Authentication methods

The following authentication methods are supported by Microsoft Dynamics CRM Server 2011:

  • Windows Authentication

  • Claims-based authentication: internal access

  • Claims-based authentication: external access

  • Claims-based authentication: internal and external access

Your choice of authentication method depends on your organization's design and deployment goals.

Authentication model Scenario

Windows Authentication

As in Microsoft Dynamics CRM 4.0, you can use Windows Authentication in Microsoft Dynamics CRM Server 2011 to authenticate clients using NTLM or Kerberos. Windows Authentication is used in an intranet environment where all users are members of your Active Directory domain.

Claims-based authentication: internal access

If you have a multiple domain environment where trust does not exist between the domains, or where some users exist in a different attribute store such as a partner organization, you can use claims-based authentication to handle internal user authentication.

Claims-based authentication: external access

Accessing Microsoft Dynamics CRM data over the Internet through an Internet-facing deployment (IFD) is now done with claims-based authentication.


  • After deploying claims-based authentication, internal users can continue to use Windows Authentication to access Microsoft Dynamics CRM data (for example, using http://<crmserver:port>/orgname).

  • Before deploying claims-based authentication in a production environment, first test your deployment settings in a test environment.

Send comments about this article to Microsoft.

© 2012 Microsoft Corporation. All rights reserved.