Awareness Training - Configuring SSO For End Users

Updated

This article describes the End User Single Sign-On (SSO) options for Mimecast Awareness Training, and is intended for Administrators.

This functionality is available for Email Security Cloud Gateway only.

Introduction

Mimecast Awareness Training supports both Service Provider (SP) initiated SAML authentication, and Identity Provider (IdP) initiated SAML authentication.

SP Initiated SAML Authentication

SP initiated SAML authentication is used when the end user clicks on the link provided within the Mimecast Awareness Training email notification. The link directs you to the Mimecast Awareness Training interface, and automatically enters your user name (i.e., email address). The Interface guides you through to your Identity Provider, and if you are already authenticated, you are automatically logged in. The password must be provided if you are not authenticated with your Identity Provider.

This method uses the Enforce SAML Authentication for Mimecast Web Apps section within Configuring Authentication Profiles

To configure SP initiated SAML authentication for Mimecast Awareness Training, follow the correct link based on your Identity Provider:

When configuring this option for Mimecast Awareness Training, this will automatically mean that end users will have to authenticate with the Identity Provider when accessing the Mimecast Personal Portal.

IdP Initiated SAML Authentication

IdP initiated SAML authentication is used when the end user logs into the Identity Provider, and clicks on the Mimecast Awareness Training application that has been made available. The IdP opens a new tab and automatically logs you into the Mimecast Awareness Training interface.

This method uses the Enforce SAML Authentication for End User Applications section within Configuring Authentication Profiles.

If you are using any other end-user application, such as:

  • Mimecast for Outlook.
  • Mimecast Mobile.
  • Mimecast for Mac.
  • Mimecast Partner Portal.

You can’t use IdP SAML Authentication for Mimecast Awareness Training, as the required configuration results in the authentication of the other end user applications failing. Mimecast is aware of this known issue but is not planning to fix it. Configure your Mimecast Awareness Training Account with Unauthenticated End User Access or Service Provider-initiated SAML as a workaround.

If you aren’t using any other Mimecast end user applications and want to configure IdP Initiated SAML Authentication for Mimecast Awareness Training, use the following regional URLs in the table below as the Assertion Consumer Service (ACS) URL. Ensure the URLs are used while following the instructions on the link below based on your Identity Provider:

Region URL
Europe (Excluding Germany) https://eu-api.mimecast.com/login/sso/api?redirection-url=https%3A%2F%2Flogin-uk.mimecast.com%2Fu%2Flogin%2F%3Fgta%3Dmatfe%23%2Flogin
Germany https://de-api.mimecast.com/login/sso/api?redirection-url=https%3A%2F%2Flogin-de.mimecast.com%2Fu%2Flogin%2F%3Fgta%3Dmatfe%23%2Flogin
United States of America https://us-api.mimecast.com/login/sso/api?redirection-url=https%3A%2F%2Flogin-us.mimecast.com%2Fu%2Flogin%2F%3Fgta%3Dmatfe%23%2Flogin
Canada https://ca-api.mimecast.com/login/sso/api?redirection-url=https%3A%2F%2Flogin-ca.mimecast.com%2Fu%2Flogin%2F%3Fgta%3Dmatfe%23%2Flogin
South Africa https://za-api.mimecast.com/login/sso/api?redirection-url=https%3A%2F%2Flogin-za.mimecast.com%2Fu%2Flogin%2F%3Fgta%3Dmatfe%23%2Flogin
Australia https://au-api.mimecast.com/login/sso/api?redirection-url=https%3A%2F%2Flogin-au.mimecast.com%2Fu%2Flogin%2F%3Fgta%3Dmatfe%23%2Flogin
Offshore https://jer-api.mimecast.com/login/sso/api?redirection-url=https%3A%2F%2Flogin-je.mimecast.com%2Fu%2Flogin%2F%3Fgta%3Dmatfe%23%2Flogin
US-B https://usb-api.mimecast.com/login/sso/api?redirection-url=https%3A%2F%2Flogin-usb.mimecast.com%2Fu%2Flogin%2F%3Fgta%3Dmatfe%23%2Flogin

Related to

Was this article helpful?
1 out of 1 found this helpful

Comments

0 comments

Please sign in to leave a comment.