Dynamics CRM 2013 Implementing Claims and IFD
Scenario 1 (CRM and ADFS installation on same box)
Basic requirements
One Public IP is needed
One SSL Certificate is needed (wild card certificate preferred)
ADFS should use default website port 80 and SSL port 443 on IIS
CRM could use port 5555 and SSL port 444 on IIS
DNS need to be configured on the Domain Controller machine under the public domain lookup zone. Following are the A records for proper CRM URL resolution
- ADFS Server URL(External Domain)
- Dev URL(CRM Discovery Service end point)
- Auth URL(CRM IFD Federation end point)
- Org URL(Organization of CRM)
- Internal CRM URL(CRM Claim Federation end point)
Scenario 2 (CRM and ADFS installation on separate boxes)
Basic requirements
Two Public IP’s are needed, one for ADFS server and another for CRM server
One SSL Certificate is needed (if a wild card certificate is used)
ADFS need to be configured on default website port 80 and SSL port 443 on the IIS of ADFS Server
CRM could use http port 80 and SSL port 443 on the IIS of CRM Server
DNS needs to be configured on Domain Controller machine under the public domain lookup zone. Following are the A records for proper CRM URL resolution
- ADFS Server URL(External Domain)
- Dev URL(CRM Discovery Service end point)
- Auth URL(CRM IFD Federation end point)
- Org URL(Organization of CRM)
- Internal CRM URL(CRM Claim Federation end point)
Name | IP Address | Description |
Auth | Point it to the machine that has CRM 2013 installed | This record will be used by the ADFS server when retrieving the Microsoft Dynamics CRM IFD federationmetadata.xml file |
Dev | Point it to the machine that contains the discovery web service
Point it to the machine that has CRM 2013 |
Microsoft Dynamics CRM Discovery Web Service domain |
Internalcrm | Point it to the machine that as CRM 2013 installed | Internal URL used to access Microsoft Dynamics (for example, internalcrm.Dynamics 365 Solutions.com).
For this URL if user is already login with domain account and has access to CRM, he will not be prompted for username and password.
You can decide how you want to call this url. |
CRM | Point it to the machine that as CRM 2013 installed | External URL used to access Microsoft Dynamics – Web Application Server domain (for example, crm.Dynamics 365 Solutions.com). |
DevCRM | Point it to the machine that as CRM 2013 installed | External URL used to access Microsoft Dynamics – Web Application Server domain (for example, devcrm.Dynamics 365 Solutions.com). |
UATCRM | Point it to the machine that as CRM 2013 installed | External URL used to access Microsoft Dynamics – Web Application Server domain (for example, uatcrm.Dynamics 365 Solutions.com). |
ADFS | Point it to the machine that has ADFS installed | AD FS Server
|
References
CRM Installation and implementation guides
MSDN blogs
If you like this post please click LIKE and visit my sponsors thanks !!!
Leave a Reply