locked
Portal User management with Dynamics CRM 2011 RRS feed

  • Question

  • Hi All,

    I have to come up with a design for User management. I have 200 Internal Users for CRM 2011 and 11,000 external users. This on-premises deployment. What is the best solution to keep the users separate.

    I proposed an idea. Keep the internal users in Active directory as the Regular authentication for Full CRM users.

    And for external portal users, what i am proposing is:

    Store external users credentials in the Contacts entity of D-CRM
    Keep Contractor credentials in D-CRM database (DB).

    Purpose:
    For Authenticate process, match users credentials using Form authentication or SQL authentication.
    For Authorization process, create roles and privileges in D-CRM and assign roles to the External Users.
    Role maintenance will be easier and resolve the Authorization issue.

    Is there any other best way to do it.

    I am getting suggestions that i should keep the external Users in Another Active directory and handle them there and create authentication token form there and give access to DCRM DB which is exposed in portal. I think handling 18,000 usersin AD is too much. Is it something right and doable?

    Let me know if anybody has implemented any other way. i am looking for best option.

    Also if anybody know 2-3 option pls share with me. I am looking for personal exp. rather than searching Microsoft Articles.

    Thanks.

    Portal User management with Dynamics CRM 2011

    Puneet Joshi
    Tuesday, April 12, 2011 9:21 PM

Answers

All replies

  • From a licensing perspective, it is probably only viable for the portal users to access CRM via a custom portal, rather than as CRM systemusers (because you'd only have to pay for the external connector license, rather than a clents license for each of the 11000 users).

    For authentication, I don't particularly storing credentials in CRM; I prefer to use an external credential store, and link the credentials to CRM contact (or other records). My favourite is to use the ASP .Net MembershipProvider classes, which can use either a separate SQL server database, or a separate AD in application mode (ADAM) for the credentials. I'm not an expert on AD size limits, but 18000 users in AD sounds perfectly fine to me.

    You'll need to do some work on authorisation. CRM authorisation is based on allocating rights to users or teams, so cannot be applied directly to your external users. It might be possible to associated the external users with teams, which might allow you to use roles and privileges, but I'm not convinced how viable that will be. We built a separate authorisation model using custom CRM entities to manage the rights for external users. 


    Microsoft CRM MVP - http://mscrmuk.blogspot.com  http://www.excitation.co.uk
    Wednesday, April 13, 2011 8:35 AM
    Moderator
  • Thanks for the info, it was helpful.

    But if i keep the external users in AD .. how can some funtionalities like Create User from Portal, Reset Password (Self Service) can be handled.

    I believe the AD is have to do with Windows Authentication? How can external user modify their credentials. Is their any mechanism to link the external user after they verified from AD and link them to CRM contacts or other Records.

    I am curious to know that.

    Thanks

     

     


    Puneet Joshi
    Tuesday, May 3, 2011 11:56 PM
  • The ASP.Net ActiveDirectoryMembershipProvider class provides methods to create users, reset passwords etc.

    Re linking the AD user with a CRM record, there are several options. The simplest will be store the user's username (which will need to be unique) in an attribute of the CRM record


    Microsoft CRM MVP - http://mscrmuk.blogspot.com  http://www.excitation.co.uk
    Wednesday, May 4, 2011 10:11 AM
    Moderator
  • Thanks ... Great help .. appreciated ...

    I will keep in touch with you ...


    Puneet Joshi
    Wednesday, May 4, 2011 2:10 PM
  • From a licensing perspective, it is probably only viable for the portal users to access CRM via a custom portal, rather than as CRM systemusers (because you'd only have to pay for the external connector license, rather than a clents license for each of the 11000 users).


    Hi David,

    How can I install and use this external connector license? What will be the connection string?

    What are pros/cons of using this external connector over using internal users credentials in connection string?

    Need inputs on priority, thanks in advance.


    Thanks and Regards, Manohar R. Pokharkar Consultant | Technology Services | Capgemini
    Tuesday, July 19, 2011 1:59 PM