Mimecast Awareness Training: Configuring Administration Preferences

Document created by user.oxriBaJeN4 Employee on Sep 13, 2018Last modified by user.oxriBaJeN4 Employee on Oct 5, 2018
Version 12Show Document
  • View in full screen mode

This guide describes how administrators can configure their Mimecast Awareness Training account settings. End users wanting to configure their settings should read the Changing Your Local Language page.


Accessing Ataata SettingsTo configure your administration preferences:

  1. Click on your Account Icon in the top right hand corner.
  2. Click on the Settings menu item. Your company settings are displayed.
  3. Click on one of the following menu items in the left hand navigation panel:
    • Current Account Settings
    • Features
    • Configuration
    • Configure SSO
  4. Complete the Settings as required.
  5. Click on the Save Settings button.


Current Account Settings


Full NameChanges the account name displayed in the "Logged In As" setting of the toolbar.
New PasswordAllows you to change your password. A check is made to ensure the values in both fields are the same. The specified values must be at least eight characters, and contain at least one capital letter and one number.
Repeat Password




Pricing TierDisplays your current licencing level.
Enable PhishingMimecast Awareness Training's phishing training functionality is part of your tier plan, but is disabled by default. You can enable / disable phishing training emails by clicking on either the Enable Phishing or Disable Phishing button.
Disabling phishing also deletes all data related to the phishing training. A confirmation dialog is displayed requiring you to confirm this is what you intended.




Reply to Source AddressIf set, this replaces the default noreply@ataata.com email address used in messages and alerts with another email address. If a recipient replies to a message, it will be sent to the specified address. This option doesn't change the source address in the message header, unless the Use This Email as Source Address option is selected, but this must be set by our Support Team.
New User PolicyControls whether new users automatically receive notifications of past videos.
  • New: New users are only notified of newly released modules.
  • All: New users are sent a message each day reminding them to look at all released modules. These messages cease when they've seen all released modules.
Toggle Training Module AcknowledgementControls whether an acknowledgement is sent to users to confirm they've read and understood your security awareness policy. If selected, clicking the Edit Acknowledgement button allows you to customize the acknowledgement. Up to 300 characters can be specified.
Time Zone SettingsSelect a time window during which emails, alerts and notifications are sent to users.
Enable / Disable External API AccessControls whether external access to Ataata's API is enabled. If enabled, a secret passphrase must be added and confirmed. The specified values must be at least eight characters, and contain at least one capital letter and one number.
Company Logo ConfigurationAllows you to specify your company logo and control how it is applied.
Field / OptionDescription
Logo Applies to EmailsThe image is added to all Mimecast Awareness Training notifications sent to users.At least one of these options must be selected if using a logo.
Logo Applies to BrandingThe image is added to the top left hand corner of the administration dashboard and end user libraries.
Upload File From SystemIf selected, click and drag an image into the "Drag and Drop" panel.The recommended image size is 100 px x 50 px.  Supported image file formats are .GIF, .PNG, .JPG, or .BMP file.
Upload Public URLIf selected, you can specify the URL of the image to use.
Outlook Add In ConfigurationClick on the Configure button to configure Mimecast Awareness Training's Microsoft Outlook add-in.
Header 1Header 2
Forward Non-Simulated Phishing Emails ToSpecify an email address that users can report any non-simulated phishing emails to. You can use multiple email addresses for this action. See the Outlook Add In Considerations section below.
Send Us a CopyIf selected, Mimecast also receives a copy of any reported non-simulated phishing emails.
Non-Simulated Emails Action

Specify an action to take once a user reports a phishing message that isn't a simulated phishing message:

  • No Action: The email remains in the user's inbox.
  • Delete Email: The email is deleted from user's inbox and moved to their trash folder.
  • Move to Junk: The email is deleted from the user's inbox and moved to their junk folder.
Forwarded Email PrefixSpecify a prefix that is appended to the subject of any forwarded message (e.g. [Phishing Alert]).
User Message to Show for Non-Phishing TestSpecify a message that a user receives when they report a phishing attempt that isn't a simulated phishing message.
User Message to Show for Phishing TestSpecify a message that a user receives  when they report a phishing attempt that is a simulated phishing message.
Button TextSpecify a name for the icon used to report a phishing attempt.
Support Email AddressIf required, specify a company's email address that all user feedback or support requests are forwarded to. Mimecast automatically receives all feedback or support requests, and will respond appropriately.
Upon Employee Deletion

Specify what happens when a request is made to delete a user:

  • Delete From System: The user is removed from the system and all data and statistics are permanently deleted. 
  • Mark as Inactive: The user remains on the system as inactive with all it's data and statistics, but won't be included in any future training exercises.


Phishing Email AddressesOutlook Add In Considerations


The Outlook add-in checks the email source address against the preconfigured Mimecast Awareness Training list (shown right) to determine if it is either a simulated phishing email from Mimecast.

  • If the add in detects a known source address, it marks the email as simulated.
  • If no source address matches, the add-in marks the email as non-simulated.


The email is forwarded to Mimecast when the user selects the phishing alert icon. It is not sent to Mimecast for validation first. The Add-In is configured to look for different Mimecast Awareness Training source email address lists (see right) as part of creating a phishing campaign. It doesn't look at email headers to determine if an email is a simulated or non-simulated phishing email.


Once the add-in configuration is completed, Click on the Download Add In button to download the settings to an .XML file called "phishing.manifest.xml". You can work with your IT department to deploy the add-in to your employees' machines.


Configuring SSO


Configuring Single Sign-On (SSO) allows users to logon using the same credentials as their corporate Identifiy Provider (IdP). Using SSO requires you to supply your IdP metadata and configure Ataata's metadata in your IdP configuration.


To configure Single Sign-On:

  1. Click on the Proceed button.
  2. Select one of the following Authentication Request Binding methods:
    • HTTP-Redirect
    • HTTP-Post
  3. Select one of the following Add Authentication Metadata options:
    • Identity Provider Metadata URL specifying the URL of your identity provider's metadata.
    • Identity Provider Metadata specifying your identity provider's metadata.
  4. Click on the Submit button. If the metadata could be retrieved, the dialog shown is displayed.

    Click on the ? icon in the top right hand corner to display a list of helpful resources, including a link for configuring ADFS for Mimecast Awareness Training.

  5. Click on the Download Ataata Metadata button to download the Ataata metadata XML file. You'll need to specify this on your side to complete the SSO configuration.


Updating Your SSO Certificate


Should you need to update your SSO certificate:

  1. Display your SSO Configuration (see above).
  2. Change the configuration as required.
  3. Click on the Update SSO Configuration button.


See Also...