Claim based & IFD configuration RRS feed

  • Question

  • Hi,

       I haven't  did Claim based & IFD configuration.so right now i am trying to configure Claim based & IFD for this where i need to install the AD FS.

    I have one server for Domain Controller (server.domain.com) and one server for CRM 2011(crm.domain.com).

    How do i need to configure dns for this?

    Where i need to install AD FS (in domain server or in crm server)

    is discover server is a separate server or it is a service in crm?

    is there is any additional server required to configure for configuring Claim based & IFD because i go-through the following link provided by microsoft:http://www.microsoft.com/download/en/details.aspx?id=3621

    their they have mentioned we need to create the following DNS entries:


    Internal URL used to access Microsoft Dynamics (for example, internalcrm.contoso.com).

    ·      External URL used to access Microsoft Dynamics - Web Application Server domain (for example, orgname.contoso.com).

    ·      Microsoft Dynamics CRM Organization Web Service domain. Differs from the record used for external access if you have separate domains (for example, orgname.subdm.contoso.com).

    ·      Microsoft Dynamics CRM Discovery Web Service domain (for example, dev.contoso.com).

    ·      AD FS 2.0 server (for example, sts1.contoso.com).

    ·      External IFD URL - Microsoft Dynamics CRM IFD federation endpoint (for example, auth.contoso.com). This record will be used by the AD FS 2.0 server when retrieving the Microsoft Dynamics CRM IFD federationmetadata.xml file.

    Pls guide me!

    Thanks in advance,


    Cheers : Jeriesh

    • Split by Donna EdwardsMVP Friday, September 9, 2011 11:21 AM different issue
    • Edited by Jeriesh Friday, September 9, 2011 12:51 PM to
    Friday, September 9, 2011 11:06 AM

All replies

  • Hi,

    You need to install ADFS role in domain server, i would suggest you to use the following step by step guide (http://www.interactivewebs.com/blog/index.php/server-tips/microsoft-crm-2011-how-to-configure-ifd-hosted-setup/) for complete configuration.

    Jehanzeb Javeed

    Linked-In Profile |CodePlex Profile

    If you find this post helpful then please "Vote as Helpful" and "Mark As Answer".
    Friday, September 9, 2011 1:32 PM
  • Hi Jehanzeed,

       Thank you for the above link now i got some idea to configure IFD,in that that they have created four dns entries like:

    1. sts.domain.com
    2. auth.domain.com
    3. dev.domain.com
    4. Your ORG name.

    I have one ad server and one crm server for this i have already created the dns entries.

    what is that auth.domain.com

    also,where i need to install the AD FS 2.0 in AD Server or in CRM Server.

    Pls Guide


    Thanks in advance


    Cheers : Jeriesh
    Saturday, September 10, 2011 6:14 AM
  • Hi Jeriesh,

    You can install ADFS on any machine.

    You just need to give the relaying parties in ADFS configuration.



    Khaja Mohiddin|||||http://www.dynamicsexchange.com/
    Saturday, September 10, 2011 1:53 PM
  • Hi,

       I have CRM 2011 server edition so i can create different organization in side CRM,so i am not going to create subdomains.In that case do i need to go for wildcard certificate or ssl certificate is enough? please suggest!


    Thanks in advance


    Cheers : Jeriesh
    • Edited by Jeriesh Tuesday, September 13, 2011 12:06 PM to
    Tuesday, September 13, 2011 12:06 PM
  • Hi Jeriesh,

    If it is a Production Environment go with Wildcard(third party providers godaddy,...).

    If it is a test environment then you can go with SSL Certificate.

    If you are using only one CRM Organization then you can go with 5 sub domain certificate(third party providers)



    Khaja Mohiddin|||||http://www.dynamicsexchange.com/
    • Proposed as answer by Khaja Mohiddin Thursday, September 15, 2011 9:43 AM
    Tuesday, September 13, 2011 5:12 PM
  • Hi Jeriesh,

    Please go through following Vedio and article on how to configure ADFS please review this video




      The URLs that you need to have DNS entries for are as follows:-

    Please do not forget to keep your internal and external URLs for CRM different, or else it will cause issues later.


    Certifcates: Use same wildcard certificate to bind on CRM and ADFS website.

    ADFS you can either install on CRM server or can keep it as different server.


    Tuesday, September 13, 2011 11:38 PM