web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Customer experience | Sales, Customer Insights,... / Single Sign On with AD...
Customer experience | Sales, Customer Insights,...
Answered

Single Sign On with ADFS Implementation

(0) ShareShare
ReportReport
Posted on by Pyae Phyo Aung 30

Hi CRM Experts,

Is there any way to achieve Microsoft Dynamics CRM 2013 claim base authentication with single sign on for on-premise version? We have configured claim base authentication but it requires entering user and password. But the user don't want to enter their credentials and wants to login to CRM automatically. 

Best regards,

Pyae Phyo

I have the same question (0)
  • Alan Ericson Profile Picture
    Alan Ericson Microsoft Employee on at

    With Dynamics CRM and claims-based authentication, there is the concept of the external and internal URL. If user logs into the internal URL, they should be redirected to AD FS using Windows Internal Authentication and not experience a sign-in prompt.

    The internal URL is defined on the web address tab for Dynamics CRM within the properties of the deployment in the deployment manager.

    1. On the CRM server > start > search for deployment manager > open the application
    2. Select CRM in the left hand navigation > select properties in the actions pane > web address tab
    3. Specify an alias to access the site that matches the certificate subject and resolves to the CRM web front end server(s) in DNS

    Internal URL will have the format of the address you enter for web application in the web address tab with the organization name at the end. For example:

    https://crminternal.contoso.com/ContosoCRM

    The external URL for CRM should contain the organization name in the beginning:

    https://ContosoCRM.contoso.com

    There are other factors such as SPN configured for AD FS and placing the AD FS URL in the local intranet zone for the automatic login to complete.

  • Suggested answer
    saurabhtiwarii Profile Picture
    saurabhtiwarii Microsoft Employee on at

    Apart from using the internal URL, also ensure that Windows-Integrated authentication, also known as Windows NT Challenge/Response, must be enabled in the Web site properties in IIS. Anonymous authentication is attempted first, followed by Windows-Integrated authentication, Digest authentication (if applicable), and finally Basic (clear text) authentication.

    docs.microsoft.com/.../prompt-for-username-and-password

    Additionally, enable windows integrated auth for IE and ensure that the web addreses are added in the Local Intranet.

    In IE -> Settings -> Internet Options -> Security -> Local intranet -> Sites -> Advanced -> Add

    https://answers.microsoft.com/en-us/edge/forum/edge_other-edge_win10/how-do-i-enable-integrated-windows-authentication/5668886b-659f-4fec-97b5-db68593235b9

    Configuring Chrome and Firefox for Windows Integrated Authentication

    specopssoft.com/.../

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Stars!

Congratulations to our 2025 Community Spotlights

Thanks to all of our 2025 Community Spotlight stars!

Congratulations to the February Top 10 Community Leaders

These are the community rock stars!

Leaderboard > Customer experience | Sales, Customer Insights, CRM

#1
ManoVerse Profile Picture

ManoVerse 180 Super User 2026 Season 1

#2
11manish Profile Picture

11manish 123

#3
CU11031447-0 Profile Picture

CU11031447-0 100

Last 30 days Overall leaderboard

Featured topics

Hide selecting Contact for potential customer when creating quote

Product updates

Dynamics 365 release plans