Even though we are focused on UAG these days, we and our partners still promote IAG and add more content for our community. Here is a blog cross-post from the CRM team blog on enabling ADFS for CRM using IAG. Most of the content of this paper is also true for UAG and for other applications like SharePoint.
By default, an on-premise implementation of Microsoft Dynamics CRM 4.0 leverages Active Directory (Integrated Windows) Authentication to accommodate access by internal users. However, many businesses also require the ability to provide external users with access to the highly sensitive information that is stored in the CRM system and to accommodate this access without having to create Active Directory trusts.
Because providing external access to internal CRM resources can also introduce potential security risks from both external and internal sources, in these scenarios, the CRM implementation must be protected by a gateway, such as Intelligent Application Gateway (IAG) 2007, which is sensitive to application logic and data and can ensure that internal and external users perform their routine tasks in a secure manner.
By using a combination of IAG and Active Directory Federation Services (ADFS) to establish an authentication gateway, companies can provide access to CRM resources by any identity, from any organization and from any computer, complete with strong authentication and full Single Sign On from the end user to the internal CRM system with a full audit trail (including username and source IP).
The white paper Implementing an ADFS Solution for Microsoft Dynamics CRM by Using Intelligent Application Gateway (IAG), recently released by the MS CRM Engineering for Enterprise (E2) team, provides high-level guidance on using IAG to implement an ADFS solution for Microsoft Dynamics CRM 4.0. Developed in collaboration with the IAG team in Israel and the CRM Product team in Redmond, the document is available on Microsoft Downloads at:
CRM Engineering For Enterprise