This article describes how user email addresses can be manually or automatically managed to control access to your Mimecast account.
Two-factor authentication must be disabled for users to submit emails using SMTP authentication.
Walkthrough
Email addresses represent user accounts in your environment. These addresses can be used to control your user's accounts and perform the following:
- Assign permissions to access Mimecast user tools.
- Set a cloud password.
- Set specific password complexity and lockout settings.
- Populate attributes.
- Manually configure an alias address.
- Assign an administrative role to a user.
During the implementation of your Mimecast account, internal domains are added, and email addresses are populated in them. This can be achieved in the following ways:
- Automatically when processing email by capturing the email addresses.
- Manually by an administrator, either individually or via a spreadsheet import.
- A directory synchronization using directory connections.
Listing Your Domains / Email Addresses
To list your internal domains and the email addresses in them:
- Click on the Users & Groups| Internal Directories menu item. A list of your domains is displayed.
- Click on a Domain. A list of the domain's users is displayed.
The color indicators on the right show if an email address is an alias for another address. The address is an alias if the "Alias" indicator is green. This means it inherits its permissions from the primary address. Consequently, the permissions section described below is not displayed when viewing alias address properties.
The following types of addresses may appear in this list, denoted by the icon to the left of the address:
| Icon | Address Type | Description |
|---|---|---|
| Manually Created | These are addresses that have been added manually or created based on email processing for a user that does not have a directory account. This could be a staff member who has left (e.g., their directory account has been deleted) or a fax machine / Unix-based email address. | |
| Created by Message in Transit | These are addresses that can be created because:
|
|
| Extracted From Directory | These are addresses that are synchronized SMTP objects from the domain controller. | |
| Manually Imported | These are addresses created by a spreadsheet import. See the Importing Users via a Spreadsheet page for further details. | |
| Distribution List | These addresses form part of a synchronized distribution list (DL) or security group with SMTP addresses from the domain controller. |
Working with Email Addresses
The list of email addresses has the following buttons that provide additional functionality:
| Menu Option | Description |
|---|---|
| New Address | Allows you to create an email address. See the Email Address Properties section below for more details. |
| Purge Selected Addresses | Deletes the selected email addresses, including linked aliases. This can be performed by any administrator who has the ability to read and edit Internal Directories. A warning will be displayed to confirm the removal of the address and all list entries. Addresses will not be purged while emails are still being processed for the address (e.g., if related emails are held). Administrators can prevent the purge from taking place by removing the address from the purge list. See the Deleting Users from Mimecast page for further information. |
| Delegate Mailboxes Access |
Allows you to delegated mailboxes. Delegate mailbox access can be used to link separate email archives together. To allow delegate access, click on an email address and select the Delegate Mailbox menu option. See the Configuring Delegate Mailbox Access page for full details. You can view a delegate mailbox by navigating to Users & Groups | Internal Directories | View | Delegate Mailbox Access | View and select Sort by Address or Sort by Delegate Mailbox. This button is only available when logged on as an Administrator with protected permissions. |
| Export Data | Export a list of email addresses to a.XLS or CSV file. |
| View | Filters the list of email addresses displayed by:
|
Email Address Properties
Some fields below will not be displayed if the user's role permissions are insufficient.
Adding or changing an email address requires you to complete the address properties:
- Either:
-
- Click on the New Address button to create an email address.
- Click on an Email Address.
- Complete the Address Settings section as required.
| Menu Option | Description |
|---|---|
| Email Address | The field is only editable when adding an email address. As it is the unique identifier for this user and their associated email archive, the address can't be modified once it's created and the email is processed for that address. |
| Global Name | The full name of the email address used. This is normally displayed in the recipient's FROM field in their mail client. This field is only populated for LDAP addresses. |
| Internal Address | Shows whether the email address is considered to be internal or external. |
| Administration Console Role | Displays the administrator role the user is assigned to or "None" if the user account does not belong to a role. Click on the Role Edit button to change the user's role. |
| Address Alias For | A primary email address can have any number of alias addresses. Click the Lookup button to assign an alias address to the primary one. This indexes emails processed for both addresses in a single archive. If this is not done, a separate archive view is created for the primary address and another for the alias. |
- Complete the Permissions section as required:
| Menu Option | Description |
| Password / Confirm Password | Creates a cloud password for the email address. This password can only be authenticated in Mimecast and doesn't affect the network password in the organization's infrastructure. This password can be used for end-user services or POP and SMTP connections. Mimecast will first attempt to authenticate users based on the LDAP password and then their cloud password, either of which is accepted.
Using non-ASCII characters in passwords is not recommended, as they may prevent user authentication. |
| Force Change at Logon | This option forces the cloud password to expire. This is helpful if setting similar cloud passwords for end users, which they must change when they first log in. |
| Password Never Expires | Prevents the expiration of the user account’s cloud password. This is useful for administrators or system accounts. |
| Maximum Reset Attempts Made | Should a user request their cloud password reset, a password reset code is sent to them. If they fail to enter this code successfully ten times, their account's password reset functionality is locked. This option shows as selected in this scenario. Click on the Reset Count button to unlock the password reset functionality on their account. |
| Account Locked | Indicates if the user account is locked and users cannot log in to Mimecast. Click on the Unlock Account button to unlock an account. |
| Account Disabled |
Users are prevented from logging in to Mimecast applications using cloud passwords if selected. This doesn't affect email delivery to the address. If directory synchronization is enabled, we'll automatically disable Mimecast user accounts if the:
If directory synchronization is not used, user accounts are not affected by this process and can be managed manually on a per-user basis by checking this option. |
| Archive Start Date | Ensures that Mimecast end-user applications will only display items to the end user from the selected date onwards. This can be used when a new end user starts with the same email address as a previous employee.
Search results from On Hold queues and items from Archive Folders are not included. |
| Allow SMTP Email Submission | Allows users to submit emails directly to Mimecast. This is generally useful for remote users and applies to TCP/IP ports 25 and 587 |
| Allow POP Access | This option permits a user to retrieve email from a Mimecast mailbox directly instead of from a mail server. |
| Force Registration | This option allows reregistering a device with TOTP functionality by removing the previous TOTP code and creating a new one to be added upon the next successful web authentication by the user. |
| Effective Group Application Settings | This option permits a user to retrieve email from a Mimecast mailbox directly instead of from a mail server. |
- Click on the Save and Exit button.
Account Security Settings can be applied to user login attempts. See the "User Access and Permissions" options on the Mimecast Account Settings page for further details.
Comments
Please sign in to leave a comment.