Configure an Internet-facing deployment
Configuring an Internet-facing deployment (IFD) lets users get to Dynamics 365 Customer Engagement (on-premises) from the internet, outside the company firewall, without using a virtual private network (VPN). Dynamics 365 Customer Engagement (on-premises) configured for internet access uses claims-based authentication to verify credentials of external users. When you configure Dynamics 365 Customer Engagement (on-premises) for internet access, integrated Windows authentication must remain in place for users accessing Dynamics 365 Customer Engagement (on-premises) through your LAN or WAN.
Important
Claims-based authentication is required for Dynamics 365 Customer Engagement (on-premises) Internet-facing deployment (IFD) access. If Dynamics 365 Customer Engagement (on-premises) is deployed in the same domain where all Dynamics 365 Customer Engagement (on-premises) users are located or users are located in a trusted domain, claims-based authentication is not required for intranet Dynamics 365 Customer Engagement (on-premises) access.
Before you run the Configure Claims-Based Authentication Wizard, a security token service (STS), such as Active Directory Federation Services (AD FS) must be available.
Configure Internet-facing deployment (IFD)
Start the Deployment Manager.
If you have not already done so, configure claims-based authentication.
Open the Internet-Facing Deployment Configuration Wizard in one of two ways:
In the Actions pane, select Configure Internet-Facing Deployment.
In the Deployment Manager console tree, right-click Dynamics 365 Customer Engagement (on-premises), and then select Configure Internet-Facing Deployment.
Review the page, and then select Next.
On the Make Dynamics 365 Customer Engagement (on-premises) available to users who connect through the Internet page, type the domains for the specified Dynamics 365 Server roles, and then select Next.
Note
- Specify domains, not servers.
- If your deployment is on a single server or servers in the same domain, the Web Application Server Domain and Organization Web Service Domain will be identical.
- The Discovery Web Service Domain must be a subdomain of the Web Application Server Domain. By default, "dev." is pre-pended to the Web Application Server Domain to make the Discovery Web Service Domain.
- The domains must be valid for the Transport Layer Security (TLS) or Secure Sockets Layer (SSL) certificate's common name or names.
For more information about web addresses, see Install Microsoft Dynamics CRM Server on multiple computers.
In the Enter the external domain where your Internet-facing servers are located box, type the external domain information where your internet-facing Dynamics 365 Customer Engagement (on-premises) servers are located, and then select Next.
The domain you specify must be a subdomain of the Web Application Server Domain specified in the previous step. By default, "auth." is pre-pended to the Web Application Server Domain.
On the System Checks page, review the results, fix any problems, and then select Next.
On the Review your selections and then click Apply page, verify your selections, and then select Apply.
Select Finish.
If you experience issues connecting to Dynamics 365 Customer Engagement (on-premises) through an external address, reset Internet Information Services (IIS).
Restart Internet Information Services (IIS). To do this, select Start, select Run, type
IISRESET, and then select OK.Configure relying parties for IFD.
Important
You must configure a relying party for IFD. For more information, see Configure the AD FS server for IFD.
See also
Configure claims-based authentication
Disable an Internet-facing deployment
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for