This article contains information on setting up and managing Microsoft 365 Users and Groups with Mimecast, including adding internal email domains, Directory Synchronization, and configuring sign-in options using Azure and SAML SSO. It it intended for Administrators.
Step 1: Add Your Internal Email Domains
Before creating users, you must add your organization's internal email domains to Mimecast. When your account was originally provisioned at least 1 internal domain would have already been added.
See the Email Domains guide to learn about adding and managing Mimecast Internal Domains.
Step 2: Set up Directory Synchronization
Once all of your internal email domains have been added, you can synchronization users and groups from Microsoft 365 to Mimecast using a cloud-to-cloud connection from Mimecast to Windows Azure Active Directory. This allows you to automate user and group management and optionally add user attributes to Mimecast users that can be used to apply policies, or in Stationery layouts.
See the following article for full guidance:
Step 3: Set up Additional Sign-in Options for Mimecast Applications
All Mimecast applications allow users to sign in using a Mimecast Cloud password.
To allow users to sign in to Mimecast applications using their Microsoft 365 password, 3 options are available. See below for details:
| Mimecast Application | Domain | Azure SSO | SAML SSO |
|---|---|---|---|
| Administration Console | Yes | Yes | Yes |
| Mimecast Personal Portal | Yes | Yes | Yes |
Getting Started with Microsoft 365 User and Group Management
| Mimecast Application | Domain | Azure SSO | SAML SSO |
|---|---|---|---|
| Secure Messaging Portal (internal users) | Yes | No | No |
| Mimecast for Outlook | Yes | Yes | Yes |
| Mimecast for Mac | Yes | No | No |
| Mimecast Mobile | Yes | No | No |
Domain Single Sign-On (SSO)
- A user provides their primary email address and password to the application.
- The Administration Console, Mimecast Personal Portal, and the Secure Messaging Portal require the user to enter these details each time the user accesses the application.
- Mimecast for Outlook, Mimecast for Mac, and Mimecast Mobile only require the user to enter these details the first time they use the application and then again each time the user's password changes.
- Behind the scenes, Mimecast contacts Microsoft 365 and uses Basic Authentication to verify the user.
See the following article for full guidance:
SAML Single Sign-On (SSO) using Windows Azure Active Directory
- A user provides their primary email address to the Administration Console or the Mimecast Personal Portal and is redirected to Windows Azure.
- If the user already has an active Azure session in their web browser, they will be immediately redirected back to the Mimecast application and granted access.
- If the user has no active Azure session in their web browser, they must sign insure with their email address and password before being redirected to the Mimecast application and granted access.
SAML Single Sign-On (SSO) using a third-party IdP
See the following article for guidance:
Comments
Please sign in to leave a comment.