This article contains information on enforcing SAML authentication profiles for Mimecast web applications based on user roles, exceptions, and troubleshooting steps for configuration issues.
When logging into a Mimecast web application (e.g. My Apps, Mimecast Administration Console, Mimecast Personal Portal) using SAML authentication, one of the following authentication profiles is enforced depending on whether your logon has an administrator role:
| Administrator Role | Authentication Profile | Comments |
|---|---|---|
| Yes | Enforce SAML Configuration for Administrators | This ensures your administrator login is secure. |
| No | Enforce SAML Configuration for Mimecast Web Apps | Single Sign On needs no additional configuration. |
Exceptions
The following are not affected:
- The SAML Configuration for End User Applications authentication profile (e.g. Mimecast for Outlook).
- Single log-in behavior (e.g., logging in once to be authenticated across all Mimecast applications).
- IDP initiated log-on.
Troubleshooting
If you haven't configured SAML correctly in the IDP, you may experience the following behavior depending on whether your logon has an administrator role:
- If your logon has an administrator role, you're taken to the Mimecast Administration Console regardless of the app being accessed.
- If your login doesn't have an administrator role and has access to more than one Mimecast application, you're taken to Mimecast Personal Portal.
If you experience this behavior, correct your SAML configuration. See Global SAML URLs and Audience Values.
Comments
Please sign in to leave a comment.