Microsoft Dynamics 365 Blog

Updated as of 4/5/2011: This is an updated video demonstrating how to configure the RTM Dynamics CRM 2011 deployment with claims-based authentication and IFD access. The recording utilizes internally hosted DNS records and signed Certificates from an internal  CA. The video is unable to cover purchases of third party certificates, external DNS updates or routing through firewalls as there are too many variations and the Dynamics CRM team is unable to endorse one product over the other.

Keep in mind that both the CRM Site and the ADFS site should be exposed through your firewall in order for external clients to access CRM.

As many of our early adopters have learned by now, configuring an Internet-facing deployment (IFD) has changed pretty drastically from Microsoft Dynamics CRM 4.0 to Microsoft Dynamics CRM 2011.

So what changed?

  • First, our dependencies changed. In Dynamics CRM 4.0, we used forms-based authentication for IFD and in Dynamics CRM 2011 we instead take a dependency on claims-based authentication for IFD. Therefore, now it is necessary to install and configure a security token service (such as Active Directory Federation Services 2.0) and also to do more certificate management.
  • Second, our configuration steps changed. In Dynamics CRM 4.0, an administrator had two options for configuring IFD. The first option was to specify the IFD settings in an XML configuration file at server installation time. The second option was to use the IFD Configuration Tool which was released out of band. In Dynamics CRM 2011, we made claims-based authentication and IFD configuration post-installation steps to obviate the need for the XML configuration file and built these wizards into our Deployment Manager tool. Administrators that would prefer to script IFD configuration can do so using our new Dynamics CRM PowerShell cmdlets.
These changes amount to a higher learning curve for configuring IFD for Dynamics CRM 2011 as we have heard in feedback from partners and customers. So to help make this configuration a little easier for folks, Henning Petersen (a Support Escalation Engineer for Dynamics CRM) created a video demonstrating how to configure IFD with AD FS 2.0. In addition to this video, we recommend that people looking to configure IFD first review the Dynamics CRM 2011 Configuring Claims-Based Authentication white paper which is posted on the same page as our Dynamics CRM 2011 Implementation Guide.
This video is  called Introducing Microsoft Dynamics CRM 2011 Claims-based Authentication and covers the end-to-end process for configuring IFD which includes:
  1. Installing AD FS 2.0
  2. Configuring the AD FS 2.0 federation server
  3. Managing certificates
  4. Configuring Dynamics CRM 2011 for claims-based authentication and IFD
  5. Creating the relying party trust for CRM and configuring the claims rules on AD FS 2.0

We hope you find this helpful!

Michael Guthmann

We're always looking for feedback and would like to hear from you. Please head to the Dynamics 365 Community to start a discussion, ask questions, and tell us what you think!