web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / CRM IFD Internal/exter...
Microsoft Dynamics CRM (Archived)

CRM IFD Internal/external access

(0) ShareShare
ReportReport
Posted on by Community Member

Hello all,

The configuration is on-premise with internal user, one partner from known public IP address, and some mobile phone from Internet using the Mobile App.
I am not really aware about how CRM can be set up. I browse some configuration guide and i understood one good practice :

- Put Web Application Proxy in DMZ
- CRM on the internal network with IFD feature
- ADFS on the internal network with IFD option
- DNS provide crm/adfs name resolution

I'm not sure about how to set up access with IFD and what are side effects. If you set up IFD, everybody have to connect to the CRM through IFD ?
Is it possible to create one access for external users by publishing some URL (sts.ext.com, crm.ext.com,...) and different URL for internal usage (adfs.int.com, crm.int.com) ?

Is it possible to protect /filter the access from the partner access, for instance, we know his public IP address and we want the partner user (only one) can access the CRM only by his IP address ?

Thanks for help

Me

*This post is locked for comments

I have the same question (0)
  • David Jennaway Profile Picture
    David Jennaway 14,065 on at

    IFD depends on Claims Authentication. When you setup Claims Authentication, this will apply to all users. Put another way, internal users will use Claims Authentication, but not IFD, whereas external users will use Claims Authentication and IFD.

    You can use different CRM urls for internal and external users. Internal users can use the URL that you specify in Deployment Manager prior to setting up Claims Authentication, whereas the external users will use the URLs that you specify when you run the IFD setup - note that the external Url will always begin with the organisation name

    CRM does not provide a facility for IP address filtering, but you should be able to apply this in IIS, or in a firewall

  • Suggested answer
    Community Member Profile Picture
    Community Member on at

    Hello David,

    Thanks for your quick reply, So two differents URL on the CRM for internal and external and both will use Claims Authentication. For internal users they will get a token from the ADFS server and from external users (partners and mobiles, from the Web Application Proxy/ ADFS). So for you there is no constrain to have different FQDN and it is technically possible. Which URL and FQDN have to be set on the ADFS server ? internal one ?

    I was wondering as well about the certificate to provide to IFD, CRM, and ADFS as well. Do you have any idea about limitations or something cause cause problem ? What is really IFD and which IP address has to ?

    Last point for now, that make sense if i create three Organisational Units within AD : one for each scenario : External, Partner, and Internal. If user is in one of this OU/Group he will be allow or not to authenticate  and load CRM ?

    About the IP restriction, do you have information about MFA on the WAP ? Does it make job or i'm away ?

    Hope you will not be drown after this post, sorry lot of questions.

    Thanks

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
SA-08121319-0 Profile Picture

SA-08121319-0 4

#1
Calum MacFarlane Profile Picture

Calum MacFarlane 4

#3
Alex Fun Wei Jie Profile Picture

Alex Fun Wei Jie 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans