locked
ADFS3.0 with CRM2013 and login with google accounts? RRS feed

  • Question

  • hi all,

    is it possible to use etc. Google accounts to sign in to crm2013 via adfs?
    We are going to setup a ADFS3.0 with CRM2013, but we need external users to login via Google accounts, not AD accounts where CRM server is placed.

    is this possible?

    Tuesday, April 22, 2014 1:48 PM

All replies

  • Maybe I'm not understanding the issue, but if you just want some users to have their email addresses to be @gmail.com why don't you just set them up that way? You don't need to use your corporate email address on a user profile.

    Authentication/authorization will be handled through AD anyway.

    There are 3rd party providers that take advantage of ADFS 3.0 and can provide authentication agaists Google Apps. One that comes to mind is duosecurity, but you must read about the capabilities provided.

    • Proposed as answer by Nico-TMVP Wednesday, April 23, 2014 9:23 PM
    Wednesday, April 23, 2014 9:23 PM
  • Hi,

    thats not the case, what we want is to invite people to crm system using their private email adresses to sing in to CRM.
    Im looking not to use AD accounts but external email adresses.

    Thursday, April 24, 2014 10:38 AM
  • As per my Knowledge, CRM is tightly Integrated with ADFS, whether On premise or Online (handled my Microsoft).

    the Workaround could be to use a seperate website and expose certain functionalities on certain entities. The login mechanism can be handled via storing the user details in seperate custom entities.

    Friday, April 25, 2014 2:06 PM
  • CRM Users must be associated with AD accounts (or Office 365 accounts if using Crm Online), so it won't be possible to allow users to login with Google accounts. In addition to the technical limitation, there may well be a licensing restriction as well

    Microsoft CRM MVP - http://mscrmuk.blogspot.com/ http://www.excitation.co.uk

    Monday, April 28, 2014 9:05 AM
    Moderator
  • Technically, I think you could make this work, but you'd be stringing a lot together.

    Google Accounts Authentication is OAuth: https://developers.google.com/accounts/

    Windows Server 2012 R2 supports OAuth: http://blogs.technet.com/b/ad/archive/2013/04/22/developer-preview-of-oauth-code-grant-and-aal-for-windows-store-apps.aspx

    You could, in theory, bind a Google account to an Active Directory account (in a public user OU), and allow people to sign into the Google account and pass the OAuth token, but I'm fairly sure you're going to have some custom development to wire everything together.

    I haven't tried this, so that's about as far as I've gotten, but I think it would be technically possible.


    The postings on this site are solely my own and do not represent or constitute Hitachi Solutions' positions, views, strategies or opinions.

    Monday, April 28, 2014 2:20 PM