Microsoft Dynamics CRM Online Integration with Office 365

 

Applies To: Dynamics CRM 2013

This documentation applies to customers who access Microsoft Dynamics CRM Online through the Microsoft Online Services environment. Through integration of Microsoft Dynamics CRM Online with Microsoft Office 365, Microsoft Dynamics CRM Online customers that are subscribed to Office 365 have single sign-on access, through identity federation, to any Office 365 supported application, such as Microsoft Exchange Online. Similarly, when provisioned, Office 365 customers have access to Microsoft Dynamics CRM Online. In addition, by federating Active Directory domain accounts in Microsoft cloud services, businesses can manage a single set of user identities in both their Active Directory domain and Microsoft Dynamics CRM Online.

This topic provides information about where users’ identities are created and managed, and how they relate to Microsoft Dynamics CRM Online.

Identity management with Microsoft Online Services

When accessing the Microsoft Dynamics CRM Online web services, your applications should know the identity provider associated with the logged on user’s Microsoft Dynamics CRM account. Configuration of the user’s authentication credentials for accessing the web services through SDK calls is slightly different for each provider. The details on how to configure user credentials for each identity provider and access the Microsoft Dynamics CRM Online web services is discussed in the topic Authenticate Office 365 users with Microsoft Dynamics CRM Online web services.

There are two identity providers supported by Microsoft Dynamics CRM Online and provisioned through Microsoft Online Services: User ID, and Active Directory (through cloud federation). The following discussion provides an overview of these identity services and how they relate to Microsoft Dynamics CRM Online.

User ID

User ID represents user identities provisioned by customers in Microsoft cloud services and is the identity provider for all customers who have subscribed to the Office 365 collaboration environment. User ID enables you to have access to all Microsoft online services such as Microsoft Exchange Online and Microsoft Dynamics CRM Online. Customers with a User ID have their account credentials and policies managed through Microsoft Online Services.

For the sake of this discussion, User ID users are referred to in this documentation as “managed” or “non-federated” users.

Active Directory

Federation allows customers to use Active Directory-based domain user accounts to access Microsoft Online Services such as Office 365 or Microsoft Dynamics CRM Online. After federation is configured by an administrator, Active Directory-based system user accounts can be locally managed, made available to Microsoft Online Services, and kept in sync with changes made to the on-premises Active Directory identities. The benefit of federation is a single sign-on experience across Microsoft Dynamics CRM 2013 (on-premises) and Microsoft Dynamics CRM Online systems. This type of identity management is useful for large corporations that have hundreds or thousands of established users.

For more information about how to configure identity federation, see Single sign-on: Roadmap.

Identity management with Microsoft account

Microsoft account continues to be a supported identity provider for Microsoft Dynamics CRM Online. However, Microsoft account is not supported for Microsoft Dynamics CRM Online organizations when provisioned through Microsoft Online Services. Microsoft Dynamics CRM Online customers that are not subscribed through Office 365 can access Microsoft Dynamics CRM Online through their Microsoft account.

Microsoft account subscription transition to Office 365

All Microsoft Dynamics CRM Online customers with Microsoft account subscriptions are being transitioned to a Microsoft Office 365/Microsoft Online Services subscription. In this release of the SDK, several authentication-related classes have been updated to ease this transition by supporting Microsoft account logon credentials when you authenticate with the Microsoft Online Services identity provider of Microsoft Dynamics CRM Online. Depending on the SDK classes used by your application to authenticate, you may or may not need to update your application code to support transitioned users.

For more information on required coding changes, see the topic Authenticate Office 365 users with Microsoft Dynamics CRM Online web services. The Microsoft Dynamics CRM Transition Center has additional customer-related information.

See Also

AuthenticationCredentials
Connect with Microsoft Office 365 and Microsoft Dynamics CRM Online
Authenticate Office 365 users with Microsoft Dynamics CRM Online web services
Active Directory and claims-based authentication
Active Directory Federation Services
Access Control Service 2.0