CRM 2011 partner hosted deployment - AD RRS feed

  • Question

  • I have the following question: if crm 2011 is hosted by a partner and a client would like to use their own AD to manage users how can this be accomplished? From my understanding, the partner hosted CRM is installed using a hosted AD and can be configured IFD (with the new claims authentication model) so that users from outside the CRM domain can log into. But these users need to have AD accounts in the hosted AD (in which the CRM was installed), right? In this case is it possible to add CRM users from the client's AD without creating another account in the hosted AD?

    Wednesday, March 30, 2011 9:03 AM

All replies

  • Very good question!

    I'd like to have an answer on this as well!

    Sunday, April 3, 2011 10:33 AM
  • Hi Andrei,

    Hosting Company will have an ADFS server which can be synchronized with our AD. So the connection will be:

    CRM IFD -> ADFS <-> your AD

    Have a look at the claims authentication in the Implementation Guide for Dynamics CRM 2011

    Claims-based authentication support

    Using federation identity technology such as AD FS 2.0 (formerly known as “Geneva”), Microsoft Dynamics CRM supports claims-based authentication. This technology helps simplify access to applications and other systems by using an open and interoperable claims-based model that provides simplified user access and single sign-on to applications on-premises, cloud-based, and even across organizations. For more information about the claims-based authentication model, see Identity and Access Management (http://go.microsoft.com/fwlink/?LinkID=188371).

    My Dynamics CRM Blog: http://bovoweb.blogspot.com
    Sunday, April 3, 2011 10:20 PM
  • Hi,

    Yes, i read about claims authentication and adfs, but my what i don't understand is this: ifd is configured AFTER you install CRM 2011, during installation you must specify an Organizational Unit in an AD where CRM will create and maintain its user groups. This AD can't be the AD of the client, right?

    Are you saying that after you configure IFD and clamis authentication the AD (the partner AD)  in which CRM created its user groups is synchronized with the client's AD, so that when you add a user in the client's AD it is automatically created in the partner AD?

    Monday, April 4, 2011 7:04 AM