Creating / Configuring a Microsoft Azure AD Application

Document created by user.oxriBaJeN4 Employee on Jun 4, 2019Last modified by user.oxriBaJeN4 Employee on Jul 4, 2019
Version 10Show Document
  • View in full screen mode

Various Mimecast applications can be configured to integrate with Microsoft Azure AD to perform various functions (e.g. Single Sign On). These include:


To integrate these Mimecast applications with Azure AD requires an application to be created. This guide describes how to create / configure these applications, and the benefits of doing so.




With an Azure AD application, you can:

  • Control in Azure AD who has access to the Mimecast application.
  • Enable your users to be automatically signed-in to the Mimecast application (Single Sign-On) with their Azure AD accounts.
  • Manage your accounts in the Azure portal.


Configuring Azure AD


Creating an Azure AD Application


An Azure AD application must exist to accept service provider initiated SAML requests from us. If you've previously done this for another Mimecast application:

  1. Copy the Metadata URL from the previous setting.
  2. Use it on the new application.
  3. Import the certificate.


Creating an ApplicationIf you haven't created an Azure AD application:

  1. Log on to the Azure Portal.
  2. Select Azure Active Directory from the navigation panel.
  3. Select the App Registrations.
  4. Click on the New Registration button.
  5. Complete the Register an Application dialog as follows:
    • Name: Specify a name for the application that accurately describes its use (e.g. Mimecast Personal Portal, Mimecast Administration Console Mimecast End User Applications).
    • Supported Account Types: Select the "Accounts in this organizational directory only" option.
    • Redirect URL: Select the "Web" option and specify where xx is your location code (e.g. "eu" for Europe, "us" for United States, "za" for South Africa, "au" for Australia, or "jer" for Offshore).
  6. Click on the Register button.


Federated MetadataNoting the Federation Metadata Document


The value of the application's Federation Metadata Document is required when configuring your Mimecast settings for SSO:

  1. Click on the application's Endpoints button.
  2. Copy the value of the Federation Metadata Document to your clipboard by clicking on the Copy icon icon to the right of the field.
  3. Close the Endpoints dialog.


Setting the Application ID URL


Copying an Application keyThe Application ID URL is the link between Azure AD and Mimecast. Without this being specified in your Azure AD application, SSO fails:

  1. Click on the Expose an API menu item.
  2. Click on the Set link.
  3. Enter an Application ID URL of: 
    • xx is your location code (e.g. "eu" for Europe, "us" for United States, "za" for South Africa, "au" for Australia, or "jer" for Offshore).
    • accountcode is your Mimecast account code.
  4. Click on the Save button.


Adding Your Application to the Azure My Apps Portal


If you create an application in Microsoft Azure, you can optionally publish it to the Azure My Apps portal. 


Microsoft themselves have created an application to use with the Mimecast Personal Portal and Mimecast Administration Console in the Azure My Apps portal. Whilst these may be useful, Mimecast takes no responsibility for issues that may result from using them. See the following guides in the Microsoft Azure documentation for further details:


To optionally add your application to the Azure AD My Apps portal:

  1. Log on to the Microsoft Azure Management Portal.
  2. Navigate to your Active Directory.
  3. Select the Application you have created.
  4. Set the Sign-On URL value to "" where:
    • "xx" is your location code ("uk" for Europe (excluding Germany), "de" for Germany, "us" for United States, "za" for South Africa, "au" for Australia, or "webmail" for Offshore).
  5. Select Save.


See Also...