Various Mimecast applications can be configured to integrate with Microsoft Azure AD to perform various functions (e.g. Single Sign On). These include:
- Mimecast Administration Console
- Mimecast Personal Portal
- Mimecast End User Applications (e.g. Mimecast for Mac, Mimecast Mobile).
To integrate these Mimecast applications with Azure AD requires an application to be created. This guide describes how to create / configure these applications, and the benefits of doing so.
With an Azure AD application, you can:
- Control in Azure AD who has access to the Mimecast application.
- Enable your users to be automatically signed-in to the Mimecast application (Single Sign-On) with their Azure AD accounts.
- Manage your accounts in the Azure portal.
Configuring Azure AD
Creating an Azure AD Application
An Azure AD application must exist to accept service provider initiated SAML requests from us. If you've previously done this for another Mimecast application:
- Copy the Metadata URL from the previous setting.
- Use it on the new application.
- Import the certificate.
- Log on to the Azure Portal.
- Select Azure Active Directory from the navigation panel.
- Select the App Registrations.
- Click on the New Registration button.
- Complete the Register an Application dialog as follows:
- Name: Specify a name for the application that accurately describes its use (e.g. Mimecast Personal Portal, Mimecast Administration Console Mimecast End User Applications).
- Supported Account Types: Select the "Accounts in this organizational directory only" option.
- Redirect URL: Select the "Web" option and specify https://xx-api.mimecast.com/login/saml where xx is your location code (e.g. "eu" for Europe, "us" for United States, "za" for South Africa, "au" for Australia, or "jer" for Offshore).
- Click on the Register button.
The value of the application's Federation Metadata Document is required when configuring your Mimecast settings for SSO:
- Click on the application's Endpoints button.
- Copy the value of the Federation Metadata Document to your clipboard by clicking on the icon to the right of the field.
- Close the Endpoints dialog.
Setting the Application ID URL
- Click on the Expose an API menu item.
- Click on the Set link.
- Enter an Application ID URL of:
- xx is your location code (e.g. "eu" for Europe, "us" for United States, "za" for South Africa, "au" for Australia, or "jer" for Offshore).
- accountcode is your Mimecast account code.
- Click on the Save button.
Adding Your Application to the Azure My Apps Portal
To optionally add your application to the Azure AD My Apps portal:
- Log on to the Microsoft Azure Management Portal.
- Navigate to your Active Directory.
- Select the Application you have created.
- Set the Sign-On URL value to "https://login-xx.mimecast.com/m/portal" where:
- "xx" is your location code ("uk" for Europe (excluding Germany), "de" for Germany, "us" for United States, "za" for South Africa, "au" for Australia, or "webmail" for Offshore).
- Select Save.