Use Case –
We need to integrate CRM Online with a separate non CRM system containing external data seamlessly. Now we need to implement Single Sign On between the CRM Online instance and the non CRM system such that only CRM users are able to authenticate between the two system.
The below example shows the various steps we need to implement Single Sign On between external web application and CRM using azure. Please refer to the screenshots attached for each subject.
1. Set up an active directory in azure.
2. Add users for whom we want to allow SSO. Note that the users added in the directory are standard Office 365 users who could also have access to any CRM instance
3. Create a standard MVC 4 Web Application, for the project set the SSL enabled to true.
4. Copy the URL and paste it in the Project URL properties as indicated below.
5. Go back to azure and create your application. Enable Single SSO for the application and paste the SSL url in APP ID URI. Copy the federated document URL.
6. Set the identity and access for the MVC project as shown below.
7. Now make the following change to the web config of the mvc application
<add value=”http://mvcssoapplication.cloudapp.net/” />
<cookieHandler requireSsl=”false” />
<wsFederation passiveRedirectEnabled=”true” issuer=”https://login.windows.net/0582378d-79f3-4781-ae6f-73110b04ae02/wsfed” realm=”http://mvcssoapplication.cloudapp.net/” requireHttps=”false” />
8. Now deploy the mvc application on azure.
9. Once that is done, only the user configured for Single Sign On will be able to access the mvc application page. Other users will get an authentication error.