If you are using Office 365 or a Hybrid Exchange with Windows Azure Active Directory, we can automatically synchronize with Windows Azure to add and manage all of your user, group, and group membership attributes. This has the following benefits:
- The administrative overhead of performing these tasks is removed.
- End users can use their primary email address and Active Directory password to sign in to Mimecast applications.Passwords are not synchronized using this feature. To allow users to log in to Mimecast applications using their Office 365 / Windows Azure credentials, configure Office 365 domain authentication or SAML authentication using Windows Azure Active Directory as an identity provider.
What You'll Need
- Access to your Windows Azure management portal for the Active Directory you would like to synchronize with us.
- Administrative access to the Mimecast Connect Application and Administration Console.
Enabling Azure Active Directory Synchronization
To enable Azure Active Directory Synchronization:
- Log on to the Connect Application.
- Click on the Platform | Synchronize Your Directory menu item.
- Click on the Start button next to the "Task Steps for Azure Active Directory" section. A list of steps to be performed externally from the Connect Application is displayed. These are:
These steps must be completed before continuing. See the "Creating an Azure Active Directory Application below for full details.
- Creating an Azure Active Directory application.
- Generating an application access key.
- Adding appropriate permissions to the application.
- Determining your Azure Active Directory tenant domain.
- Click on the Next button. The Enter Your Directory Synchronization Details dialog is displayed.
- Complete the dialog, using the settings noted from your previously configured Azure Active Directory application:
Field Description Application/Client ID Enter the value noted from the "Creating a Windows Azure Active Directory Application" section above. Key Enter the value noted from the "Creating a Windows Azure Active Directory Application" section above. Tenant Domain
To determine the tenant domain, hover over the user profile in the top right corner.
- Click the Synchronize button.
The Azure Active Directory connection is validated by us. Whilst we do this, a validation page is displayed. Once validation is complete, a summary page is displayed listing your directory synchronization details. You can also see validated connections via the Administration Console:
- Log on to the Mimecast Administration Console.
- Click the Services | Directory Synchronization menu item. All validated connections are listed.
Creating an Azure Active Directory Application
To create a Windows Azure Active Directory application:
- Log on to the Office 365 Admin Center.
- Click on the Admin / Azure AD menu item.
- Click the Active Directory menu item.
- Click on the App Registrations tab at the top of the page.
- Click on the New Application Registration button at the top of the screen to start a guided wizard.
- Specify the options as follows:
Field / Option Comments Name
Specify a name for the application (e.g. Mimecast Directory Synchronization).
Web Application and/or Web API.
Specify an arbitrary URL in both these fields, making sure the same URL is used in both fields. As this application will not be used for authentication, the values entered are not important.
- Click on the Create button at the bottom of the section.
- Select the newly created App from the list.
- Make a note of the Application ID value. It will be needed when you are creating your Directory Synchronization Connection.
- Click on the Select Duration drop down.
- Specify a Valid From and Expires On time to specify a time span.
- Click the Save menu item at the foot of the page. This displays the application key.
- Make a note of the application key. It will be needed when you are creating your Directory Synchronization in the Connect Application.The key is only valid for the duration specified in step 10b. If you do not create a directory synchronization connection before it expires, another key must be created.
- Click on Required Permission and ensure Windows Azure Active Directory has the Read Directory Data Application Permission.
- Click the Save menu item at the foot of the page.
- Click on the button.
Directory Synchronization Timings
We'll automatically trigger a synchronization of your Active Directory at 8am, 1pm, and 11pm daily, with the timings taken from the Mimecast region where your account is held (e.g. Europe, North America, South Africa, Australia). For the Europe region, the timing is in the GMT timezone. For the North America region, the timing is in the EST timezone. If you're located in a different region or timezone than your Mimecast account, this means the synchronization timings won't be in your timezone. For example, if your Mimecast account is:
- Located in the US region, but you're located in the Pacific Time Zone.
- Located in the Europe region, but you're located in Germany.
Whilst a synchronization is automatically triggered at set times, there are a number of factors that control when you can see its results. These include the:
- Size of your Active Directory
- Number of changes
- Server load