Authentication methods
The following authentication methods are supported by Microsoft Dynamics CRM Server 2011:
Windows Authentication
Claims-based authentication: internal access
Claims-based authentication: external access
Claims-based authentication: internal and external access
Your choice of authentication method depends on your organization's design and deployment goals.
Authentication model | Scenario |
---|---|
Windows Authentication |
As in Microsoft Dynamics CRM 4.0, you can use Windows Authentication in Microsoft Dynamics CRM Server 2011 to authenticate clients using NTLM or Kerberos. Windows Authentication is used in an intranet environment where all users are members of your Active Directory domain. |
Claims-based authentication: internal access |
If you have a multiple domain environment where trust does not exist between the domains, or where some users exist in a different attribute store such as a partner organization, you can use claims-based authentication to handle internal user authentication. |
Claims-based authentication: external access |
Accessing Microsoft Dynamics CRM data over the Internet through an Internet-facing deployment (IFD) is now done with claims-based authentication. |
Important
- After deploying claims-based authentication, internal users can continue to use Windows Authentication to access Microsoft Dynamics CRM data (for example, using http://<crmserver:port>/orgname).
- Before deploying claims-based authentication in a production environment, first test your deployment settings in a test environment.