Add the AD FS website to the Local intranet security zone

  • Article

 

Applies To: Dynamics CRM 2015

Because the AD FS website is loaded as a FQDN, Internet Explorer places it in the Internet zone. By default, Internet Explorer clients do not pass Kerberos tickets to websites in the Internet zone. You must add the AD FS website to the Intranet zone in Internet Explorer on each client computer accessing Microsoft Dynamics CRM data internally.

Add the AD FS server to the Local intranet zone

  1. In Internet Explorer, click Tools, and then click Internet Options.

  2. Click the Security tab, click the Local intranet zone, and then click Sites.

  3. Click Advanced.

  4. In Add this website to the zone, type the URL for your AD FS server, for example, https://sts1.contoso.com.

  5. Click Add, click Close, and then click OK.

  6. Select the Advanced tab. Scroll down and verify that under Security Enable Integrated Windows Authentication is checked.

  7. Click OK to close the Internet Options dialog box.

You will need to update the Local intranet zone on each client computer accessing Microsoft Dynamics CRM data internally. To use Group Policy to push this setting to all domain-joined internal client computers do the following.

See Also

Implement claims-based authentication: internal access

© 2016 Microsoft Corporation. All rights reserved. Copyright