With Microsoft Dynamics CRM 4.0, you can configure your CRM implementation to work internet facing. In other words, users can access CRM without having to be logged in to your network or using VPN, and they can access all functionality, including reports.
From implementing a couple of IFD environments, I have found a few things that may not be clear from the documentation for the IFD tool.
- When you unzip the ifd tool, you have to save it to the c:\program files\microsoft crm (or whatever your crm program file name is)\tools folder, otherwise it will not run.
- When you run the IFD tool, you will need to specify only the domain name in the SDK and root domain fields—do not enter anything like crm.domain.com—just domain.com
- Your external URL for your crm needs to be in the form of crmorgname.domain.com. You will know your CRM org name because when you run the IFD tool, it will display it in the gray box in the lower left corner of the form. You will need to set up a CNAME in DNS with the name of the CRM org name pointing to the CRM URL. If you want to have your external url be something other than your crm org name, you will need to set up a CNAME pointing to the org name URL.
- If you use an ISA or other firewall, you will need to enable forms authentication for the CRM server.
- After running the IFD tool, when you go to the external url, you should see a blue login form, not the windows login box, if your IFD deployment has been successful. If you see the Windows login dialog box, CRM is trying to authenticate via Windows Authentication, not IFD mode. This login form will be located at http://crmurl.domain.com/signin.aspx
Also, be sure that if you want IFD users to be able to run reports, that you install the SRS connector. The SRS connector is located in the CRM installation.

Hi!
"If you use an ISA or other firewall, you will need to enable forms authentication for the CRM server."
How to publish a IFD CRM server behind ISA 2006? What tuning in delegation of authentification it is needed to do in a Web publishing rule, if HTTPS listener used FBA authentification and wildcard certificate *.mycompanyname.org?
Web publishing rule does not work, only Server publishing rule (https) working.
My testing CRM deployment hosting a few organizations:
https://org1.mycompanyname.org
https://org2.mycompanyname.org
Posted by: Andrey Gupalo | April 29, 2008 at 04:18 AM
OK, I did everything as you mentioned. Still getting a 400 error when trying to access the site.
I have checked ISA the path name is in place.
I ran the tool again, checked DNS says it is OK
Now why do I get a 400 error. Do you have any suggestions?
Posted by: RTW | June 09, 2008 at 11:11 AM
Hi,
thanks for this post. But when I go from external URL (http://crmorgname.domain.com) I get Windows login dialog box and when I go straight to http://crmorgname.domain.com/signin.aspx and set my credentials, the authentication works. Is it ok? Or should I set anything else, becouse when I set only On Premise in IFD Tools the authentication from http://crmorgname.domain.com/signin.aspx faild.
Thanks,
Tomas
Posted by: tomasK | June 27, 2008 at 05:46 AM
Thanks for the article. Is there any way I could put a link on the IFD Sign-in page to a third party Password Reminder application?
Posted by: Ben | February 27, 2009 at 04:01 PM
Ben,
You could possibly edit the signin.aspx page; however, be aware that it is not supported by Microsoft.
Posted by: Joel Lindstrom | February 27, 2009 at 04:39 PM
I've managed to get my CRM working with ifd. I can see the form-based autentication page instead the windows's authentication box but I'm unable to identify over that form. I allways get "Wrong user and password". I use the same user and password I've used using the web with OnPremise mode.
¿Any ideas?
Thanks in advance, I'm getting crazy
Posted by: Eduardo | August 03, 2009 at 01:46 PM
two things to try:
1. If your AD user is in the same domain as CRM is installed, just enter your user ID and password, not your domain\userid.
2. Make sure that the asynchronous processing service is running on the CRM server. IFD logins do not work if the Asynch service is not running.
3. When you run the IFD tool, if your crm web site is on a port other than 80, enter the port number with your external domain in the form. For example, "customereffective.com:5555" Then when you enter the IFD URL, enter the port as well.
Posted by: Joel Lindstrom | August 03, 2009 at 02:18 PM
Has anyone done modifications to the "signin.aspx" page? If yes please respond. We also need to place a "Forgot Password" feature on this IFD login page.
Thanks in advance,
Dinesh
Posted by: Dinesh | October 12, 2009 at 06:57 AM
Dinesh,
Yes, it is possible ;however, be aware that this is not supported. If you go down this road you will need to thoroughly test each update or upgrade, as your modified ASPX page will likely be overwritten at some point.
Also, this file is shared between all organizations, so if you change it for one, everybody will see the modified ASPX page.
Posted by: Joel Lindstrom | October 14, 2009 at 01:47 PM
Are there any mainstream addon's not supported on IFD?
Posted by: Alex | February 04, 2010 at 11:14 AM