[Notification] We're upgrading the JumpCloud Support Center the week of September 30th.

Support Center

Single Sign On (SSO) with Mimecast

Important: This article contains out-of-date information. For current application information, see Connecting Applications with JumpCloud Using Pre-Built Connectors.


  • Generate a public certificate and private key pair.
  • To successfully complete the integration between JumpCloud and Mimecast, you need to use an administrator account in Mimecast.
  • Before configuring SSO, you need to know which Mimecast grid hosts your organization’s Mimecast account. Then, based on its location, choose a region from the following list: Europe (Excluding Germany): EU, Germany: DE, United States: US, South Africa: ZA, Australia: AU and Offshore: JER.


Configure the JumpCloud SSO Application

  1. Access the JumpCloud Administrator Console at https://console.jumpcloud.com.
  2. Select Applications in the main navigation panel.
  3. Select the + in the upper left, scroll or search for the application in the 'Configure New Application' side panel, then select 'configure'.
  4. Optionally, enter Mimecast for the Display Label. This label will appear under the Service Provider logo within the JumpCloud User Portal.
  5. You can upload a service provider application's XML metadata file to populate SAML connector attributes for that application. The attributes populated by the metadata file may vary by the application. To apply a metadata file for the application you're connecting, click Upload Metadata. Navigate to the file you want to upload, then click Open. You'll see a confirmation of a successful upload. Be aware that if you upload more than one metadata file, you'll overwrite the attribute values applied in the previously uploaded file.
  6. In the IDP Entity ID field, enter https://YOURDOMAIN.TLD (e.g., https://thebestwidgets.com).
  7. Select Upload IdP Private Key and upload the private.pem file generated according to the above prerequisites.
  8. Select Upload IdP Certificate and upload the cert.pem file generated according to the above prerequisites.
  9. In the SP Entity ID field, enter Mimecast.
  10. In the ACS URL field, enter https://XX-api.mimecast.com/login/saml. The XX needs to be replace with the region was chosen from the list at the beginning.
  11. Select the Include Group Attribute check box to include the groups a user is a member of in SAML assertions. When this field is selected, all groups that connect the user to the application are included in assertions to that application. The Groups Attribute Name is the service provider's name of the group attribute. By default, the attribute name is memberOf.
  12. In the Groups Attribute Name field, enter memberOf.
  13. Select the Declare Redirect Endpoint check box. Clear this check box if your Service Provider doesn't need to include a redirect endpoint.
  14. In the field terminating the IdP URL, either leave the default value or enter a plaintext string unique to this connector.
  15. Select Activate.

Configure the Service Provider

  1. Sign in to the Administration Console of your Mimecast account.
  2. Go to Administration > Services > Applications.
  3. Click Authentication Profiles.
  4. Choose one of the following options:
  • Select an existing Authentication Profile to update it.
  • Click on New Authentication Profile.
  1. To display the SAML Settings click on Enforce SAML Authentication for Administration Console.
  2. Choose one of the following options:
  • From the Provider drop down list, select JumpCloud to see help text specific to JumpCloud.
  • Choose Other if you see JumpCloud is not listed.
  1. Provide the following information:
  • Login URL: Enter the JumpCloud IdP’s SSO URL. You can obtain this from JumpCloud.
  • Issuer: Enter the JumpCloud IdP’s Entity ID. You can obtain this from JumpCloud.
  • Identity Provider Certificate Metadata: Copy and paste the content of the JumpCloud IdP Certificate. Must trim the Begin and End tags from the Certificate.
  1. Select to Allow Single Sign On. This setting enables and disables Identity Provider Initiated Sign On.
  2. In the Administration Console, go to the Administration > Services > Applications menu.
  3. Choose the appropriate Application Setting.
  4. Use the Lookup button to find the Authentication Profile you want to reference, and click the Select link on the lookup page.
  5. Click Save and Exit.
  6. Go to the Sign On tab for Mimecast and click Edit.
  7. Enter the following values:
  • Region: Enter the region specified in the previous steps.
  • Account Code: Enter your Account Code specified in the Administration > Account > Account Settings page of the Administration Console.
  1. Click Save.

Validate SSO authentication workflows

IdP Initiated

  • Access the JumpCloud User Console at https://console.jumpcloud.com.
  • Select the Service Provider icon.
  • This should automatically launch and login to the application.

SP Initiated

  • Navigate to your Service Provider application URL.
  • You will be redirected to log in to the JumpCloud User Portal.
  • The browser will be redirected back to the application and be automatically logged in.

Last Updated: Aug 20, 2019 10:05AM MDT

Related Articles
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found