Permissions Mimecast

In order for us to connect to your Mimecast account you will need to:

  • use a single User that has the only the permissions needed for timetoreply™ to work.
  • update the Authentication Cache TTL setting in the service user’s effective Authentication Profile to “Never Expire.”

This page provides a step by step guide to prepare a User for us to connect with. We will use this User to get an access key which is required to authorize all requests to the Mimecast API.

Note: should you ever wish to cancel your account with timetoreply™ or simply prevent access, you can easily remove this User from your Mimecast account at any time. This will prevent timetoreply™ from having any access to your account. We do not store the password of the User you create with these instructions.

Step 1: Create a new user

  • Login to the Mimecast Administration Console.
  • Navigate to the Administration | Directories | Internal Directories menu item to display a list of internal domains.
  • Select the internal domain where you would like to create your new user.
  • Select the New Address button from the menu bar.
  • Complete the new address form and select Save and Exit to create the new user.
  • Keep a note of the password set as we will need this to connect to your account later.

Step 2: Add the User to a newly created Role.

  • While logged into the Mimecast Administration Console, navigate to the Administration | Account | Roles menu item to display the Roles page.
  • Click on the New Role button at the top.
  • Give the role a name and description, for example, ‘timetoreply™’ and ‘Role for timetoreply™’
  • For Security Permissions, select “Cannot Manage Roles”
  • For Application Permissions, unselect all options, then add just the following permissions:
  • Account Menu | Dashboard | Read, Edit
  • Archive Menu | Search | Read, Search Content View
  • Directories Menu | Internal | Read
  • Note: The Search Content View permission is Administrator-level permission. If you do not wish to grant this permission, you can also grant delegate permission for this User to all the Agents you plan to add to timetoreply™.
  • Save and Exit the role.
  • Navigate back to the navigate to the Administration | Account | Roles menu item to display the Roles page.
  • Right-click the role we just created and select Add Users to role.
  • Browse or search to find the new User created in Step 1
  • Select the tick box to the left of the user.
  • Select the Add selected Users button to add the User to the role.

Step 3: Create a new group and add your new user

  • While logged into the Mimecast Administration Console, navigate to the Administration | Directories | Profile Groups menu item to display the Profile groups page.
  • Create a new group by selecting the plus icon on the parent folder where you would like to create the group. This creates a new group with the Name “New Folder”
  • To rename the group, select the newly created “New Folder” group. Then from the Edit group text box type the name you want to give the folder, for example timetoreply™ Admin and press the Enter key to apply the change.
  • With the group selected, select the Build drop-down button and select Add Email Addresses.
  • Type the name of the new User created in Step 1.
  • Select Save and Exit to add the new User to the group.

Step 4: Create a new Authentication Profile

  • While logged into the Mimecast Administration Console, navigate to the Administration | Services | Applications menu item to display the Application Settings page.
  • Select the Authentication Profiles button.
  • Select the New Authentication Profile button.
  • Type a Description for the new profile.
  • If your organization connects with Mimecast using Active Directory or Domino Directory, set the Domain Authentication Mechanisms option to LDAP, otherwise leave the setting as default.
  • Set the Authentication TTL setting to Never Expires. This will make sure that when we generate your Authentication Token it will not expire and impact data collection by timetoreply™. timetoreply™ will not store the password of this User for security reasons. Doing this allows us to connect to Mimecast using only the API Token we will generate for you.
  • Leave all other settings as their default.
  • Select Save and Exit to create the profile.

Step 5: Create a new Application Setting

  • While logged into the Administration Console, navigate to the Administration | Services | Applications menu item to display the Application Settings page.
  • Select the New Application Settings button.
  • Type a Description.
  • Use the Group Lookup button to select the Group that you created in Step 3.
  • Use the Authentication Profile Lookup button to select the Authentication Profile created in Step 4.
  • Leave all other settings as their default.
  • Select Save and Exit to create and apply the Application Settings to your new group and user.

Step 6: Enter the details of your new User in the form below

Finally, you will need to whitelist our IP range from your Mimecast dashboard: 52.56.163.227