Claims access and partner companies
To provide access to an additional federation server, for example, if you want a partner company to have access to your Microsoft Dynamics CRM Server 2011 data, the partner company’s federation server needs to have a trust relationship with your AD FS 2.0 federation server. For more information about federation trusts, see Provide Users in Another Organization Access to Your Claims-Aware Applications and Services (https://go.microsoft.com/fwlink/?LinkID=203813).
To set up a federation trust
On the AD FS 2.0 server used with Microsoft Dynamics CRM Server 2011, create a claims provider trust for the partner company’s federation server. Add a claims rule to pass through UPN claims. Use the following settings:
Data Source: the path to the partner company’s federation data.
Claim rule template: Pass Through or Filter an Incoming Claim
Claim rule name: Pass through UPN (or something descriptive)
Incoming claim type: UPN
Pass through all claim values
On the partner company’s federation server, create a relying party trust for the AD FS 2.0 server used with Microsoft Dynamics CRM Server 2011. Use the following settings:
Data Source: the path to the AD FS 2.0 server used with Microsoft Dynamics CRM Server 2011 federation data.
Rule type: Issuance Transform Rules
Claim rule template: Send LDAP Attributes as Claims
Claim rule name: LDAP UPN --> Claim UPN (or something descriptive)
LDAP Attribute: User-Principal-Name
Outgoing Claim Type: UPN