web
You’re offline. This is a read only version of the page.
close
Skip to main content
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / When to use claims and...
Microsoft Dynamics CRM (Archived)

When to use claims and when to use adfs

(0) ShareShare
ReportReport
Posted on by Community Member

Hi all,

I'm getting my head slowly around Crm and the authentication methods.  I have my server set for internal users (uses claims and passes through users on domain) and external users using adfs where they must renter credentials on adfs form.

My question is why have the 2 methods? My users are all remote from data centre and access servers over VPN so presumably claims us sufficient - when would adfs be preferred?  Would that be none domain joined pc's?  Couldn't they cone in via claims and just enter credentials?

Thanks

craig 

*This post is locked for comments

I have the same question (0)
  • Bruno Lucas Profile Picture
    Bruno Lucas 5,421 on at
    RE: When to use claims and when to use adfs

    if you are outside the network, you use the external URL

    technet.microsoft.com/.../gg188591(v=crm.6).aspx

    that will display that web form login form

    if you use the external address inside, you may get a second authentication prompt

    blogs.msdn.com/.../step-by-step-configuring-crm-2013-internet-facing-deployment-ifd.aspx

    if you use the internal address inside the network, it should just open the crm as usual without prompts

  • Community Member Profile Picture
    Community Member on at
    RE: When to use claims and when to use adfs

    Thanks Bruno.  Perhaps I should rephrase the initial question as I understand the need for adfs.  Should my users, when coming to crm from the internet, be accessing it using the ifd URL or using the internal URL?  Ie using the 'sso login' or using the form logon?

    Thanks.

  • Suggested answer
    Bruno Lucas Profile Picture
    Bruno Lucas 5,421 on at
    RE: When to use claims and when to use adfs

    Another way to explain, ADFS just pick you login info and check against AD , generates a token. Claims takes this token and if it's all good it will let you in

    windowsitpro.com/.../how-adfs-does-identity-federation

    also note ADFS is a SSO and should be on the DMZ

    you need something like claims or Kerberos to communicate across different branches

    crmbook.powerobjects.com/.../authentication-models

  • Suggested answer
    Bruno Lucas Profile Picture
    Bruno Lucas 5,421 on at
    RE: When to use claims and when to use adfs

    ADFS needs claim to complete the authentication.

    "A federation server (ADFS) on one side (the Accounts side) authenticates the user in Active Directory Domain Services and then issues a token containing a series of claims "

    so it needs "Claims" to authenticating a user based on a set of claims about its identity contained in a trusted token

    msdn.microsoft.com/.../bb897402.aspx

    this is the only supported approach for exposing CRM to the outside. I've seen some folks trying some hacks and it did not end up well.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Dynamics 365 Community Calls Return
Join experts in person to explore low code and AI agents at the Power Platform Community Conference sponsored by Microsoft
Responsible AI policies for the Community

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Andrés Arias – Community Spotlight

We are honored to recognize Andrés Arias as our Community Spotlight honoree for…

Congratulations to the August Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
Aric Levin - MVP Profile Picture

Aric Levin - MVP 2 Moderator

#2
MA-04060624-0 Profile Picture

MA-04060624-0 1

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans