Administrator Authentication Profiles

Document created by user.oxriBaJeN4 Employee on Oct 4, 2018Last modified by user.oxriBaJeN4 Employee on Feb 28, 2019
Version 5Show Document
  • View in full screen mode

The Administrator Authentication Profile is a group of authentication settings that define how someone with an administrator role accesses Mimecast. Once enabled, it provides a simple method of applying the authentication settings defined in the profile are applied to all administrators across all Mimecast applications (i.e. not just the Administration Console).


To secure administrators, the profile must implement either 2-Step or SAML Authentication. 

While you can configure authentication settings to suit your organization, the administrator authentication profile cannot be removed.

Enabling the Administrator Authentication Profile


To enable the Administrator Authentication Profile:

  1. Log on to the Administration Console.
  2. Click on the Administration toolbar button. A drop down menu displays.
  3. Click on theServices | Applications menu item.
  4. Click on the Authentication Profiles button.
  5. Click on theCreate Default Admin Authentication Profile option. The profile is created with a name of “Account_Administrators_Authentication_Profile”.
Creating this profile immediately activates this authentication profile for all administrators on your account. Ensure your configuration options are valid before saving this profile.

Editing the Administrator Authentication Profile


To edit the Administrator Authentication Profile:

  1. Log on to the Administration Console.
  2. Click on the Administration toolbar button. A drop down menu displays.
  3. Click on the Services | Applications menu item.
  4. Click on the Authentication Profiles button.
  5. Select the “Account_Administrators_Authentication_Profile” profile from the list. The settings dialog displays.
  6. Edit the Settings as required.
  7. Click on the Save and Exit button. The settings apply immediately.

Configuring 2-Step Authentication


When configuring 2-Step Authentication, consider the following:

  • When accessing Mimecast from a trusted location (e.g. the corporate office) you can use the Trusted IP Ranges feature to configure trusted networks.
  • The ability to apply settings to different groups of administrators is not currently supported. By default, all users with a Mimecast administrator role are subject to the settings defined in the Administration Authentication Profile. If this causes your organization an issue, contact our Support Team for assistance.
  • The decision to display the in-line registration of a phone number is driven by the presence of the number in the user's SMS attribute.
  • Using SMS as the delivery mechanism for one time passwords requires that the user's phone number is recorded in the SMS attribute on their user record. To prevent specific users or administrators from being prompted to enter a phone number, ensure the SMS attribute is prepopulated only for the impacted users. This can be done:
    • Manually one user at a time.
    • Via a spreadsheet import.
    • Via Directory Synchronization.


Adding a Phone Number Manually


To add a phone number manually:

  1. Make a note of the SMS Attribute used to record a user's phone number:
    1. Log on to the Administration Console.
    2. Click on the Administration toolbar button. A drop down menu displays.
    3. Select the Account | Account Settings menu item.
    4. Expand the System Notification Options section.
    5. Take note of the SMS Attribute value.
  2. Enter the user's phone number:
    1. Click on the Administration toolbar button. A drop down menu displays.
    2. Select the Directories | Internal Directories menu item.
    3. Click on the Domain of the user you want to change.
    4. Click on the User you want to change.
    5. Find the SMS Attribute in the "General Attributes" section.
    6. Enter the user’s Phone Number without spaces and including the country code (e.g.+1 for a US number, or +44 for a UK number).
    7. Click on the Save and Exit button. 


Adding a Phone Number via Spreadsheet Import


See the Importing Users via a Spreadsheet page for full information on populating user's phone numbers via a spreadsheet.


Adding a Phone Number via Directory Synchronization

To use Directory Synchronization to populate the user’s phone number in Mimecast, you must have successfully synchronized your directory. View the Directory Synchronization section for more information.

To populate a user's phone number via Directory Synchronization:

  1. Identify your Directory's SMS attribute. The default values are:
    ExchangeDefault Attribute
    Active DirectorytelephoneNumber
    Azure Active DirectorymobilePhone”
  2. Create an Attribute. See the Managing Attributes page for full details.
    1. Select the Directory Linked Attribute option as the "Prompt Type".
  3. Add the attribute to your account settings:
    1. Click on the Administration menu item.
    2. Click on the Accounts | Account Settings menu item.
    3. Click on the System Notification Options tab.
    4. Click on the Lookup button in the SMS Attribute field.
    5. Locate the Directory Linked attribute.
    6. Click on the Select Attribute button.
    7. Click on the Save button. The next time your Directory synchronizes, the attribute will be populated.


See Also...


3 people found this helpful