This article contains information on authentication options for Mimecast for Outlook, including password-protected, Microsoft 365, Windows Integrated, reverse proxy, and single sign-on methods, as well as user setup and administrator configuration steps.
Authentication Options for Administrators
When deploying Mimecast for Outlook, it is important to consider how your users will authenticate when gaining access to the features provided by the application. The following authentication options are available:
Password Protected
Users are required to open the Mimecast for Outlook Account Options and enter their password. You can choose to use one of the following authentication providers to validate the user's credentials:
- Mimecast Enabling Cloud Authentication.
- Active Directory Enabling Domain Authentication.
- Active Directory Enabling Domain Password Using AD FS.
- Active Directory Enabling EWS Domain Authentication.
As a user's password changes they'll need to re-enter their password in order to continue to use the Mimecast for Outlook features.
Mailboxes Hosted in Microsoft 365
If your organization uses Microsoft 365, you can use Password Protected authentication as described above and use Microsoft 365 as the authentication provider to validate user's credentials. See Azure Standard SSO Configuration.
Windows Integrated (Exchange 2013 to 2019 only)
Domains users, using a domain joined computer are authenticated automatically as they open Microsoft Outlook. Behind the scenes, Mimecast for Outlook uses Windows Integrated Authentication against an administrator-defined Exchange Web Services URL to authenticate users. See IWA Connectivity for full details.
When Microsoft Does CUs the Extended Protection will switch on. This will then need to be switched off again for IWA to work.
Using a Reverse Proxy (e.g. Microsoft Threat Management Gateway Server)
If you publish your Microsoft Exchange server to the internet using a reverse proxy server, you must ensure that requests from the Mimecast IP range are routed directly through to your Exchange Client Access server for this feature to be successful.
Single Sign-On
If your organization uses an Identity Provider (e.g. Microsoft Active Directory Federation Services, Okta, or OneLogin) users can use this provider to authenticate using Mimecast for Outlook. See Enforce SAML For End User Applications.
How to Users Can Set Up Authentication
The Mimecast for Outlook plugin allows your organization to authenticate on the plugin using either a cloud password or domain password. To authenticate your Mimecast for Outlook logins, your administrator will configure the methods on the Mimecast Administration Console via the Application Settings. The authentication methods you can use are:
- Automatic: You continue using Microsoft Office as normal.
- Manual: A dialog is displayed when you start Microsoft Outlook, requiring you to enter your credentials.
Your administrator may have defined more than one authentication method. See the IWA Connectivity page for more details.
To check on the authentication methods your administrator has defined:
- Select the Mimecast ribbon.
- Select the Account Options icon in the General section. The Authentication Settings dialog is displayed:
- Select an Authentication Option.
- Enter your Password.
For additional information and troubleshooting solutions, see Frequently Asked Questions.
Comments
Please sign in to leave a comment.