CRM 2013 authenticating via ADFS when ADFS is in separate untrusted domain RRS feed

  • Question

  • I have the following scenario:

    CRM 2013 installed in domain A

    ADFS installed in domain B, where there is no trust between domains.

    In theory is it possible to set up CRM IFD where the only ADSF server is in domain B, and all the end users of the system are in domain B.

    But then how do I create deployment admin users in the local domain.

    I have configured CRM 2013 Claims and IFD to use the ADFS in domain B , but need to add users into the CRM system. I cannot log on to the system because CRM keeps using ADFS to authenticate.

    The documentation implies that if you are an internal user in domain A accessing crm via hostname/org name will use windows auth. But this is windows auth via ADFS ?

    I don't want to create an ADFS server on domain A if I can help it !

    thanks, John

    Friday, August 1, 2014 10:52 PM

All replies

  • ADFS must be part of the same domain (or forest) as the Active Directory where CRM users exist.  Otherwise, how would ADFS authenticate users?

    You could always set up an ADFS Proxy in a DMZ if you're worried about external access and security.

    The postings on this site are solely my own and do not represent or constitute Hitachi Solutions' positions, views, strategies or opinions.

    Wednesday, August 6, 2014 6:00 PM