Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Applies To: Dynamics 365 (on-premises), Dynamics CRM 2016
With internal claims authentication access enabled on Microsoft Dynamics 365 Server, you can now enable external claims access through IFD.
Configure an Internet-facing deployment using the Configure Internet-Facing Deployment Wizard
Start the Deployment Manager.
In the Deployment Manager console tree, right-click Microsoft Dynamics 365, and then click Configure Internet-Facing Deployment.
Click Next.
On the Make Microsoft Dynamics 365 available to users who connect through the Internet page, type the domains for the specified Microsoft Dynamics 365 Server roles, and then click Next.
Important
-
Specify domains, not servers.
-
If your deployment is on a single server or on servers that are in the same ___domain, the Web Application Server ___domain and Organization Web Service ___domain will be identical.
-
The Discovery Web Service ___domain must be a resolvable host name and not a root ___domain. For example: dev.contoso.com.
-
The Discovery Web Service ___domain must not match an organization's Fully Qualified Domain Name (FQDN). For example, the Discovery Web Service ___domain should not be: orgname.contoso.com.
-
The domains must be valid for the TLS/SSL certificate's common name or names.
-
The domains must be set to resolve correctly in DNS to your Microsoft Dynamics 365 servers holding the server roles.
-
The domains can be in a different ___domain than the ___domain which the Microsoft Dynamics 365 servers reside.
Example domains:
-
Web Application Server ___domain: contoso.com
-
Organization Web Service ___domain: contoso.com
-
Discovery Web Service ___domain: dev.contoso.com
With the example settings above, if your organization name was "orgname", clients would access your Microsoft Dynamics 365 website with the following URL: https://orgname.contoso.com.
-
In the Enter the external ___domain where your Internet-facing servers are located box, type the external ___domain information where your Internet-facing Microsoft Dynamics 365 Server servers are located, and then click Next.
The ___domain you specify must be a sub-___domain of the Web Application Server ___domain specified in the previous step. By default, "auth." is pre-pended to the Web Application Server ___domain.
Important
-
The external ___domain is used by the AD FS server when retrieving the Microsoft Dynamics 365 IFD federationmetadata.xml file.
-
The external ___domain must not contain an organization name.
-
The external ___domain must not contain an underscore character (“_”).
-
The external ___domain must be valid for the TLS/SSL certificate's common name or names.
-
The external ___domain must be set to resolve correctly in DNS to your Microsoft Dynamics 365 server holding the Web Application Server role.
Example ___domain:
- External ___domain: auth.contoso.com
-
On the System Checks page, review the results, fix any problems, and then click Next.
On the Review your selections and then click Apply page, verify your selections, and then click Apply.
Click Finish.
Run the following command at a command prompt: iisreset
If you have not already done so, add host records in DNS for the IFD endpoints (for example: orgname.contoso.com, auth.contoso.com, dev.contoso.com)
To Configure an Internet-facing deployment using Windows PowerShell
Open a Windows PowerShell prompt.
Add the Microsoft Dynamics 365 Windows PowerShell snap-in:
PS > Add-PSSnapin Microsoft.Crm.PowerShell
Get the IFD settings:
PS > $ifd = Get-CrmSetting -SettingType "IfdSettings"
Configure the IFD object:
PS > $ifd.Enabled = 1 (or $true) PS > $ifd.DiscoveryWebServiceRootDomain = Discovery_Web_Service_DomainPS > $ifd.ExternalDomain = External_Server_DomainPS > $ifd.OrganizationWebServiceRootDomain= Organization_Web_Service_DomainPS > $ifd.WebApplicationRootDomain = Web_Application_Server_Domain
where:
1 = "true".
Discovery_Web_Service_Domain is the Discovery Web Service ___domain.
External_Server_Domain is the external server ___domain.
Organization_Web_Service_Domain is the Organization Web Service ___domain.
Web_Application_Server_Domain is the Web Application Server ___domain.
For the ___domain paths, the values for the paths must be in the form:
server:port
or
server.___domain.tld:port,
where:
server is the computer name
___domain is the complete sub ___domain path where the computer is located
tld is the top level ___domain, such as com or org
The :port designation is required if you are not using the standard http port (80) or https port (443).
Typically, in a Full Server or Front-end Server role deployment, the path values are the same. However, if you deploy Microsoft Dynamics 365 on multiple servers with separate server roles, that is, where the Web Application Server, Organization Web Service, or Discovery Web Service server roles are located on different servers, these path values will be different:
Web Application Server. WebApplicationServerName.___domain.tld:port
Organization Web Service. OrganizationWebServiceServerName.___domain.tld:port
Discovery Web Service. DiscoveryWebServiceServerName.___domain.tld:port
Set the Internet-facing deployment object.
PS > Set-CrmSetting $ifd
See Also
Implement claims-based authentication: external access
© 2016 Microsoft. All rights reserved. Copyright