This guide describes how the Synchronization Engine Administrator role can be applied to a dedicated service account.
The Synchronization Engine Administrator role, is a predefined role that facilitates operational requirements for Mimecast Synchronization v4 or later. Users with this role are not permitted to log in to the Administration Console.
The Mimecast credentials specified during a site bind, are typically that of a Mimecast administrator. We recommend creating dedicated service accounts for use with Mimecast Synchronization Engine, and assigning the Synchronization Engine Administrator role to it. This provides separation between operational requirements of Mimecast Synchronization Engine, from those of an administrator. The Synchronization Engine Administrator role grants read, edit, and sync application permissions for Mimecast Synchronization Engine sites.
- When binding a Mimecast Synchronization Engine v4 site, the Mimecast credentials for the designated user are required.
- When creating an Authentication profile, the 2-Step Authentication needs to be turned off.
Assigning the Synchronization Engine Administrator Role to a User
To assign the Synchronization Engine Administrator role to a user:
- Log on to the Administration Console.
- Click on the Administrator toolbar button. A menu drop down is displayed.
- Select the Account | Roles menu item.
- Click on the Synchronization Engine Administrator role.
- Click on the Add User to Role button.
- Select the Check Box to the left of the users to be allocated the role.
- Click on the Add Selected Users button. The user's account is listed as a member of the Synchronization Engine Administrator role.
Binding the Mimecast Synchronization Engine Site
To bind the Mimecast Synchronization Engine site:
- Open Mimecast Synchronization Engine.
- Configure the Accounts tab. See the Mimecast Synchronization Engine (MSE) Site Configuration page for further details.
- Click on the Apply button. The site bind process starts.
- Provide the Mimecast Credentials in the validation dialog as follows:
Header 1 Header 2 Email Address Specify the email address of the user with the Synchronization Engine Administrator role. Password Specify the password of the user with the Synchronization Engine Administrator role. Authentication Type Specify an Authentication Type. Check you have the correct value before continuing.Failure to provide correct credentials for the selected authentication type (e.g. a user with insufficient permissions or using an authentication profile with 2-Step Authentication) results in the site bind being unsuccessful.
- Click on the Bind button. A Validation dialog displays a confirmation dialog on whether the site bind was a success or failure.
- Click on the Close button on the validation dialog.
- Click on the Close button on the Mimecast Synchronization Engine dialog.