The views and opinions expressed in this blog are those solely of the author(s) and do not necessarily reflect Microsoft’s current policy, position, or branding. For official announcements and guidance on Dynamics 365 apps and services, please visit the Microsoft Dynamics 365 Blog.
Personalized Community is here!
Quickly customize your community to find the content you seek.
Choose your path Increase your proficiency with the Dynamics 365 applications that you already use and learn more about the apps that interest you. Up your game with a learning path tailored to today's Dynamics 365 masterminds and designed to prepare you for industry-recognized Microsoft certifications.
Visit Microsoft Learn
2020 Release Wave 2Discover the latest updates and new features to Dynamics 365 planned through March 2021.
Release overview guides and videos Release Plan | Preview 2020 Release Wave 2 TimelineWatch the 2020 Release Wave 1 virtual launch event
Ace your Dynamics 365 deployment with packaged services delivered by expert consultants. | Explore service offerings
Connect with the ISV success team on the latest roadmap, developer tool for AppSource certification, and ISV community engagements | ISV self-service portal
The FastTrack program is designed to help you accelerate your Dynamics 365 deployment with confidence.
FastTrack Program | Finance TechTalks | Customer Engagement TechTalks | Upcoming TechTalks
As I revise for the MB2-710 exam I am creating posts covering all aspects of my revision. Hopefully collectively they may help others prepare for the MB2-710 certification. (Microsoft Dynamics CRM 2016 Online Deployment.)
In this post I will look at user account synchronization.
In my last post I explained the concepts I felt needed to be covered for user management, including explaining how they are created in the Office 365 Portal and later have a security role assigned within CRM. This means the Office 365 account used to access CRM Online maybe different user account used to access the company network. (Possibly running Active Directory.) This administration burden of creating users in two environments can be quite larger when an organisation has many users. (Often 1000s of users!) This admin effort can be reduced by considering one of two options;
Synchronizing Active Directory with Office 365
When synchronizing active directory with Office 365 the accounts are synchronized but not their passwords. When user log into their on-premise environment they use their “work account”, typically this will be in a domain\username format. If we synchronize AD with Office 365 the user will log into Office 365 services (including CRM online) with the same work account. Except with a revised format of email@example.com.
A synchronization process keeps the user details the same for on-premise and online environments. However, the users will have different passwords for the two environments.
Active Directory Federation Services
With Active Directory Federation Services, users log onto Office 365 with their AD account. Office 365 is synchronised with Active Directory. ADFS provides a true single sign-on experience. (SSO = Single Sign-on.)
The user logs into their on-premise system (using their AD account). When CRM online is opened they will log into automatically. Or if not already authenticated by Active Directory they would use their AD account to log into CRM online. (And other Office 365 services.)
So with ADFS the passwords are the same.
The basic idea of ADFS is that it allows sharing of identity information between trusted partners beyond the boundary of an Active Directory forest. This secure sharing of identity information is known as federation. Effectively the user does not authenticate directly to the cloud provider (in our case Office 365). Instead the user logs into AD, as they always have. The user is seamlessly logged into Office 365 because a trusted partnership exists. Equally if the user tries to access Office 365 directly they are referred back to their local ADFS server which authenticates them.
Configuring ADFS can be an involved topic, the detail of which I doubt we need to know for the MB2-710 exam. You should however delve a little deeper into this subject to ensure you are fully prepared. This post (not mine) gives a step by step guide to setting up AD FS.
This post may also provide some useful reading about integrating you on-premise identities to provide SSO.
Hopefully this post has given you a high level introduction into user account synchronization and what you might need to be aware of for the MB2-710 exam. With this topic some additional research may also be useful! J
Business Applications communities