Skip to main content

Notifications

Announcements

No record found.

Microsoft Dynamics CRM forum
Answered

Single Sign On with ADFS Implementation

Posted on by 30

Hi CRM Experts,

Is there any way to achieve Microsoft Dynamics CRM 2013 claim base authentication with single sign on for on-premise version? We have configured claim base authentication but it requires entering user and password. But the user don't want to enter their credentials and wants to login to CRM automatically. 

Best regards,

Pyae Phyo

  • Suggested answer
    RE: Single Sign On with ADFS Implementation

    Apart from using the internal URL, also ensure that Windows-Integrated authentication, also known as Windows NT Challenge/Response, must be enabled in the Web site properties in IIS. Anonymous authentication is attempted first, followed by Windows-Integrated authentication, Digest authentication (if applicable), and finally Basic (clear text) authentication.

    docs.microsoft.com/.../prompt-for-username-and-password

    Additionally, enable windows integrated auth for IE and ensure that the web addreses are added in the Local Intranet.

    In IE -> Settings -> Internet Options -> Security -> Local intranet -> Sites -> Advanced -> Add

    https://answers.microsoft.com/en-us/edge/forum/edge_other-edge_win10/how-do-i-enable-integrated-windows-authentication/5668886b-659f-4fec-97b5-db68593235b9

    Configuring Chrome and Firefox for Windows Integrated Authentication

    specopssoft.com/.../

  • Alan Ericson Profile Picture
    Alan Ericson on at
    RE: Single Sign On with ADFS Implementation

    With Dynamics CRM and claims-based authentication, there is the concept of the external and internal URL. If user logs into the internal URL, they should be redirected to AD FS using Windows Internal Authentication and not experience a sign-in prompt.

    The internal URL is defined on the web address tab for Dynamics CRM within the properties of the deployment in the deployment manager.

    1. On the CRM server > start > search for deployment manager > open the application
    2. Select CRM in the left hand navigation > select properties in the actions pane > web address tab
    3. Specify an alias to access the site that matches the certificate subject and resolves to the CRM web front end server(s) in DNS

    Internal URL will have the format of the address you enter for web application in the web address tab with the organization name at the end. For example:

    https://crminternal.contoso.com/ContosoCRM

    The external URL for CRM should contain the organization name in the beginning:

    https://ContosoCRM.contoso.com

    There are other factors such as SPN configured for AD FS and placing the AD FS URL in the local intranet zone for the automatic login to complete.

Helpful resources

Quick Links

Replay now available! Dynamics 365 Community Call (CRM Edition)

Catch up on the first D365 Community Call held on 7/10

Community Spotlight of the Month

Kudos to Saurav Dhyani!

Congratulations to the June Top 10 community leaders!

These stars go above and beyond . . .

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 287,989 Super User

#2
Martin Dráb Profile Picture

Martin Dráb 225,588 Super User

#3
nmaenpaa Profile Picture

nmaenpaa 101,148

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans