Home > CRM, CRM 2011 > Claims-Based Identity and CRM 2011

Claims-Based Identity and CRM 2011

Microsoft is leading the effort to standardize Claims-based identity across the internet to create a common way for applications to acquire the identity information they need from users inside an organization, in other organizations, and on the Internet.  This new standard will make single sign-on much easier to achieve, and applications (like CRM 2011) will no longer responsible for:

  • Authenticating users
  • Sorting user accounts and passwords
  • Calling enterprise directories to look up user details
  • Integrating with identity systems from other platforms or companies

Think of the convenience within CRM 2011 for integrating users across multiple organizations and installs of CRM that connect to many internal / external applications or web services, while the application always knows that users specific rights in each instance through a single login.

This is achieved by utilizing Tokens that contain many Claims (ex. name, contact info, groups, permissions, etc.) and a Digital Signature to verify the user.  These tokens will be issued by a Security Token Service (STS) owned by an Identity provider or issuer (the users company or and external company in a hosted environment).

Then the application (CRM 2011) will specify exactly what it needs from a token and which identity providers it trusts. While the user can be setup to use many different identities and choose which one they want to access the application with.

As I stated earlier Microsoft is leading this effort by combining a suite of applications to allow an organization to implement claims-based identity.  The applications are as follows:

  • Active Directory Federation Services 2.0 (AD FS 2.0) for STS
  • Windows Identity Foundation (WIF) for Applications
  • Cardspace 2.0 for User Identity Management (in web facing environments)

However any of these components can be swapped out with an alternative implementation (like IBM Tivoli or Novell Access Manager).

The graph below shows how CRM 2011 will use Claims-based identity in a Microsoft environment.

Update Feb 2011:

I found a nice video on the actual installation and configuration of IFD and Claims on Youtube:

Categories: CRM, CRM 2011 Tags: , , ,
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s