If you are using Office 365 or a Hybrid Exchange with Windows Azure Active Directory, we can automatically synchronize with Windows Azure to add and manage all of your user, group, and group membership attributes. This has the following benefits:
- The administrative overhead of performing these tasks is removed.
- End users can use their primary email address and Active Directory password to sign in to Mimecast applications.Passwords are not synchronized using this feature. To allow users to log in to Mimecast applications using their Office 365 / Windows Azure credentials, configure Office 365 domain authentication or SAML authentication using Windows Azure Active Directory as an identity provider.
What You'll Need
- Access to your Windows Azure management portal for the Active Directory you would like to synchronize with us.
- Administrative access to the Mimecast Connect Application and Administration Console.
Enabling Azure Active Directory Synchronization
To enable Azure Active Directory Synchronization:
- Log on to the Connect Application.
- Click on the Platform | Synchronize Your Directory menu item.
- Click on the Start button next to the "Task Steps for Azure Active Directory" section. A list of steps to be performed externally from the Connect Application is displayed. These are:
These steps must be completed before continuing. See the "Creating an Azure Active Directory Application below for full details.
- Creating an Azure Active Directory application.
- Generating an application access key.
- Adding appropriate permissions to the application.
- Determining your Azure Active Directory tenant domain.
- Click on the Next button. The Enter Your Directory Synchronization Details dialog is displayed.
- Complete the dialog, using the settings noted from your previously configured Azure Active Directory application:
Field Description Application/Client ID Enter the value noted from the "Creating a Windows Azure Active Directory Application" section above. Key Enter the value noted from the "Creating a Windows Azure Active Directory Application" section above. Tenant Domain
To determine the tenant domain, hover over the user profile in the top right corner.
- Click the Synchronize button.
The Azure Active Directory connection is validated by us. Whilst we do this, a validation page is displayed. Once validation is complete, a summary page is displayed listing your directory synchronization details. You can also see validated connections via the Administration Console:
- Log on to the Mimecast Administration Console.
- Click the Services | Directory Synchronization menu item. All validated connections are listed.
Creating an Azure Active Directory Application
To create an Azure Active Directory application, follow the Configuring an Azure Active Directory Application guide.
Directory Synchronization Timings
We'll automatically trigger a synchronization of your Active Directory at 8am, 1pm, and 11pm daily, with the timings taken from the Mimecast region where your account is held (e.g. Europe, North America, South Africa, Australia). For the Europe region, the timing is in the GMT timezone. For the North America region, the timing is in the EST timezone. If you're located in a different region or timezone than your Mimecast account, this means the synchronization timings won't be in your timezone. For example, if your Mimecast account is:
- Located in the US region, but you're located in the Pacific Time Zone.
- Located in the Europe region, but you're located in Germany.
Whilst a synchronization is automatically triggered at set times, there are a number of factors that control when you can see its results. These include the:
- Size of your Active Directory
- Number of changes
- Server load