Authentication - End User Authentication

Updated

This article outlines the methods that you can use to secure End User authentication to Mimecast, and is intended for Administrators.

Why You Should Use Secure Authentication

Whilst password complexity and expiry rules can help prevent a password from being compromised, there are still ways that passwords can be stolen. Causes range from using the same password on more than one internet account to more sophisticated phishing and social engineering attacks.

As the impact of a compromised account can be devastating for a business, we offer additional layers of security for our password authentication features. These are:

  • IP address filtering
  • Two-Step Authentication

Permitted IP Ranges

We offer granular options to secure all authentication attempts using the source IP address of the connecting user. When this feature is enabled, we only accept authentication attempts from administrator-defined IP addresses. All other attempts are blocked.

When permitted IP ranges are enabled, failed login attempts from outside of the defined ranges, won't trigger any account lockout policies maintained by your organization.

It is possible to configure different permitted IP ranges for:

  • The Mimecast Administration Console: These are configured in the Admin IP Ranges option in your account settings. See the User Access and Permissions section of Mimecast Account Settings.
  • End User applications: These are configured at the authentication profile level, and apply to connection attempts from the following applications:
    • Mimecast Personal Portal
    • Mimecast for Outlook
    • Mimecast for Mac
    • Mimecast Mobile
    • Any custom application consuming the Mimecast API.
  • Gateway connections via SMTP or POP. These are configured at the Authentication Profile level. See Configuring Two-Step Authentication Profiles.

Two-Step Authentication

Two-step authentication is an additional layer of security for password authentication. It requires users to provide their password and a unique verification code to access the administration console and our end user applications. Verification codes can be delivered via email, SMS, or generated using a 3rd party authenticator application.

See Two-Step Authentication Overview.

See Also..

Related to

Was this article helpful?
0 out of 4 found this helpful

Comments

0 comments

Please sign in to leave a comment.