Dynamics CRM 2013 Implementing Claims and IFD

Dynamics CRM 2013 Implementing Claims and IFD

Scenario 1 (CRM and ADFS installation on same box)

 

Basic requirements

One Public IP is needed

One SSL Certificate is needed (wild card certificate preferred)

ADFS should use default website port 80 and SSL port 443 on IIS

CRM could use port 5555 and SSL port 444 on IIS

DNS need to be configured on the Domain Controller machine under the public domain lookup zone. Following are the A records for proper CRM URL resolution

  1. ADFS Server URL(External Domain)
  2. Dev URL(CRM Discovery Service end point)
  3. Auth URL(CRM IFD Federation end point)
  4. Org URL(Organization of CRM)
  5. Internal  CRM URL(CRM Claim Federation end point)

Scenario 2 (CRM and ADFS installation on separate boxes)

 

Basic requirements

Two Public IP’s are needed, one for ADFS server and another for CRM server

One SSL Certificate is needed (if a wild card certificate is used)

ADFS need to be configured on default website port 80 and SSL port 443 on the IIS of ADFS Server

CRM could use http port 80 and SSL port 443 on the IIS of CRM Server

DNS needs to be configured on Domain Controller machine under the public domain lookup zone. Following are the A records for proper CRM URL resolution

  1. ADFS Server URL(External Domain)
  2. Dev URL(CRM Discovery Service end point)
  3. Auth URL(CRM IFD Federation end point)
  4. Org URL(Organization of CRM)
  5. Internal  CRM URL(CRM Claim Federation end point)
Name IP Address Description
Auth Point it to the machine that has CRM 2013 installed  This record will be used by the ADFS server when retrieving the Microsoft Dynamics CRM IFD federationmetadata.xml file
Dev Point it to the machine that contains the discovery web service 

 

Point it to the machine that has CRM 2013

Microsoft Dynamics CRM Discovery Web Service domain
Internalcrm Point it to the machine that as CRM 2013 installed  Internal URL used to access Microsoft Dynamics (for example, internalcrm.Dynamics 365 Solutions.com). 

For this URL if user is already login with domain account and has access to CRM, he will not be prompted for username and password.

 

You can decide how you want to call this url.

CRM Point it to the machine that as CRM 2013 installed  External URL used to access Microsoft Dynamics – Web Application Server domain (for example, crm.Dynamics 365 Solutions.com).
DevCRM Point it to the machine that as CRM 2013 installed  External URL used to access Microsoft Dynamics – Web Application Server domain (for example, devcrm.Dynamics 365 Solutions.com).
UATCRM Point it to the machine that as CRM 2013 installed  External URL used to access Microsoft Dynamics – Web Application Server domain (for example, uatcrm.Dynamics 365 Solutions.com).
ADFS Point it to the machine that has ADFS installed  AD FS Server 

 

 

References

CRM Installation and implementation guides

MSDN blogs

If you like this post please click LIKE and visit my sponsors thanks !!!

Share this post

Leave a Reply

Your email address will not be published. Required fields are marked *