Learn how to enable Mimecast sign on from PingFederate (IdP-initiated sign on) and direct Mimecast sign on using PingFederate (SP-initiated sign on).
- Configure PingFederate to authenticate against an identity provider (IdP) or datastore containing the users requiring application access.
- Populate Mimecast with at least one user to test access.
- You must have administrative access to PingFederate.
Create the Mimecast metadata:
create a service provider (SP) connection for Mimecast:
- Configure using Browser SSO profile SAML 2.0.
- Set Partner’s Entity ID to <your Mimecast account hosting location>-api.mimecast.com.<accountcode>.
- Enable the following SAML profiles.
- IdP-Initiated SSO
- SP-Initiated SSO
- In Assertion Creation: Authentication Source Mapping: Attribute Contract Fulfilment, map the SAML_SUBJECT to your email attribute.
- In Protocol Settings: Assertion Consumer Service URL, set Binding to POST and set Endpoint URL to https://<your Mimecast account hosting location>-api.mimecast.com/sign on/saml.
- In Protocol Settings: Allowable SAML Bindings, enable POST.
- In Credentials: Digital Signature
Settings, select the PingFederate
Note the metadata URL for the newly-created Mimecast SP connection.
- In PingFederate, create a service provider (SP) connection for Mimecast:
Add the PingFederate
connection to Mimecast:
- Sign on to the Mimecast console as an administrator.
- Select Administration on the lefthand pane.
- Click the Services tab.
- Select Application Settings.
Select Authentication Profiles.
- Click New Authentication Profile.
Select the Enforce SAML Authentication for Administration
The page expands to reveal the SAML Settings.
- Under Provider, select Other.
- Enter the Metadata URL for the Mimecast SP Connector in PingFederate.
Test the PingFederate
IdP-initiated SSO integration:
- Go to the PingFederate SSO Application Endpoint for the Mimecast SP connection.
Authenticate with PingFederate.
You're redirected to your Mimecast domain.
Test the PingFederate
SP-initiated SSO integration:
- Go to https://app.mimecast.com/auth/login.
After you’re redirected to PingFederate, enter your PingFederate username
After successful authentication, you’re redirected back to Mimecast.