Export (0) Print
Expand All

Add the AD FS website to the Local intranet security zone

Applies To: CRM 2015 on-prem

Because the AD FS website is loaded as a FQDN, Internet Explorer places it in the Internet zone. By default, Internet Explorer clients do not pass Kerberos tickets to websites in the Internet zone. You must add the AD FS website to the Intranet zone in Internet Explorer on each client computer accessing Microsoft Dynamics CRM data internally.

  1. In Internet Explorer, click Tools, and then click Internet Options.

  2. Click the Security tab, click the Local intranet zone, and then click Sites.

  3. Click Advanced.

  4. In Add this website to the zone, type the URL for your AD FS server, for example, https://sts1.contoso.com.

  5. Click Add, click Close, and then click OK.

  6. Select the Advanced tab. Scroll down and verify that under Security Enable Integrated Windows Authentication is checked.

  7. Click OK to close the Internet Options dialog box.

You will need to update the Local intranet zone on each client computer accessing Microsoft Dynamics CRM data internally. To use Group Policy to push this setting to all domain-joined internal client computers do the following.

  1. Use Internet Explorer to add the AD FS server to the Local intranet zone following the preceding steps. You will import these settings in your Group Policy Object (GPO).

  2. Click Start, click Administrative Tools, and then click Group Policy Management.

  3. Right-click the Group Policy Object (GPO) you use to publish changes to client computers in your domain and then click Edit.

  4. Under User Configuration, expand Policies, expand Windows Settings, expand Internet Explorer Maintenance, click Security, and then double-click Security Zones and Content Ratings.

  5. Under Security Zones and Privacy select Import the current security zones and privacy settings.

    Read the information about enhanced security configuration carefully. If the local intranet zone is considered a trusted zone without enhanced security configuration, click Continue. If the local intranet zone requires enhanced security, follow the directions on this screen and click Cancel.

  6. Click OK.

  7. Group Policy setting will refresh after 90 minutes. Clients can refresh immediately by running gpudate /force.

See Also

Send comments about this article to Microsoft.

© 2014 Microsoft Corporation. All rights reserved.
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

© 2014 Microsoft