locked
Use Same URL for Internal and External Access for CRM 2015 IFD RRS feed

  • Question

  • I have setup a CRM2015 server for IFD access.

    ADFS and CRM are on separate servers.

    CRM server all roles

    ADFS 2.0 server.

    Using the internal URL I am able to access CRM without entering my details (as expected)

    Using the external URL I am authenticated by ADFS as expected and can sign in.

    We have an internal domain domain.local

    We have an external domain domain.com (the certificate is for *.domain.com)

    We have a DNS zone created internally for domain.com.

    CRM URLs

    internal : internalcrm.domain.com

    External : externalcrm.domain.com


    I would like all users to use the same link regardless of them being internal or external, but I would like so that any user who is on the domain is automatically logged in without entering their username and password. What is the best way to do this?

    I have tried creating a cname record on the internal domain.com zone pointing externalcrm.domain.com to internalcrm.domain.com but that didn't work, I still get the ADFS sign in page.

    Thanks


    Monday, February 16, 2015 11:54 AM

All replies

  • So fair warning, what you're asking for isn't really a supported deployment method of CRM.

    That said, you should be able to do some DNS trickery internal to your network that points your "crm.domain.com" to "crm.domain.local" and then hopefully CRM will treat the connection as if it came from an internal network.

    Otherwise, you're likely going to have to accept that everyone gets the ADFS login page internal and external to your network.


    The postings on this site are solely my own and do not represent or constitute Hitachi Solutions' positions, views, strategies or opinions.

    Monday, February 16, 2015 4:24 PM
  • Thanks Wayne

    I have tried a few solutions regarding DNS trickery none of which have worked, I always end up on the ADFS sign in page. 

    If it cant be done then it is not the end of the world, I just wanted to check if anyone had a way of getting around it.

    Tuesday, February 17, 2015 9:53 AM
  • Yah, it's definitely doable, but it's also fragile.  If it's not a show stopper, I'd recommend just having the ADFS login for everyone as a less-bad, stable solution.

    The postings on this site are solely my own and do not represent or constitute Hitachi Solutions' positions, views, strategies or opinions.

    Tuesday, February 17, 2015 2:11 PM
  • Thanks Wayne.
    Tuesday, February 17, 2015 3:07 PM