Learn how to enable Mimecast sign on from the PingOne console (IdP-initiated sign on) and direct Mimecast sign on using PingOne (SP-initiated sign on).
- Link PingOne to an identity repository containing the users requiring application access.
- Populate Mimecast with at least one user to test access.
- You must have administrative access to PingOne and a Super Admin account for an Enterprise Organization on Mimecast.
Add the Mimecast application to PingOne:
In PingOne, go to and click the + icon.
- When you’re prompted to select an application type, select WEB APP and then click Configure next to SAML for the chosen connection type.
- Enter Mimecast as the application name.
- Enter a suitable description.
- Optional: Upload an icon.
- Click Next.
- For Provide App Metadata, select Enter Manually.
- In the ACS URL field, enter https://<account hosting location>-api.mimecast.com/login/saml.
- Select the Signing Key to use and then click Download Signing Certificate to download as X509 PEM (.crt).
- For Entity ID, enter https://<account hosting location>-api.mimecast.com.<accountcode>.
- Leave SLO Endpoint and SLO Response Endpoint blank.
- In the Subject NameID Format list, select urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress.
- Enter a suitable value for Assertion Validity Duration (in seconds). A value of 300 seconds is typical.
- Click Save and Continue.
Mimecast expects an email address to identify a user in the SSO
- If you use an email address to sign on through PingOne, click Save and Close.
- If you sign on with a username, in the PingOne User Attribute list, select Email Address to map that to the SAML_SUBJECT, then click Save and Close.
- Click the toggle to enable the application.
On the Configuration tab of the newly-created
Mimecast application, copy and save the IDP Metadata
You’ll need this when configuring SAML on Mimecast.
- In PingOne, go to and click the + icon.
Add PingOne as identity
provider (IdP) in Mimecast:
- Sign on to Mimecast with an Admin account for your Enterprise Organization.
- Go to .
- Select Authentication Profiles.
- Select New Authentication Profile.
- Enter a Description for the new profiled.
- Select Enforce SAML Authentication for Administration Console.
- For Provider, select Other.
- In the Metadata URL field, enter the URL value that you copied previously.
- Go to .
- Click Lookup to find the authentication profile that you created.
- Click Save and Exit.
Test the PingOne IdP
Go to the PingOne
Application Portal and sign on with a user account.
In the Admin console, go to PingOne Application Portal URL.to find the
Click the Mimecast icon.
You're redirected to the Mimecast website and logged in with SSO.
- Go to the PingOne Application Portal and sign on with a user account.
Test the PingOne SP
- Go to login.mimecast.com, and choose the option to sign on with SSO. Enter your email address only.
In the PingOne
sign-on prompt, enter your PingOne username and password.
You're redirected back to Mimecast and signed on.