This article contains reference information for the global URLs and audience values that should be used when configuring an Identity Provider for Mimecast SAML Authentication.
Audience
The SAML audience, also referenced as an identifier, specifically relates to the setting that defines this element in a SAML response:
<Conditions NotBefore="2015-03-05T11:04:54.518Z" NotOnOrAfter="2015-03-05T12:04:54.518Z"> <AudienceRestriction> <Audience>host.domain.com.ACCOUNTCODE</Audience> </AudienceRestriction> </Conditions>
The values for the SAML audience/identifier for each Mimecast region and application are listed below:
For customers using Azure Active Directory, note that Azure AD has different values.
End User Applications
Replace .ACCOUNTCODE with your unique Mimecast Account Code. This can be found in the Administration | Account | Account Settings menu item in the Mimecast Administration Console.
| Region | Value | Azure AD Value |
|---|---|---|
| Europe (Excluding Germany) | eu-api.mimecast.com.ACCOUNTCODE | https://eu-api.mimecast.com/sso/ACCOUNTCODE |
| Germany | de-api.mimecast.com.ACCOUNTCODE | https://de-api.mimecast.com/sso/ACCOUNTCODE |
| United States of America | us-api.mimecast.com.ACCOUNTCODE | https://us-api.mimecast.com/sso/ACCOUNTCODE |
| United States of America (USB) | usb-api.mimecast.com.ACCOUNTCODE | https://usb-api.mimecast.com/sso/ACCOUNTCODE |
| Canada | ca-api.mimecast.com.ACCOUNTCODE | https://ca-api.mimecast.com/sso/ACCOUNTCODE |
| South Africa | za-api.mimecast.com.ACCOUNTCODE | https://za-api.mimecast.com/sso/ACCOUNTCODE |
| Australia | au-api.mimecast.com.ACCOUNTCODE | https://au-api.mimecast.com/sso/ACCOUNTCODE |
| Offshore | je-api.mimecast.com.ACCOUNTCODE | https://jer-api.mimecast.com/sso/ACCOUNTCODE |
Administration Console
| Region | Value | Azure AD Value |
|---|---|---|
| Europe (Excluding Germany) | eu-api.mimecast.com.ACCOUNTCODE | https://eu-api.mimecast.com/sso/ACCOUNTCODE |
| Germany | de-api.mimecast.com.ACCOUNTCODE | https://de-api.mimecast.com/sso/ACCOUNTCODE |
| United States of America | us-api.mimecast.com.ACCOUNTCODE | https://us-api.mimecast.com/sso/ACCOUNTCODE |
| United States of America (USB) | usb-api.mimecast.com.ACCOUNTCODE | https://usb-api.mimecast.com/sso/ACCOUNTCODE |
| Canada | ca-api.mimecast.com.ACCOUNTCODE | https://ca-api.mimecast.com/sso/ACCOUNTCODE |
| South Africa | za-api.mimecast.com.ACCOUNTCODE | https://za-api.mimecast.com/sso/ACCOUNTCODE |
| Australia | au-api.mimecast.com.ACCOUNTCODE | https://au-api.mimecast.com/sso/ACCOUNTCODE |
| Offshore | jer-api.mimecast.com.ACCOUNTCODE | https://jer-api.mimecast.com/sso/ACCOUNTCODE |
Mimecast Personal Portal
| Region | Value | Azure AD Value |
|---|---|---|
| Europe (Excluding Germany) | eu-api.mimecast.com.ACCOUNTCODE | https://eu-api.mimecast.com/sso/ACCOUNTCODE |
| Germany | de-api.mimecast.com.ACCOUNTCODE | https://de-api.mimecast.com/sso/ACCOUNTCODE |
| United States of America | us-api.mimecast.com.ACCOUNTCODE | https://us-api.mimecast.com/sso/ACCOUNTCODE |
| United States of America (USB) | usb-api.mimecast.com.ACCOUNTCODE | https://usb-api.mimecast.com/sso/ACCOUNTCODE |
| Canada | ca-api.mimecast.com.ACCOUNTCODE | https://ca-api.mimecast.com/sso/ACCOUNTCODE |
| South Africa | za-api.mimecast.com.ACCOUNTCODE | https://za-api.mimecast.com/sso/ACCOUNTCODE |
| Australia | au-api.mimecast.com.ACCOUNTCODE | https://au-api.mimecast.com/sso/ACCOUNTCODE |
| Offshore | je-api.mimecast.com.ACCOUNTCODE | https://jer-api.mimecast.com/sso/ACCOUNTCODE |
Destination
The SAML destination, also referenced as an endpoint, is the URL of the Mimecast application that the Identity Provider should send the SAML response to. For end-user applications (e.g., Mimecast for Outlook), there is a single URL for each region. For the Administration Console and Mimecast Personal Portal, there are two destination URLs for each region and application: one for Service Provider Initiated sign-on and one for Identity Provider Initiated sign-on. The difference in each case is the "?action=sso" value at the end of the URL for Identity Provider Initiated sign-on. Typically, you should be able to add both URLs to the application if your Identity Provider supports both sign-on methods.
The destination/endpoint URL's for each Mimecast application and region are listed below:
End User Applications
| Region | Service Provider Initiated |
|---|---|
| Europe (Excluding Germany) | https://eu-api.mimecast.com/login/saml |
| Germany | https://de-api.mimecast.com/login/saml |
| United States of America | https://us-api.mimecast.com/login/saml |
| United States of America (USB) | https://usb-api.mimecast.com/login/saml |
| Canada | https://ca-api.mimecast.com/login/saml |
| South Africa | https://za-api.mimecast.com/login/saml |
| Australia | https://au-api.mimecast.com/login/saml |
| Offshore | https://jer-api.mimecast.com/login/saml |
Administration Console
| Region | Service Provider Initiated | Identity Provider Initiated |
|---|---|---|
| Europe (Excluding Germany) | https://eu-api.mimecast.com/login/saml | https://eu-api.mimecast.com/login/sso/adcon |
| Germany | https://de-api.mimecast.com/login/saml | https://de-api.mimecast.com/login/sso/adcon |
| United States of America | https://us-api.mimecast.com/login/saml | https://us-api.mimecast.com/login/sso/adcon |
| United States of America (USB) | https://usb-api.mimecast.com/login/saml | https://usb-api.mimecast.com/login/sso/adcon |
| Canada | https://ca-api.mimecast.com/login/saml | https://ca-api.mimecast.com/login/sso/adcon |
| South Africa | https://za-api.mimecast.com/login/saml | https://za-api.mimecast.com/login/sso/adcon |
| Australia | https://au-api.mimecast.com/login/saml | https://au-api.mimecast.com/login/sso/adcon |
| Offshore | https://jer-api.mimecast.com/login/saml | https://jer-api.mimecast.com/login/sso/adcon |
Mimecast Personal Portal
| Region | Service Provider Initiated | Identity Provider Initiated |
|---|---|---|
| Europe (Excluding Germany) | https://eu-api.mimecast.com/login/saml | https://eu-api.mimecast.com/login/sso/mpp |
| Germany | https://de-api.mimecast.com/login/saml | https://de-api.mimecast.com/login/sso/mpp |
| United States of America | https://us-api.mimecast.com/login/saml | https://us-api.mimecast.com/login/sso/mpp |
| United States of America (USB) | https://usb-api.mimecast.com/login/saml | https://usb-api.mimecast.com/login/sso/mpp |
| Canada | https://ca-api.mimecast.com/login/saml | https://ca-api.mimecast.com/login/sso/mpp |
| South Africa | https://za-api.mimecast.com/login/saml | https://za-api.mimecast.com/login/sso/mpp |
| Australia | https://au-api.mimecast.com/login/saml | https://au-api.mimecast.com/login/sso/mpp |
| Offshore | https://je-api.mimecast.com/login/saml | https://jer-api.mimecast.com/login/sso/mpp |
Comments
Please sign in to leave a comment.