Global SAML URLs and Audience Values

Document created by user.oxriBaJeN4 Employee on Oct 23, 2015Last modified by user.oxriBaJeN4 Employee on Oct 3, 2019
Version 16Show Document
  • View in full screen mode

This article contains reference information for the global URLs and audience values that should be used when configuring an Identity Provider for Mimecast SAML Authentication.




The SAML audience, also referenced as an identifier, specifically relates to the setting that defines this element in a SAML response:

<Conditions NotBefore="2015-03-05T11:04:54.518Z" NotOnOrAfter="2015-03-05T12:04:54.518Z">

The values for the SAML audience / identifier for each Mimecast region and application are listed below:

For customers using Azure Active Directory, note that Azure AD has different values.

End User Applications

Replace .ACCOUNTCODE with your unique Mimecast Account Code. This can be found in the Administration | Account | Account Settings menu item in the Administration Console.
RegionValueAzure AD Value


Administration Console


RegionValueAzure AD Value


Mimecast Personal Portal


RegionValueAzure AD Value




The SAML destination, also referenced as an endpoint, is the URL of the Mimecast application that the Identity Provider should send the SAML response to. For end user applications (e.g. Mimecast for Outlook) there is a single URL for each region. For the Administration Console and Mimecast Personal Portal, there are two destination URLs for each region and application; one for Service Provider Initiated sign-on, and one for Identity Provider Initiated sign-on. The difference in each case is the "?action=sso" value at the end of the URL for Identity Provider Initiated sign-on. Typically you should be able to add both URLs to the application if your Identity Provider supports both sign-on methods.


The destination / endpoint URL's for each Mimecast application and region are listed below:


End User Applications



Administration Console



Mimecast Personal Portal



See Also...