How to Configure SAML 2.0 for Mimecast Personal Portal V3


The username must be the email address that is used to sign into Mimecast. If this email address is not the same as the Okta username, update the Default username format value in Okta accordingly.


Supported Features

The Okta/Mimecast Personal Portal V3 SAML integration currently supports the following features:

For more information on the listed features, visit the Okta Glossary.

Configuration Steps

  1. Log on to the Administration Console .

  2. Navigate to Administration > Services > Applications.

  3. Click Authentication Profiles:

  4. mimecastpp1

  5. Select either an existing Authentication Profile to update, or click New Authentication Profile. Then follow the steps below:

    • Enter a Description for the new profile.

    • Select the Enforce SAML Authentication for Mimecast Personal Portal option. The screen expands to reveal the SAML Settings.

    • Provider: Select Okta.

    • Metadata URL: Copy and paste the following:

      Sign into the Okta Admin dashboard to generate this value.

    • Logout URL (OPTIONAL): Copy and paste the following:

      Sign in to the Okta Admin app to generate this variable.

    • Optionally define which Authentication Context to use. By default both password protected and integrated contexts are used.

    • Choose to Allow Single Sign On. This setting enables / disables Identity Provider Initiated Sign On.


  6. Still in Administration Console, navigate to the Administration > Services > Applications menu. Then follow the steps below:

    • Select the Application Setting that you want to use.

    • Use the Lookup button to find the Authentication Profile you want to reference and click the Select link on the lookup page.

    • Click Save and Exit:


  7. In Okta, select the Sign On tab for the Mimecast Personal Portal V3 SAML app, then click Edit:

    • Region: Select your region (United States, Europe, South Africa, Australia, Offshore, Germany, Canada).

    • Enter your Account Code (It is your unique Mimecast account code as specified in the Administration > Account > Account Settings page of the Administration Console).

    • Click Save:


  8. Done!


SP-initiated SSO

  1. Navigate to the Mimecast Personal Portal login page.

  2. Enter your email, then click Next: