DNS Configuration

The implementation of claims based authentication for both internal and external access to a CRM server requires the following URLs:

  • Security Token Service(STS) URL, e.g. sts.yourdomain.com
  • External URL,e.g. external.yourdomain.com
  • Internal URL, e.g. internal.yourdomain.com
  • Internet Facing Deployment(IFD) URL, e.g. auth.yourdomain.com
  • Discovery Service URL, e.g. dev.yourdomain.com

The Security Token Service URL is the URL of your ADFS server, and the other URLs should all resolve to your CRM server.


Claims based authentication is enabled, HTTPS must be used for both internal and external access. As stated above, your CRM server has to bind to various URL. Therefore, you will need a wild card certificate, e.g. *.yourdomain.com

You will also need an encryption certificate to be used by ADFS to encrypt claims.

Demo System

In this guide, we use a demo system with the following settings:

  • Domain Name: qadomain.com
  • Security Token Service(STS) URL: sts.qadomain.com
  • External URL: deepnetcrm.qadomain.com
  • Internal URL: crm.qadomain.com
  • Internet Facing Deployment(IFD) URL: auth.qadomain.com
  • Discovery Service URL: dev.qadomain.com