This article contains information on Mimecast's Federated Account Administration (FAA), detailing features like policy inheritance, federated administration, account hierarchy management, role-based access, and configuration steps for master, group, and nested accounts to streamline complex email environments.
Overview
Customers, partners, and/or service providers with more complex email management environments may select Federated Account Administration services for the organization. This provides additional options and benefits, as described below.
-
-
- Policy Inheritance: Sub-accounts that have opted-in to this functionality respect the policies of the master and/or group accounts.
- Federated Administration: Administrators that belong to the federated administration domain gain access to nested accounts that have opted-in to this functionality. This facilitates the administration of multiple accounts from the same browser window.
-
This setup is useful where you have multiple segregated Mimecast accounts. The master and group account administrators can control specific (inheritable) policies that nested accounts must respect. Administrators of nested accounts can also only access content and settings for their own sub-accounts.
Cybergraph is supported in FAA environments without policy inheritance (excluding US & USB grids).
Master Accounts
Many menu options and functionalities are the same as the standard Mimecast Administration Console. The following menu options are available in the Master account:
| Menu | SubMenu | Description |
|---|---|---|
| Account | Announcements | Displays the latest product announcements from Mimecast. |
| Dashboard | Displays the default landing page for the Master account, as defined above. | |
| Hierarchy | This menu is used to manage the hierarchical structure of the Federated Account Administration setup. | |
| Logs | Tracks activity in the Mimecast account. | |
| Roles | Manages administrator permissions. By default, only the Master Administrator Role is available on the Master account. | |
| Settings | Controls settings for the Mimecast account. | |
| Gateway | Outbound | Provides a list of authorized outbound IP addresses used by the Federated Account Administration setup. |
| Directories | Internal | Provides a read-only view of the nested account's internal domains and the Federated Administration Domain belonging to the master. |
| Import | Allows administrators to import data to Mimecast. This is used to create addresses for the federated administration domain. |
Some differences between the Federated Account Administration Master Console and the standard Administration Console are detailed below.
Account Settings
Four additional options are available in Account | Settings:
| Feature | Description |
|---|---|
| Enable Policy Inheritance | Allows mail processing nested accounts to consider the policies configured on group and/or master accounts, as long as all relevant accounts have this option enabled. Mimecast Support enables this. |
| Enable Federated Administration | Enables additional roles to allow Federated Administration of group and mail processing nested accounts. Mimecast Support enables this. |
| Enable Federated Content View | Allows federated administrators to have content view permissions for all nested accounts that have enabled federated administration. Mimecast support enables this. |
| Federated Administration Domain | Specifies the domain name used for federated administration. |
Accounts Hierarchy
The Accounts | Hierarchy menu item enables master account administrators to view and manage the hierarchy of the federated account administration setup. For more information, view the Advanced / Federated Account Administration: Account Structures page.
Accounts Roles
Once the Basic Administrator has been allocated to the master account and with Federated Administration enabled on the group and/or mail processing accounts, they can access the nested accounts:
- Log in to the Master Account's Administration Console.
- Navigate to Account | Roles. A list of roles is displayed.
- Click on the Federated Administrators Access button. The nested accounts are displayed.
- Click on the Switch to Account link to the right of the required account.
To navigate back to the Master account or to another account:
- Click on the Account | Roles menu item on the nested account.
- Click on the Federated Administrator Access button.
- Click on the Switch to Account link to the right of the required account.
Group Accounts and Mail Processing Accounts
The master account controls all nested accounts. To enable Federated Administration, the Enable Federated Administration option must be selected in your Account | Settings. This allows the account to opt in to Federated Account Administration and is enabled by Super or Partner Administrators. Mimecast Support enables this option for any group account.
Comments
Please sign in to leave a comment.