About claims authentication
Microsoft Dynamics CRM 4.0 uses Integrated Windows authentication to authenticate internal users and forms authentication to enable Internet access for external users not using VPN. Microsoft Dynamics CRM Server 2011 replaces forms authentication with claims-based authentication, an identity access solution designed to provide simplified user access and single sign-on access to Microsoft Dynamics CRM data.
Claims-based authentication is built on Windows Identity Foundation (WIF), a framework for building claims-aware applications and security token service (STS) that is standards-based and interoperable. Interoperability is provided through reliance on industry standard protocols such as WS-Federation, WS-Trust, and Security Assertion Markup Language 1.1 (SAML).This document uses Active Directory Federation Services 2.0 (AD FS 2.0) as the identity provider. In addition, information on using AD FS (version 2.1 or later) with Windows Server 2012 is provided.
In claims-based authentication, an identity provider that contains a security token service (STS) responds to authentication requests and issues SAML security tokens that include any number of claims about a user, such as a user name and groups the user belongs to. A relying party application receives the SAML token and uses the claims inside to decide whether to grant the client access to the requested resource. Claims-based authentication can be used to authenticate your organization's internal users, external users, and users from partner organizations.
For more information about claims authentication, see the Recommended reading section of this document.
This document has the following goals:
Prepare you to install and configure AD FS.
Prepare you to install and configure Microsoft Dynamics CRM Server 2011 claims-based authentication for internal access, external access (IFD), or both internal and external access.
Provide information about federation trusts, Microsoft Office Outlook connections, and other configuration considerations.
This document does not cover integrating Microsoft Dynamics CRM with Microsoft Office 365. For more information, see: Introduction to the Office 365 Deployment Guide for Enterprises