Showing posts with label ADFS. Show all posts
Showing posts with label ADFS. Show all posts

Monday, April 25, 2011

CRM 2011: Changing the IFD URL

OK ... so you have an org setup in CRM 2011 On-Premise and now you want to enable Internet-Facing Deployment (IFD).  But when you named the org, you decided to use the name Crm2011UsProd.  That's not going to be a great URL sitting in front of your domain URL: crm2011usprod.mycompany.com.  Your marketing team is hoping for something simple like crm.mycompany.com.  Here's how you can change the IFD public URL it to be whatever you want.


Background
Your IFD URL is always going to be OrgUniqueName.domain.com.  The domain is setup when you first setup IFD and the Unique Org Name is setup when you first create the Org.  If you want to see your unique org name then you can goto Deployment Manager and look in the "Name" column.










When ADFS asks CRM for its endpoints (Relying Party Identifiers), CRM will include an endpoint for each Org.


Prerequisites
You can use any sub domain URL (*.mycompany.com) provided that:

  1. There is no other CRM org in the same instance with the same full URL (same unique name as the sub domain)
  2. It is under the same domain as the ticket service (STS).  So for example you can’t use auth.mycompany.com for the STS and crm.myothercompany.com for CRM.  At least not without some ADFS metadata tricks.
  3. The name can be cleanly mapped to a single network endpoint within your network.  Simply put, it can’t already be mapped to something.
  4. You have a covering SSL cert (either a cert for the exact URL or a wildcard certificate).

Changing the Org Unique Name
In order to change the org unique name, you need to re-import the org under a new name.  Here are the steps involved:







  1. Backup the organization database (OrgName_MSCRM)
  2. Disable the org in Deployment Manager
  3. Delete the org in Deployment Manager
  4. Optional but recommended:  Delete the org database (OrgName_MSCRM) and restore it with the new org name (NewOrgName_MSCRM).  You don’t have to do this but it would keep the org name and database name in line
  5. Import the org and give it the new name
  6. Go into the ADFS MMC console, right-click on the Relying Party Trust and choose “Update from Federation Metadata.  This causes ADFS to go ask CRM for the endpoints again and CRM will answer with all enabled orgs.