.domain.com.ACCOUNTCODE</Audience>
  </AudienceRestriction>
</Conditions>

The values for the SAML audience / identifier for each Mimecast region and application are listed below:

For customers using Azure Active Directory, note that Azure AD has different values.

End User Applications

Replace .ACCOUNTCODE with your unique Mimecast Account Code. This can be found in the Administration | Account | Account Settings menu item in the Administration Console.
Mimecast for Outlook is the only end user application that currently supports SAML authentication.
RegionValueAzure AD Value
EUeu-api.mimecast.com.ACCOUNTCODEhttps://eu-api.mimecast.com/sso/ACCOUNTCODE
USus-api.mimecast.com.ACCOUNTCODEhttps://us-api.mimecast.com/sso/ACCOUNTCODE
ZAza-api.mimecast.com.ACCOUNTCODEhttps://za-api.mimecast.com/sso/ACCOUNTCODE
AUau-api.mimecast.com.ACCOUNTCODEhttps://au-api.mimecast.com/sso/ACCOUNTCODE
Offshoreje-api.mimecast.com.ACCOUNTCODEhttps://je-api.mimecast.com/sso/ACCOUNTCODE

 

Administration Console

 

RegionValueAzure AD Value
EUeu-api.mimecast.com.ACCOUNTCODE

https://eu-api.mimecast.com/sso/ACCOUNTCODE

USus-api.mimecast.com.ACCOUNTCODEhttps://us-api.mimecast.com/sso/ACCOUNTCODE
ZAza-api.mimecast.com.ACCOUNTCODEhttps://za-api.mimecast.com/sso/ACCOUNTCODE
AUau-api.mimecast.com.ACCOUNTCODEhttps://au-api.mimecast.com/sso/ACCOUNTCODE
Offshorejer-api.mimecast.comACCOUNTCODEhttps://jer-api.mimecast.com/sso/ACCOUNTCODE

 

Mimecast Personal Portal

 

RegionValueAzure AD Value
EUeu-api.mimecast.com.ACCOUNTCODEhttps://eu-api.mimecast.com/sso/ACCOUNTCODE
USus-api.mimecast.com.ACCOUNTCODEhttps://us-api.mimecast.com/sso/ACCOUNTCODE
ZAza-api.mimecast.com.ACCOUNTCODEhttps://za-api.mimecast.com/sso/ACCOUNTCODE
AUau-api.mimecast.com.ACCOUNTCODEhttps://au-api.mimecast.com/sso/ACCOUNTCODE
Offshoreje-api.mimecast.com.ACCOUNTCODEhttps://je-api.mimecast.com/sso/ACCOUNTCODE

 

Destination

 

The SAML destination, also referenced as an endpoint, is the URL of the Mimecast application that the Identity Provider should send the SAML response to. 

 

For end user applications (e.g. Mimecast for Outlook) there is a single URL for each region. For the Administration Console and Mimecast Personal Portal, there are two destination URLs for each region and application; one for Service Provider Initiated sign-on, and one for Identity Provider Initiated sign-on. The difference in each case is the "?action=sso" value at the end of the URL for Identity Provider Initiated sign-on. Typically you should be able to add both URLs to the application if your Identity Provider supports both sign-on methods.

 

The destination / endpoint URL's for each Mimecast application and region are listed below:

 

End User Applications

Mimecast for Outlook is the only End User Application that currently supports SAML authentication.

 

Administration Console

 

 

Mimecast Personal Portal

 

 

Click the link for information about Single Sign-On.

Attachments

    Outcomes