11 Nov’16

Dynamics CRMSSO configuration for CRM Portal


  1. Internet facing Domain controller (if it’s an On-Prem DC)
  2. Setup the ADFS Role in our Domain Controller [Which will act as a IdP]
  3. Dynamic CRM online 2016 and CRM Portal

Setting Up ADFS

Open the ADFS Management in the server manager [Tool > AD FS Management]

In AD FS Management tool, select Service > Claim Descriptions.

SSO configuration for CRM Portal

Step 1: Add Claim Description

Click on Add Claim Description

  1. Add Display name as “Persistent Identifier”
  2. Add Claim Identifier as “urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
  3. Check the “Publish this claim description in federation metadata as a claim type that this Federation Service can accept”
  4. Check then “Publish this claim description in federation metadata as a claim type that this Federation Service can send”
  5. Click on Save.

Step 2: Add Relying Party trust

Go to Trust Relationships >Relying Party Trust

  1. Click on Add Relying Party Trust
  2. Click on Start
  3. Select “Enter data about the relying party manually” and then Click Next
  4. Enter “Display Name” then Click Next
  5. Select “AD FS Profile” then Click Next
  6. In configure Setup Leave the setting as it is and just click Next.
  7. In Configure URL Select “Enable support for the SAML 2.0 WebSSO protocol” and add URL https://YourPrortalURL/Signin-saml2 [Append the “Signin-saml2” to your portal URL it’s an CRM portal internal URL which will internally manage the SAML Authorization].
  8. In Configure Multifactor Authentication Just click Next as here we are not focused on multifactor authentication.
  9. In Choose Issuance Authorization Rules, select “Permit all users to access this relying party”, click Next
  10. In Ready to Add Trust, Click Next.
  11. Finally Click Close. When we close it open another dialog for setup the claim rule.
  12. Click On “Add Rule”
  13. In claim rule template select “Transform an incoming Claim”
  14. Select Incoming Claim Type as “Window Account Name”
  15. Select Outgoing Claim Type as “Name ID”
  16. Select Outgoing Name ID format “Persistent Identifier” [ created in 1st step]
  17. Select “Pass through all Claim Values”
  18. Then click on Finish.

Setting in CRM Portal (Site Setting)

Login to CRM Using admin OR Customizer role, then go to Portal Site setting as Shown below,

In site setting add below 4 records to enable SSO using AD FS, before that make sure Authentication/Registration/ExternalLoginEnabled is set to “True”.

  1. Add New Site setting as “Authentication/SAML2/ADFS/MetadataAddress” where value of this setting will be https://adfs_domain/FederationMetadata/2007-06/FederationMetadata.xml Just append the “FederationMetadata/2007-06/FederationMetadata.xml” to your AD FS domain name also make sure your AD FS has “Https”
  2. “Authentication/SAML2/ADFS/AuthenticationType” where value of this setting will be https://adfs_domain/adfs/services/trust Just append the “adfs/services/trustto your AD FS domain name
  3. “Authentication/SAML2/ADFS/ServiceProviderRealm” where the value will be your portal URL.
  4. “Authentication/SAML2/ADFS/AssertionConsumerServiceUrl” where value will be “https://portalURL/signin-saml2”

After this setting just restart you CRM Portal, then you can use SSO in Your Portal.

Written by

Team Member


Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload the CAPTCHA.

Want to streamline your business processes?

  • This field is for validation purposes and should be left unchanged.

Recent Articles

  • Managing mailbox through Email Archiving

    20 March’ 2018

    Introduction: Email can fill your Outlook Inbox quickly – new messages, replies, and forwards. Before you know it, yo...

    Read more
  • Workaround to Report.SAVEASPDF in NAV 2018

    20 March’ 2018

    Objective: In NAV 2017 Emailing the PDF by running the report using Report.SAVEASPDF is now not allowed in NAV 2018. Th...

    Read more
  • Dynamics 365 Client Diagnostics

    15 March’ 2018

    Main cause of Performance Issues: Bandwidth and latency are the primary characteristics which affects the performance o...

    Read more
  • Closing Blind Shift in MPOS and CPOS in Dynamics 365 for Retail

    15 March’ 2018

    Manual For closing Blind shift in POS: Blind shifts terminate the currently ongoing shift and when logged in a new shif...

    Read more
  • Persistent Filters in the Power BI Service

    13 March’ 2018

    Introduction: The feature is finally release, and it is power BI has announced general availability of persistent filt...

    Read more