Add the AD FS website to the Local intranet security zone

Applies To: Dynamics 365 (on-premises), Dynamics CRM 2016

Because the AD FS website is loaded as a FQDN, Internet Explorer places it in the Internet zone. By default, Internet Explorer clients do not pass Kerberos tickets to websites in the Internet zone. You must add the AD FS website to the Intranet zone in Internet Explorer on each client computer accessing Microsoft Dynamics 365 data internally.

Add the AD FS server to the Local intranet zone

1. In Internet Explorer, click Tools, and then click Internet Options.

2. Click the Security tab, click the Local intranet zone, and then click Sites.

3. Click Advanced.

4. In Add this website to the zone, type the URL for your AD FS server, for example, https://sts1.contoso.com.

5. Click Add, click Close, and then click OK.

6. Select the Advanced tab. Scroll down and verify that under Security Enable Integrated Windows Authentication is checked.

7. Click OK to close the Internet Options dialog box.

You will need to update the Local intranet zone on each client computer accessing Microsoft Dynamics 365 data internally.

See Also

Implement claims-based authentication: internal access

© 2017 Microsoft. All rights reserved. Copyright