Remove From My Forums

CRM 2015 ADFS - Configure relying party trust in account organisation

Question
0

Sign in to vote

Hello,

I've completed an on premise CRM deployment and have configured internal single sign-on with claims based access. I've configured an external URL and can logon with an internal domain account by following this guide - http://www.interactivewebs.com/blog/index.php/crm/how-to-set-up-crm-2015-ifd-on-windows-2012-and-adfs-3-0/

I now need to setup the ADFS configuration in a partner organisation and ensure their accounts can access CRM 2015, please can someone point me in the right direction for this?

Thank you in advance

Wednesday, October 21, 2015 9:07 AM

All replies

0

Sign in to vote

Hi,

You need to set up some sort of trust between the AD or if it's possible to do between the ADFS-servers. After the trust is up you should be able to enter the users in CRM. Unfortunately that's pretty much where my sphere of knowledge ends...

Regards
Rickard Norström Developer CRM-Konsulterna
http://www.crmkonsulterna.se
Swedish Dynamics CRM Forum: http://www.crmforum.se
My Blog: http://rickardnorstrom.blogspot.se

Wednesday, October 21, 2015 10:28 AM
0

Sign in to vote

Ok, I believe an ADFS trusrt is the way to go. What I'm not sure about is how to create the users in my dynamics CRM 2015 environment and have them map across to authenticated users in the account organisation.

I believe this is a standard process in ADFS, it's just that I'm not sure on the specific details. If anyone can shed some light, it would be appreciated.

Thanks

Friday, October 23, 2015 8:43 AM
0

Sign in to vote

Unfortunately I can't help you with the trust part, but once that is up you should be able to add the users using domain\username in CRM (domain1\username as well as domain2\username).

Regards
Rickard Norström Developer CRM-Konsulterna
http://www.crmkonsulterna.se
Swedish Dynamics CRM Forum: http://www.crmforum.se
My Blog: http://rickardnorstrom.blogspot.se

Friday, October 23, 2015 8:48 AM
0

Sign in to vote

Hi,

When you say domain\username are you thinking along the lines of a traditional AD trust, rather than an ADFS partner? I'd have thought with ADFS if you tried <account domain>\username in CRM it'll simply complain about an invalid login.

Thanks

Sunday, October 25, 2015 10:04 AM
0

Sign in to vote

Hi,

Just to make things clear, I'm in no way an AD expert :) That being said this is what I THINK happens, since you are pointing your CRM to an ADFS machine when you are setting up a claims based login you are trusting that machine in AD1 from the CRM side, if that machine in turn is trusting another machine being in another AD (AD2) you should get users having both AD1\user and AD2\user, but it might be true that what I'm thinking of is rather a regular AD trust. Perhaps someone else can be of more help with this.

Regards

Rickard Norström Developer CRM-Konsulterna
http://www.crmkonsulterna.se
Swedish Dynamics CRM Forum: http://www.crmforum.se
My Blog: http://rickardnorstrom.blogspot.se

Monday, October 26, 2015 6:26 AM
0

Sign in to vote

This is pretty much all about ADFS setup, rather than anything specific to CRM. The key is to have appropriate relying party trusts between the ADFS farm that your Crm server is connected to, and the ADFS farm in the partner organisation. You would normally start this by creating a relying party trust from the federation metadata from the partner organisation. If you don't have the knowledge to do this, I suggest you check the ADFS documentation, or ask a question in the ADFS forums

Once this is done, CRM should be able to recognise users from the partner organisation. I think it depends on the relying party trust (the one between ADFS farms) setup as to whether the users can be referenced in the format domain\user, or user@fqdn
Microsoft CRM MVP - http://mscrmuk.blogspot.com/ http://www.excitation.co.uk

Monday, October 26, 2015 4:05 PM

Moderator

Asked by:

CRM 2015 ADFS - Configure relying party trust in account organisation

Question

All replies