Advanced and Federated Accounts - Federated Account Overview

This article contains information on Mimecast Federated Account Administration (FAA), highlighting benefits like policy inheritance, hierarchical account management, granular permissions, and audit trails, along with technical details for setup and administration of multiple accounts efficiently.

Mimecast Federated Account Administration provides ultimate control for customers with top-down administration responsibilities of multiple accounts.

Benefits

Federated Account Administration provides the following benefits:

• Customers have the flexibility to manage or update their own account.

  • Policy inheritance and hierarchy give administrators trickle-down policy control to all accounts. This allows the following capabilities:

    • Accounts can be managed as one unit, or groups of accounts can be created to apply relevant policies.

    • Top-level policies, managed by the top-level administrator, are enforced on accounts regardless of any changes made by an administrator. These inherited or enforced policies can apply to security, retention, and other account settings.

  • Customers benefit from more effective account management, whilst individual accounts remain completely separate.

  • There is flexibility to manage individual accounts in a bespoke fashion, including retention settings.

  • Accounts can be grouped to allow granular permissions to be given to administrators, giving them responsibility for administrative duties. Administrators at the group level can only manage accounts nested below the group and are not able to see other groups or anything above that level.

  • Granular controls allow you to restrict administrative access to specific domains via grouping accounts, ensuring only authorized staff members can access or manage particular domains within your organization's FAA environment.

  • A hierarchical overview is provided of all nested accounts to visually see and manage accounts, administrators, and policies.

  • All administrator activities are audited. Some activities are logged on multiple linked accounts (e.g., moving an account from one group to another).

Account Structure

Accounts can be moved around to create a hierarchy. Customer accounts can be added or removed from the Federated Account Administration structure. The ability is retained by Mimecast's service delivery team.

Technical Details

• Administrators log on using a dedicated federated administration address, allowing them to access the relevant customer accounts. This ensures full audit trails, granular permissions, and compliance capabilities.

  • For Federated Administration, you must use a domain that isn't associated with a Mimecast account. We recommend the use of a sub-domain of an existing domain (e.g., 'admin.company.com').

  • Administrators with roles at the master account level are automatically given the same role on all the nested accounts (customer accounts and grouping accounts) that have opted into Federated Administration.

  • Administrators with roles at the group account level gain access to all accounts nested below the group account and will not be able to see accounts higher up the hierarchy.

  • When an account is part of an FAA structure, it may not support adding external partner administrators directly. To add external administrators, the account may need to be removed from the FAA structure first.

See Also...

• Federated Account Administration Differences

  • Advanced / Federated Account Administration: Account Structures

  • Federated Administration: Managing Roles and Account Settings