---
title: Configuring SAML SSO with Mimecast and PingOne
description: Learn how to enable Mimecast sign-on from the PingOne console (IdP-initiated sign-on) and direct Mimecast sign-on using PingOne (SP-initiated sign-on).
component: configuration_guides
page_id: configuration_guides:mimecast:config_saml_mimecast_p1
canonical_url: https://docs.pingidentity.com/configuration_guides/mimecast/config_saml_mimecast_p1.html
revdate: May 15, 2024
section_ids:
  before-you-begin: Before you begin
  add-the-mimecast-application-to-pingone: Add the Mimecast application to PingOne
  add-pingone-as-identity-provider-idp-in-mimecast: Add PingOne as identity provider (IdP) in Mimecast
  test-the-pingone-idp-integration: Test the PingOne IdP integration
  test-the-pingone-sp-integration: Test the PingOne SP integration
---

# Configuring SAML SSO with Mimecast and PingOne

Learn how to enable Mimecast sign-on from the PingOne console (IdP-initiated sign-on) and direct Mimecast sign-on using PingOne (SP-initiated sign-on).

## Before you begin

* Link PingOne to an identity repository containing the users requiring application access.

* Populate Mimecast with at least one user to test access.

* You must have administrative access to PingOne and a Super Admin account for an Enterprise Organization on Mimecast.

## Add the Mimecast application to PingOne

1. In PingOne, go to **Connections → Applications** and click the + icon.

   ![Screen capture of PingOne Applications page.](../_images/vxx1638477533848.png)

2. When you're prompted to select an application type, select **WEB APP** and then click **Configure** next to **SAML** for the chosen connection type.

3. Enter `Mimecast` as the application name.

4. Enter a suitable description.

5. **Optional:** Upload an icon.

6. Click **Next**.

7. For **Provide App Metadata**, select **Enter Manually**.

8. In the **ACS URL** field, enter `https://account-hosting-location-api.mimecast.com/login/saml`.

9. Select the **Signing Key** to use and then click **Download Signing Certificate** to download as X509 PEM (.crt).

10. For **Entity ID**, enter `https://account-hosting-location-api.mimecast.com.accountcode`.

11. Leave **SLO Endpoint** and **SLO Response Endpoint** blank.

12. In the **Subject NameID Format** list, select **urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress**.

13. Enter a suitable value for **Assertion Validity Duration (in seconds)**. A value of 300 seconds is typical.

14. Click **Save and Continue**.

15. Mimecast expects an email address to identify a user in the SSO security assertion:

    * If you use an email address to sign on through PingOne, click **Save and Close**.

    * If you sign on with a username, in the **PingOne User Attribute** list, select **Email Address** to map that to the **SAML\_SUBJECT**, then click **Save and Close**.

16. Click the toggle to enable the application.

17. On the **Configuration** tab of the newly-created Mimecast application, copy and save the **IDP Metadata URL** value.

    You'll need this metadata when configuring SAML on Mimecast.

    ![Screen capture of PingOne Connection Details section.](../_images/cid1640211566357.png)

## Add PingOne as identity provider (IdP) in Mimecast

1. Sign on to Mimecast with an Admin account for your Enterprise Organization.

2. Go to **Administration → Services → Applications**.

3. Select **Authentication Profiles**.

4. Select **New Authentication Profile**.

5. Enter a **Description** for the new profiled.

6. Select **Enforce SAML Authentication for Administration Console**.

7. For **Provider**, select **Other**.

8. In the **Metadata URL** field, enter the URL value that you copied previously.

9. Go to **Administration → Services → Applications**.

10. Click **Lookup** to find the authentication profile that you created.

11. Click **Save and Exit**.

## Test the PingOne IdP integration

1. Go to the PingOne Application Portal and sign on with a user account.

   |   |                                                                                                                    |
   | - | ------------------------------------------------------------------------------------------------------------------ |
   |   | In the Admin console, go to **Dashboard → Environment Properties** to find the **PingOne Application Portal URL**. |

2. Click the Mimecast icon.

   You're redirected to the Mimecast website and logged in with SSO.

## Test the PingOne SP integration

1. Go to [login.mimecast.com](https://login.mimecast.com/u/login/?gta=apps&_ga=2.197221231.1597895005.1652085427-1344334576.1645445521#/login), and choose the option to sign on with SSO. Enter your email address only.

2. In the PingOne sign-on prompt, enter your PingOne username and password.

   ![Screen capture of PingOne sign-on page.](../_images/yrq1620763776078.png)

   You're redirected back to Mimecast and signed on.