For your Exchange to successfully authenticate your users, it is vital that each user's primary email address matches their UPN attribute in Active Directory. This is because your Exchange accepts the UPN as a user identifier, whilst Mimecast uses the primary email address.
If only the domain part of the user's email address is different to the UPN attribute, you can use the "Alternate Domain Suffix" option in an authentication profile. If this setting is used, Mimecast substitutes the domain part of the email address that the user enters with the alternate domain. For example:
- The alternate domain suffix is set as internal.local.
- A user enters an email address of firstname.lastname@example.org into a Mimecast the application.
- The EWS endpoint grants access to the email@example.com address.
Enabling EWS Domain Authentication
You'll need administrative access to your Exchange CAS.
To enable EWS domain authentication in the Connect application:
- Confirm HTTPS access to your Exchange CAS by ensuring there is a valid SSL certificate, signed by a recognized Certificate Authority (CA), installed on your Exchange CAS. This ensures your public Exchange CAS accepts our secure authentication requests.If you have multiple public Exchange Client Access servers, this step must be completed for each one.
- Enable basic authentication for EWS by ensuring IIS is configured to allow basic authentication against the EWS endpoint.
- Allow our IP ranges access to the EWS endpoint. If your EWS endpoint has any IP address restrictions, add the regional IP ranges displayed in the application to the ‘Allow’ access list.
- Click the Next button. The Entering Your Exchange Client Access Server (CAS) Details dialog is displayed.
- Enter your server hostname in the Exchange CAS Host field.
- Click the Next button. The Test Authentication dialog is displayed.
- Complete the Domain Authentication Test dialog as follows:
Field / Option Description Domain Email Address Enter the domain's email address. Domain Password Enter the domain's password.
- Click the Test Authentication button. If authentication is configured successfully, the following message is displayed:
- Click the Enable button to enable authentication.