Dynamics CRM 2011 : Claims and IFD

Before configuring it, I was a bit scared to be honest. All the article I read about it were talking about its complexity and the poor documentation. I have to disagree with all this…

Here are the three articles or documents you need to read in order to successfuly implement Claims based authentication and IFD (Internet Facing Deployment).

  1. Microsoft offical documentation (download the doc named “Microsoft Dynamics CRM 2011 and Claims-based Authentication.doc”) :
  2. A Microsoft video (very pragmatic) :
  3. A blog article very detailed with useful tips :

After you have spent 1 day reading and understanding those documents, you’ll be able to go through Claims authentication configuration and IFD quite quickly. This includes ADFS 2.0 configuration and installation (which is not so difficult).

Here are some tips from my side that would help you to avoid classical mistakes :

  1. Pay attention to DNS records and make sure you always configure them properly. Use hosts file if you don’t have easy access to DNS servers, but make sure the DNS are fine.
  2. Use valid certificates. Doing so will simplify your life and you’ll avoid certificate error that might block you during the process. Don’t forget to install the intermediate certificate if needed, so that certificates are fully valid.
  3. Understand what happens. You first need to understand at least the basics of ADFS, Claims and IFD so that you can react when an error shows up. If you don’t understand what you are doing, it is likely that it won’t work. That’s why I recommand you spend one day reading documentations before starting the implementation.
  4. Install ADFS on a separate server. Your CRM will already expose a web site over HTTP and/or HTTPS and the last thing you want is the ADFS 2.0 installation to interract with your CRM installation. Use a separated machine (2 GB of RAM will do in most cases) for ADFS 2.0 deployment.

If after struggling with your configuration, you still don’t get it working, you can still request a Microsoft Consultant to help you.