Edit

Share via

Configure the Microsoft Dynamics 365 server for IFD

  • Article

With internal claims authentication access enabled on Dynamics 365 Server, you can now enable external claims access through IFD.

Configure an Internet-facing deployment using the Configure Internet-Facing Deployment Wizard

  1. Start the Deployment Manager.

  2. In the Deployment Manager console tree, right-click Dynamics 365 Customer Engagement (on-premises), and then select Configure Internet-Facing Deployment.

  3. Select Next.

  4. On the Make Dynamics 365 Customer Engagement (on-premises) available to users who connect through the Internet page, type the domains for the specified Dynamics 365 Server roles, and then select Next.

    Important

    • Specify domains, not servers.
    • If your deployment is on a single server or on servers that are in the same domain, the Web Application Server domain and Organization Web Service domain will be identical.
    • The Discovery Web Service domain must be a resolvable host name and not a root domain. For example: dev.contoso.com.
    • The Discovery Web Service domain must not match an organization's Fully Qualified Domain Name (FQDN). For example, the Discovery Web Service domain should not be: orgname.contoso.com.
    • The domains must be valid for the TLS/SSL certificate's common name or names.
    • The domains must be set to resolve correctly in DNS to your Dynamics 365 Customer Engagement (on-premises) servers holding the server roles.
    • The domains can be in a different domain than the domain which the Dynamics 365 Customer Engagement (on-premises) servers reside.

    Example domains:

    • Web Application Server domain: contoso.com
    • Organization Web Service domain: contoso.com
    • Discovery Web Service domain: dev.contoso.com

    With the example settings above, if your organization name was "orgname", clients would access your Dynamics 365 Customer Engagement (on-premises) website with the following URL: https://orgname.contoso.com.

    Configure IFD server role domains.

  5. In the Enter the external domain where your Internet-facing servers are located box, type the external domain information where your Internet-facing Dynamics 365 Server servers are located, and then select Next.

    The domain you specify must be a sub-domain of the Web Application Server domain specified in the previous step. By default, "auth." is pre-pended to the Web Application Server domain.

    Important

    • The external domain is used by the AD FS server when retrieving the Dynamics 365 Customer Engagement (on-premises) IFD federationmetadata.xml file.
    • The external domain must not contain an organization name.
    • The external domain must not contain an underscore character (“_”).
    • The external domain must be valid for the TLS/SSL certificate's common name or names.
    • The external domain must be set to resolve correctly in DNS to your Dynamics 365 Customer Engagement (on-premises) server holding the Web Application Server role.

    Example domain:

    • External domain: auth.contoso.com

    Configure IFD external domain.

  6. On the System Checks page, review the results, fix any problems, and then select Next.

  7. On the Review your selections and then click Apply page, verify your selections, and then select Apply.

  8. Select Finish.

  9. Run the following command at a command prompt: iisreset

  10. If you have not already done so, add host records in DNS for the IFD endpoints (for example: orgname.contoso.com, auth.contoso.com, dev.contoso.com)

To Configure an Internet-facing deployment using Windows PowerShell

  1. Open a Windows PowerShell prompt.

  2. Add the Dynamics 365 Customer Engagement (on-premises)Windows PowerShell snap-in:

    PS > Add-PSSnapin Microsoft.Crm.PowerShell

  3. Get the IFD settings:

    PS > $ifd = Get-CrmSetting -SettingType "IfdSettings"

  4. Configure the IFD object:

    PS > $ifd.Enabled = 1 (or $true) PS > $ifd.DiscoveryWebServiceRootDomain = Discovery_Web_Service_DomainPS > $ifd.ExternalDomain = External_Server_DomainPS > $ifd.OrganizationWebServiceRootDomain= Organization_Web_Service_DomainPS > $ifd.WebApplicationRootDomain = Web_Application_Server_Domain

    where:

    • 1 = "true".

    • Discovery_Web_Service_Domain is the Discovery Web Service domain.

    • External_Server_Domain is the external server domain.

    • Organization_Web_Service_Domain is the Organization Web Service domain.

    • Web_Application_Server_Domain is the Web Application Server domain.

    For the domain paths, the values for the paths must be in the form:

    server:port

    or

    server.domain.tld:port,

    where:

    • server is the computer name

    • domain is the complete sub domain path where the computer is located

    • tld is the top level domain, such as com or org

    • The :port designation is required if you are not using the standard http port (80) or https port (443).

    Typically, in a Full Server or Front-end Server role deployment, the path values are the same. However, if you deploy Dynamics 365 Customer Engagement (on-premises) on multiple servers with separate server roles, that is, where the Web Application Server, Organization Web Service, or Discovery Web Service server roles are located on different servers, these path values will be different:

    • Web Application Server. WebApplicationServerName.domain.tld:port

    • Organization Web Service. OrganizationWebServiceServerName.domain.tld:port

    • Discovery Web Service. DiscoveryWebServiceServerName.domain.tld:port

  5. Set the Internet-facing deployment object.

    PS > Set-CrmSetting $ifd

See Also

Implement claims-based authentication: external access