Personalized Community is here!
Quickly customize your community to find the content you seek.
Have questions on moving to the cloud? Visit the Dynamics 365 Migration Community today! Microsoft’s extensive network of Dynamics AX and Dynamics CRM experts can help.
2022 Release Wave 2Check out the latest updates and new features of Dynamics 365 released from October 2022 through March 2023
The FastTrack program is designed to help you accelerate your Dynamics 365 deployment with confidence.
FastTrack Community | FastTrack Program | Finance and Operations TechTalks | Customer Engagement TechTalks | Upcoming TechTalks | All TechTalks
Hi CRM Experts,
Is there any way to achieve Microsoft Dynamics CRM 2013 claim base authentication with single sign on for on-premise version? We have configured claim base authentication but it requires entering user and password. But the user don't want to enter their credentials and wants to login to CRM automatically.
With Dynamics CRM and claims-based authentication, there is the concept of the external and internal URL. If user logs into the internal URL, they should be redirected to AD FS using Windows Internal Authentication and not experience a sign-in prompt.
The internal URL is defined on the web address tab for Dynamics CRM within the properties of the deployment in the deployment manager.
Internal URL will have the format of the address you enter for web application in the web address tab with the organization name at the end. For example:
The external URL for CRM should contain the organization name in the beginning:
There are other factors such as SPN configured for AD FS and placing the AD FS URL in the local intranet zone for the automatic login to complete.
Apart from using the internal URL, also ensure that Windows-Integrated authentication, also known as Windows NT Challenge/Response, must be enabled in the Web site properties in IIS. Anonymous authentication is attempted first, followed by Windows-Integrated authentication, Digest authentication (if applicable), and finally Basic (clear text) authentication.
Additionally, enable windows integrated auth for IE and ensure that the web addreses are added in the Local Intranet.
In IE -> Settings -> Internet Options -> Security -> Local intranet -> Sites -> Advanced -> Add
Configuring Chrome and Firefox for Windows Integrated Authentication
Business Applications communities