Configure the Microsoft Dynamics 365 server for IFD
Applies To: Dynamics 365 (on-premises), Dynamics CRM 2016
With internal claims authentication access enabled on Microsoft Dynamics 365 Server, you can now enable external claims access through IFD.
Configure an Internet-facing deployment using the Configure Internet-Facing Deployment Wizard
Start the Deployment Manager.
In the Deployment Manager console tree, right-click Microsoft Dynamics 365, and then click Configure Internet-Facing Deployment.
Click Next.
On the Make Microsoft Dynamics 365 available to users who connect through the Internet page, type the domains for the specified Microsoft Dynamics 365 Server roles, and then click Next.
Important
-
Specify domains, not servers.
-
If your deployment is on a single server or on servers that are in the same domain, the Web Application Server domain and Organization Web Service domain will be identical.
-
The Discovery Web Service domain must be a resolvable host name and not a root domain. For example: dev.contoso.com.
-
The Discovery Web Service domain must not match an organization's Fully Qualified Domain Name (FQDN). For example, the Discovery Web Service domain should not be: orgname.contoso.com.
-
The domains must be valid for the TLS/SSL certificate's common name or names.
-
The domains must be set to resolve correctly in DNS to your Microsoft Dynamics 365 servers holding the server roles.
-
The domains can be in a different domain than the domain which the Microsoft Dynamics 365 servers reside.
Example domains:
-
Web Application Server domain: contoso.com
-
Organization Web Service domain: contoso.com
-
Discovery Web Service domain: dev.contoso.com
With the example settings above, if your organization name was "orgname", clients would access your Microsoft Dynamics 365 website with the following URL: https://orgname.contoso.com.
-
In the Enter the external domain where your Internet-facing servers are located box, type the external domain information where your Internet-facing Microsoft Dynamics 365 Server servers are located, and then click Next.
The domain you specify must be a sub-domain of the Web Application Server domain specified in the previous step. By default, "auth." is pre-pended to the Web Application Server domain.
Important
-
The external domain is used by the AD FS server when retrieving the Microsoft Dynamics 365 IFD federationmetadata.xml file.
-
The external domain must not contain an organization name.
-
The external domain must not contain an underscore character (“_”).
-
The external domain must be valid for the TLS/SSL certificate's common name or names.
-
The external domain must be set to resolve correctly in DNS to your Microsoft Dynamics 365 server holding the Web Application Server role.
Example domain:
- External domain: auth.contoso.com
-
On the System Checks page, review the results, fix any problems, and then click Next.
On the Review your selections and then click Apply page, verify your selections, and then click Apply.
Click Finish.
Run the following command at a command prompt: iisreset
If you have not already done so, add host records in DNS for the IFD endpoints (for example: orgname.contoso.com, auth.contoso.com, dev.contoso.com)
To Configure an Internet-facing deployment using Windows PowerShell
Open a Windows PowerShell prompt.
Add the Microsoft Dynamics 365 Windows PowerShell snap-in:
PS > Add-PSSnapin Microsoft.Crm.PowerShell
Get the IFD settings:
PS > $ifd = Get-CrmSetting -SettingType "IfdSettings"
Configure the IFD object:
PS > $ifd.Enabled = 1 (or $true) PS > $ifd.DiscoveryWebServiceRootDomain = Discovery_Web_Service_DomainPS > $ifd.ExternalDomain = External_Server_DomainPS > $ifd.OrganizationWebServiceRootDomain= Organization_Web_Service_DomainPS > $ifd.WebApplicationRootDomain = Web_Application_Server_Domain
where:
1 = "true".
Discovery_Web_Service_Domain is the Discovery Web Service domain.
External_Server_Domain is the external server domain.
Organization_Web_Service_Domain is the Organization Web Service domain.
Web_Application_Server_Domain is the Web Application Server domain.
For the domain paths, the values for the paths must be in the form:
server:port
or
server.domain.tld:port,
where:
server is the computer name
domain is the complete sub domain path where the computer is located
tld is the top level domain, such as com or org
The :port designation is required if you are not using the standard http port (80) or https port (443).
Typically, in a Full Server or Front-end Server role deployment, the path values are the same. However, if you deploy Microsoft Dynamics 365 on multiple servers with separate server roles, that is, where the Web Application Server, Organization Web Service, or Discovery Web Service server roles are located on different servers, these path values will be different:
Web Application Server. WebApplicationServerName.domain.tld:port
Organization Web Service. OrganizationWebServiceServerName.domain.tld:port
Discovery Web Service. DiscoveryWebServiceServerName.domain.tld:port
Set the Internet-facing deployment object.
PS > Set-CrmSetting $ifd
See Also
Implement claims-based authentication: external access
© 2016 Microsoft. All rights reserved. Copyright