Claims-based authentication: external access
Accessing Microsoft Dynamics CRM data over the Internet through an Internet-facing deployment (IFD) is now done with claims-based authentication.
The flow for claims with IFD access is largely unchanged from the flow described above for internal access. The major difference is that user authentication does not include a Kerberos ticket. When accessing AD FS, users are prompted for credentials on an AD FS 2.0 logon page. If more than one attribute store is trusted by AD FS 2.0, users are prompted to select an attribute store. Users then enter their credentials and the AD FS 2.0 server validates these logon credentials with the selected attribute store, such as AD DS.