« CRM New Year's Resolutions | Main | Microsoft Dynamics CRM 4.0 Rollup 2 Released »
January 13, 2009
Configuring an IFD-only Microsoft Dynamics CRM Implementation
As you are probably aware, you can configure Microsoft Dynamics CRM 4.0 to be fully accessible from outside of your network using the CRM IFD tool. Using this simple executable you can configure your CRM environment to work only "On Premises" (only over the network) or "IFD + On Premises" (Windows authentication while on the network, forms authentication when off the network).
But what if you want to configure CRM to work exclusively in IFD mode? Consider the following scenario--you have some users who are in the office and some who use CRM remotely, and you want to standardize your user processes and CRM URL for all users.
You will notice when you run the CRM IFD tool that there is no option for IFD only; however, it can be done.
To configure IFD Only, you would still select IFD + On Premises, and enter in the IP address of your server. The trick is the subnet--this determines which PC's are internal vs. external.
So if you want everything to be treated as external and sent to IFD, you would enter the IP address of your server, but enter a subnet that is different than your network.
For example, if my internal subnet was 255.255.252.0 and my CRM server ip address was 10.10.10.10. I could put 10.10.10.10 - 255.255.255.255 in the subnet, and then all users would be considered outside of the subnet and would get the IFD sign-in page, except if they log on from the CRM server.
TrackBack
TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00e54fb34b6f8833010536cbce37970c
Listed below are links to weblogs that reference Configuring an IFD-only Microsoft Dynamics CRM Implementation:
Comments
Verify your Comment
Previewing your Comment
This is only a preview. Your comment has not yet been posted.
As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.
Having trouble reading this image? View an alternate.
Hi Dear i have deployed the IFD but i am facing an issue... i.e. Sigin page is showing blank. Can you please help me out on this.
Posted by: Hammad | January 16, 2009 at 02:53 AM
Hello Hammad,
I would recommend that you verify the following items to troubleshoot your IFD issue:
1. Is your URL in the following format: http://crmorgname.domain.com
2. Did expose the port of your crm environment (443 for ssl, 80 or 5555 for http)
3. Are you pointing the URL to your crm IP address?
if those are true, what happens when you go to your ifd URL/signin.aspx? This should bring up your signin page. If it does not, there is probably something in your firewall that is not allowing external access to your crm environment.
Posted by: Customer Effective | January 16, 2009 at 11:20 PM
I came across this post and have a question - if a user is already windows authenticated, is there a way to bypass the login form and get the cookie automatically?
Posted by: Brendan | February 17, 2009 at 12:55 PM
Brendan,
Great question, if the user is connected to the network via windows authentication, I would think you would want to do a standard IFD deployment where they are connected via Windows authentication when connected to the network.
A typical IFD deployment gives you two URL's--one for internal (windows authentication) and one for external (forms authentication). Of course, based on your dns rules you could set up the same URL for both.
The important point is that based on the values that you enter in the IFD config tool, CRM will look at the IP and subnet of the machine connecting to CRM and determine whether to windows authenticate or forms authenticate.
The point of this post is for a rare exception where a company wants everybody to authenticate via forms authentication--for example, they want to have a single process that everyone uses to access CRM and develop their training materials accordingly.
BTW, if your users are using IFD and the Outlook client, it will store their credentials and they won't have to type in their credentials every time that they go to CRM.
Posted by: Joel Lindstrom | February 19, 2009 at 06:23 AM
Wish I saw your post 3 days ago. Would have saved me a lot of time. Thanks
Posted by: Steve Pogrebivsky | May 10, 2009 at 07:51 PM
Let's say you want to have an IFD-only installation, as you suggested above. In the Outlook client, will users still have the ability to work in the "Offline" mode, if an Internet connection is not available?
Posted by: Sarah Compter | December 17, 2009 at 09:38 AM