Federated Account Administration: Overview

Document created by user.oxriBaJeN4 Employee on Sep 10, 2018Last modified by user.oxriBaJeN4 Employee on Apr 2, 2019
Version 2Show Document
  • View in full screen mode

Mimecast Federated Account Administration provides ultimate control for Managed Service Providers (MSPs) with top-down administration responsibilities of multiple customer accounts. This applies to MSP customers with the flexibility to manage or update their own account.




Federated Account Administration provides the following benefits:

  • Policy inheritance and hierarchy gives MSP administrators trickle-down policy control to all customers, or groups of customers. This allows the following capabilities:
    • Customers can be managed as one unit, or groups of accounts can be created to apply relevant policies.
    • Top-level policies managed by the MSP, are enforced on customer accounts regardless of any changes made by an administrator. These inherited or enforced policies can apply to security, retention, and other account settings.
  • MSPs benefit from more effective account management whilst individual customer accounts remain completely separate.
  • There is flexibility to manage individual accounts in a bespoke fashion, including retention settings.
  • Accounts can be grouped to allow granular permissions to be given to administrators, giving them responsibility for administrative duties. Administrators at the group level can only manage accounts nested below the group, and are not able to see other groups or anything above that level.
  • A hierarchical overview is provided of all nested accounts, to visually see and manage accounts, administrators, and policies.
  • All administrator activities are audited. Some activities are logged on multiple linked accounts (e.g. moving an account from one group to another).


Account Structure


Accounts can be moved around to create a hierarchy. Customer accounts can be added or removed from the Federated Account Administration structure. The ability is retained by Mimecast’s Service Delivery team.


Technical Details


  • Administrators log on using a dedicated federated administration address, allowing them access to the relevant customer accounts. This ensures full audit trails, granular permissions, and compliance capabilities.
  • For Federated Administration, you must use a domain that isn’t associated with a Mimecast account. We recommend the use of a sub-domain of an existing domain (e.g. ‘admin.company.com’).
  • Administrators with roles at the master account level are automatically given the same role on all the nested accounts (customer accounts and grouping accounts) that have opted into Federated Administration.
  • Administrators with roles at the group account level gain access to all accounts nested below the group account, and will not be able to see accounts higher up the hierarchy.

Federated Account Structure


See Also...