Passwords only offer a single layer of protection to a user’s identity. The most complex passwords can be compromised by:
- Using the same password on more than one website or application.
- Weaponized software downloaded from the internet or received via email.
- Clicking on links to malicious websites.
Mimecast native 2-Step Authentication adds an additional layer of protection by denying access with just a password. Enabled, your administrators and users will need a password and a one-time verification code to access Mimecast. Administrators can choose how 2-Step verification codes are received / generated. The following options are available:
- Via email
- Via SMS
- Via a 3rd party code generator (e.g. Google Authenticator, Duo, Authy, Symantec VIP Access, FortiToken, and many more).
Depending on your Mimecast subscription, you may have access to Mimecast SMS Services.
2-Step Authentication has the following benefits:
- The additional layer of security reduces the risk of your administrator and user accounts becoming compromised.
- Group-based configuration provides the flexibility to enable this for all users or selected users only.
- Works with your existing Cloud or Domain authentication configurations to allow you to enhance security while minimizing impact.
- Email or SMS delivery of verification codes.
- Support for 3rd party verification code generators to get a verification code.
- Using a secure, standards-based implementation for compatibility with a wide range of 3rd party verification code generators.
- Simple self-service registration process for 3rd party verification code generators reducing IT complexity.
- Adaptive location based support provides the option to only require a 2nd form of verification when users attempt to log in from outside of your trusted networks.
Supported Mimecast Applications
2 Step Authentication is supported for both administrator and end-user access, including access to the:
- Administration Console
- Mimecast Personal Portal
- Case Review Application
- Mimecast for Outlook v7 and later
- Mimecast Mobile 3.5.2 and later
- Mimecast for Mac 2.8.9 and later
- Mimecast Partner Portal
Consider the following when configuring 2 Step Authentication:
- If you are using earlier versions of our Mimecast for Outlook, Mimecast Mobile, and Mimecast for Mac applications, you'll be prompted to upgrade if 2-Step Authentication is enabled.
- If both 2-Step Authentication, and Enforce SAML Authentication are enabled in the same profile, SAML will take preference. In this case, the user should authenticate with the Identity provider defined in the authentication profile. See the Understanding Enforce SAML Authentication for End User Applications page for further information.
- If you have an Office 365 exchange, you can work with Microsoft to enable 2-Step authentication and generate an app password for users. Visit the Set up 2-step verification for Office 365 and the Create an app password for Office 365 pages on the Microsoft site for more information.
- If you're using Microsoft Azure with Office 365, it's possible to configure a bypass solution for Multi Factor Authentication requests by adding the Mimecast IPs as Trusted IPs. Follow the Configure Azure Multi-Factor Authentication settings guide for more information.