Directory Synchronization - Migrating Server Connectors

Updated

This article contains information on migrating Azure Directory Synchronization Connectors to a new OAuth 2.0-based method, detailing the migration steps, requirements, and post-migration recommendations to ensure secure and efficient integration with Mimecast.

Customers seeing the dialog boxes appearing when logging in to the Administration Console relating to migrating directory connectors (see image) must follow the migration steps outlined in this service update by the August 18th, 2024 to avoid any potential disruption to service:

This guide describes the connectivity method update for Azure Active Directory integrations. Your Azure Active Directory Synchronization integration will start using a Connector to communicate with Mimecast. The connector will use the OAuth 2.0 standard for authentication and will adhere to the Principle of Least Privilege (PoLP).

The same connectivity method has previously been released for other Mimecast services such as:

      • Threat remediation
      • Continuity
      • Exchange Sync & Recover

When using a connector, you will no longer have to create and manage an Azure application for Azure Active Directory Synchronization within your Azure tenant. Instead, Mimecast will take you through a consent workflow. Once consent has been granted, Mimecast will start to use secure tokens to communicate with your Azure tenant. The mechanism to obtain secure tokens will use a daily rotating certificate to provide a further layer of security to the communication between your Mimecast account and your Azure tenant.

We will provide a migration experience which can be followed using the steps below. We will prevent any additional configuration changes for existing Azure Active Directory integrations until they have been migrated to the updated connectivity method.

 

Requirements

To complete the migration successfully you will need: 
      • A Mimecast administrator account that has edit permissions for:
        • Services | Directory Synchronization.
        • Services | Connectors.
      • A Microsoft Azure administrator account that has the permissions to grant consent to applications.

 

Migrating a Connector

  1. Log in to the Administration Console. 
  2. Navigate to Services | Connectors.
  3. Click the Migrate button to begin the migration process for each integration.
  4. Click the Log In button.
  5. Review and grant the requested permissions using your Azure administrator account. 
  6. Enter a connector Name and Description (optional).
  7. Click the Next button. 
  8. Review the connector summary and click the Create Connector button. 
  9. The migration is now complete and the new connector is visible in the Connectors tab.
  10. Once the migration process for all your Azure integrations is complete, the migration page will no longer be visible to you in Mimecast Administration Console..
  • Post migration, we recommend you remove the previously created Azure application from your Azure tenant, that relates specifically to the Mimecast connector that you just created as it will no longer be required.  
  • Please do not delete/remove the Single Sign On Authentication Application settings in Azure.

See also...

Related to

Was this article helpful?
1 out of 1 found this helpful

Comments

0 comments

Please sign in to leave a comment.