Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Dynamics 365 Community / Forums / Customer experience | Sales, Customer Insights,... / Single Sign On with AD...
Customer experience | Sales, Customer Insights,...
Answered

Single Sign On with ADFS Implementation

(0) ShareShare
ReportReport
Posted on by Pyae Phyo Aung 30

Hi CRM Experts,

Is there any way to achieve Microsoft Dynamics CRM 2013 claim base authentication with single sign on for on-premise version? We have configured claim base authentication but it requires entering user and password. But the user don't want to enter their credentials and wants to login to CRM automatically. 

Best regards,

Pyae Phyo

  • Suggested answer
    saurabhtiwarii Profile Picture
    saurabhtiwarii on at
    RE: Single Sign On with ADFS Implementation

    Apart from using the internal URL, also ensure that Windows-Integrated authentication, also known as Windows NT Challenge/Response, must be enabled in the Web site properties in IIS. Anonymous authentication is attempted first, followed by Windows-Integrated authentication, Digest authentication (if applicable), and finally Basic (clear text) authentication.

    docs.microsoft.com/.../prompt-for-username-and-password

    Additionally, enable windows integrated auth for IE and ensure that the web addreses are added in the Local Intranet.

    In IE -> Settings -> Internet Options -> Security -> Local intranet -> Sites -> Advanced -> Add

    https://answers.microsoft.com/en-us/edge/forum/edge_other-edge_win10/how-do-i-enable-integrated-windows-authentication/5668886b-659f-4fec-97b5-db68593235b9

    Configuring Chrome and Firefox for Windows Integrated Authentication

    specopssoft.com/.../

  • Alan Ericson Profile Picture
    Alan Ericson on at
    RE: Single Sign On with ADFS Implementation

    With Dynamics CRM and claims-based authentication, there is the concept of the external and internal URL. If user logs into the internal URL, they should be redirected to AD FS using Windows Internal Authentication and not experience a sign-in prompt.

    The internal URL is defined on the web address tab for Dynamics CRM within the properties of the deployment in the deployment manager.

    1. On the CRM server > start > search for deployment manager > open the application
    2. Select CRM in the left hand navigation > select properties in the actions pane > web address tab
    3. Specify an alias to access the site that matches the certificate subject and resolves to the CRM web front end server(s) in DNS

    Internal URL will have the format of the address you enter for web application in the web address tab with the organization name at the end. For example:

    https://crminternal.contoso.com/ContosoCRM

    The external URL for CRM should contain the organization name in the beginning:

    https://ContosoCRM.contoso.com

    There are other factors such as SPN configured for AD FS and placing the AD FS URL in the local intranet zone for the automatic login to complete.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

December Spotlight Star - Muhammad Affan

Congratulations to a top community star!

Top 10 leaders for November!

Congratulations to our November super stars!

Tips for Writing Effective Suggested Answers

Best practices for providing successful forum answers ✍️

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,253 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 230,188 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans