locked
Can I use AD authentication with CRM 2011 online? RRS feed

  • Question

  • Hello all. If the answer is yes to the question, please provide a link to a guide that provides requisites and a step by step guide.

    Thanks,


    Guillermo Taylor F.
    IT Pro & Xbox gamer
    My blog

    Wednesday, May 16, 2012 7:29 PM

Answers

  • My understanding is that if you provision your CRM Online through Office 365, you can utilize the Office 365 Federation services to authenticate to CRM using your own domain accounts. http://msdn.microsoft.com/en-us/library/hh670607.aspx 

    "Active Directory Federation allows customers to use Active Directory-based domain user accounts to access services in Office 365. After federation is configured by an administrator, Active Directory-based system user accounts can be locally managed, made available to Microsoft online services, and kept in sync with changes made to the on-premises Active Directory identities. The benefit of federation is a single sign-on experience across Microsoft Dynamics CRM 2011 and Microsoft Dynamics CRM Online systems. This type of identity management is useful for large corporations that have hundreds or thousands of established users. Re-creating and managing those identities in the cloud would be a daunting task. For the sake of this discussion, online users whose identities are federated in the cloud are referred to in this documentation as “federated users”. For more information about how to configure identity federation, see Single sign-on: Roadmap. "

    Monday, May 21, 2012 5:46 PM

All replies

  • Hello,

    Unfortunately answer is no. You will have to use LiveId for authentication.

    Wednesday, May 16, 2012 7:54 PM
    Answerer
  • Guillermo,

    Unfortunately as Maryna mentioned, CRM Online 2011 only supports Windows Live Authentication.

    Please refer to this link on how to connect to CRM Online.

    http://msdn.microsoft.com/en-us/library/ff681567.aspx

    I hope this helps. If my response answered your question, please mark the response as an answer and also vote as helpful.


    Dimaz Pramudya - CRM Developer - CSG (Melbourne) www.xrmbits.com http://twitter.com/xrmbits

    Wednesday, May 16, 2012 11:13 PM
  • Hello all and thanks for the answer. Recently, a colleague that works with CRM Online has pointed me to this article in MSDN: http://msdn.microsoft.com/en-us/library/gg334502. So I'm a little bit confused... For what I'm reading, essentially you can't use AD to authenticate but in the article it says that CRM Online can used an authentication model "Claims-based or Active Directory (through federation) authentication".

    Can anyone ellaborate a little bit further, please?

    Thanks,


    Guillermo Taylor F.
    IT Pro & Xbox gamer
    My blog

    Friday, May 18, 2012 9:52 PM
  • My understanding is that if you provision your CRM Online through Office 365, you can utilize the Office 365 Federation services to authenticate to CRM using your own domain accounts. http://msdn.microsoft.com/en-us/library/hh670607.aspx 

    "Active Directory Federation allows customers to use Active Directory-based domain user accounts to access services in Office 365. After federation is configured by an administrator, Active Directory-based system user accounts can be locally managed, made available to Microsoft online services, and kept in sync with changes made to the on-premises Active Directory identities. The benefit of federation is a single sign-on experience across Microsoft Dynamics CRM 2011 and Microsoft Dynamics CRM Online systems. This type of identity management is useful for large corporations that have hundreds or thousands of established users. Re-creating and managing those identities in the cloud would be a daunting task. For the sake of this discussion, online users whose identities are federated in the cloud are referred to in this documentation as “federated users”. For more information about how to configure identity federation, see Single sign-on: Roadmap. "

    Monday, May 21, 2012 5:46 PM
  • Unfortunately Maryna and Dimaz are a little out of date. It is indeed possible to use your own AD service to authenticate CRM Online users.

    Microsoft is in the process of changing the underlying billing platform for CRM Online. The previous billing and provisioning platform used Windows Live ID for authentication, but this is being phased out and replaced by the Office 365 billing and provisioning platform, which does not use Windows Live ID. The Office 365 platform supports Active Directory Federation Services so that customers can choose an alternative authentication mechanism.

    To ensure your customer uses the Office 365 billing platform, please provision their CRM Online organization using the Office 365 portal. Do not use the standard CRM Online 30 day trial route as this cannot be easily converted.

    Ken has provided a link that should get you started.


    Neil Benson, CRM Addict and MVP at Slalom Consulting. Find me on Twitter. Join over 20,000 other CRM professionals on the Microsoft Dynamics CRM group on LinkedIn.

    Tuesday, May 22, 2012 2:58 AM
    Moderator
  • Hi,

    We also have an issue there. We just moved our CRM on premise (federated) to the cloud. We are also using Office 365 E (federated). Is there any instruction on having CRM online authenticating against our ADFS or Office 365 federation instead of Windows Live? And no we did not purchase Office CRM through the Office 365 platform!

    Any help is greatly appreciated!

    Friday, June 29, 2012 9:39 AM
  • If you purchased CRM Online directly from crm.dynamics.com and use Windows Live IDs to authenticate, then no, generally you cannot switch to CRM Online through Office 365 and uses federated authentication. However, Microsoft may be willing to transition customers who have a significant number of users and who have a premier support agreement so speak to you Microsoft account manager and partner regarding your particular situation.

    Neil Benson, CRM Addict and MVP at Slalom Consulting. Find me on Twitter. Join over 20,000 other CRM professionals on the Microsoft Dynamics CRM group on LinkedIn.

    Friday, June 29, 2012 5:09 PM
    Moderator
  • Question pls, how if I already have my own AD and I don't want to use Office 365 Federation service?

    Is it possible to use my own AD and federation service to authenticate against CRM Online?

    Thursday, July 26, 2012 9:27 AM
  • If you don't want to use the Office 365 federation service then no, you can't use your own AD to authenticate against CRM Online.

    Neil Benson, CRM Addict and MVP at Slalom Consulting. Find me on Twitter. Join over 20,000 other CRM professionals on the Microsoft Dynamics CRM group on LinkedIn.

    Thursday, July 26, 2012 3:24 PM
    Moderator