Mimecast Security Agent: Transparent User ID

Document created by user.oxriBaJeN4 Employee on Mar 5, 2019Last modified by user.oxriBaJeN4 Employee on Apr 16, 2019
Version 20Show Document
  • View in full screen mode

This guide describes how the Transparent User ID functionality removes the need for users to log into, or interact with, the Mimecast Security Agent (MSA). It achieves this by automatically identifying the domain user's primary email address.

The Transparent User ID functionality does not authenticate or validate the user's credentials. It identifies the user by acquiring the authentication information provided when they first log on to the operating system. The email address is verified several times a day to ensure it's valid.

Before using Transparent User ID, ensure the following requirements are met:

  • A directory connector is configured on your Mimecast account.
  • The users logging onto Windows or Mac devices have a domain email address configured in the directory.
  • The same email address is synchronized to Mimecast, denoted by the "Extracted from Directory" icon. See the Managing User Email Addresses page for more information.


To determine how a user has been identified, view the "Discovery Method" column available in the following Web Security menu items:

The "Policy Scope" column in the table below denotes to whom the web security policy can be applied to. See the Mimecast Web Security: Managing a Policy for further details.
Discovery MethodDescriptionPolicy Scope
AuthenticatedThe user has logged into their Mimecast profile using an email address and password. This overrides other discovery methods.User or Group
Domain UserThe user has been automatically identified as a valid domain user, as it has been matched against the internal directory.User or Group
Unknown Domain UserThe user has been automatically identified as a domain user, but the MSA was unable to match it against the internal directory. This could be because it's a new user and directory synchronization hasn't taken place.Location or Everyone
Local UserThe user is local to the device and not a domain user.Location or Everyone
Multiple Users

MSA has determined that more than one user is logged into the device. The policy application will fall back to a location based policy, or a policy that covers “everyone”.

Location or Everyone

No Logged In User

There are no users logged in to the device. 

Location or Everyone

Network Protection Only

A device on a protected network that doesn't have MSA installed (e.g. it is using a guest Wi-Fi). 

Location or Everyone


Enabling Transparent User ID


To enable Transparent User ID:

  1. Log on to the Administration Console.
  2. Click on the Administration toolbar menu item.
  3. Select the Web Security | Agent Settings menu item.
  4. Click on the Settings tab.
  5. Enable the Transparent User ID option.


See Also...


1 person found this helpful