locked
Do we have the concept of sharepoint zones in crm 2011? RRS feed

  • Question

  • Hi,

    I like to have multiple CRM front-end server with different authentication methods, claims based, windows authentication and IFD.

    This is similar to the concept of zones in sharepoint.

    Is this possible? or is there an alternative way of doing this?

    Thank you


    Wednesday, March 7, 2012 11:24 PM

Answers

  • Hi amx2012,

    CRM 2011 and older CRM applications, they have one type of authentication: AD authentication, however the authentication mechanism can be presented to the users in the following formats:

    1. SSO IE windows integrated
    2. Claims-based presented as form
    3. Forcing the use of IE prompts
    4. Old CRM 4 you have forms based authentication

    These formats, 1 and 2 can be used to distinguish different users, outside users and internal users. Your question regarding having multiple front-end servers with different authentication mechanisms, is not a easy or standard process, because when you enable Claims-based you enabled for the all CRM environment (this includes all front-ends) and not on a single front-end.

    You don't have the same concept from sharepoint zones. Also you can't create local users to authenticate with CRM which you can do with sharepoint, CRM is only AD.

    Hope this helps, you have some planing to do on the CRM authentication design, read a bit more about ADFS and CRM 2011 claims-based, let us know if you have any questions.

    Regards


    Visit my blog for CRM material, improving performance, kerberos, IFD, development tips, etc. :) http://quantusdynamics.blogspot.com


    • Edited by nrodriEditor Thursday, March 8, 2012 10:41 AM
    • Marked as answer by amx2012 Thursday, March 8, 2012 3:53 PM
    Thursday, March 8, 2012 10:41 AM
    Answerer

All replies

  • Microsoft Dynamics CRM supports the following authentication scenarios for each deployment type. 

    Deployment Authentication model

    Microsoft Dynamics CRM Online

    Claims-based or Active Directory (through federation) authentication

    Microsoft Dynamics CRM 2011 on-premises

    Claims-based or Active Directory authentication

    Microsoft Dynamics CRM 2011 Internet-facing deployment (IFD)

    Claims-based or Active Directory authentication

    Authentication Models

    The following authentication methods are supported by Microsoft Dynamics CRM Server 2011:

    • Windows Authentication
    • Claims-based authentication: internal access
    • Claims-based authentication: external access
    • Claims-based authentication: internal and external access
    Your choice of authentication method depends on your organization's design and deployment goals.

    When you configure IFD you can configure Internal and external access. Internal access is nothing but Windows authentication. User dont need to provide credentials everytime he login to CRM.

    You cannot have multiple front-end servers with different authentication methods. If you want to configure IFD then we need to do changes in Deployment Manager it is not a part of Front-end server.

    I suggest you is to go through the Implementation document and Claim-based document to have a good understanding of the authentication models.

    http://social.technet.microsoft.com/wiki/contents/articles/claims-based-authentication-for-microsoft-dynamics-crm-2011.aspx 

    http://www.microsoft.com/download/en/details.aspx?id=3621

    Regards,


    Khaja Mohiddin
    http://www.dynamicsexchange.com
    http://about.me/KhajaMohiddin


    Thursday, March 8, 2012 2:36 AM
  • Hi Khaja,

    Based on your reply I underestand that there is no hybrid authntication option in CRM 2010. Am I correct?

    Thank you

    Thursday, March 8, 2012 4:05 AM
  • Hi amx2012,

    CRM 2011 and older CRM applications, they have one type of authentication: AD authentication, however the authentication mechanism can be presented to the users in the following formats:

    1. SSO IE windows integrated
    2. Claims-based presented as form
    3. Forcing the use of IE prompts
    4. Old CRM 4 you have forms based authentication

    These formats, 1 and 2 can be used to distinguish different users, outside users and internal users. Your question regarding having multiple front-end servers with different authentication mechanisms, is not a easy or standard process, because when you enable Claims-based you enabled for the all CRM environment (this includes all front-ends) and not on a single front-end.

    You don't have the same concept from sharepoint zones. Also you can't create local users to authenticate with CRM which you can do with sharepoint, CRM is only AD.

    Hope this helps, you have some planing to do on the CRM authentication design, read a bit more about ADFS and CRM 2011 claims-based, let us know if you have any questions.

    Regards


    Visit my blog for CRM material, improving performance, kerberos, IFD, development tips, etc. :) http://quantusdynamics.blogspot.com


    • Edited by nrodriEditor Thursday, March 8, 2012 10:41 AM
    • Marked as answer by amx2012 Thursday, March 8, 2012 3:53 PM
    Thursday, March 8, 2012 10:41 AM
    Answerer
  • Thursday, March 8, 2012 3:51 PM