Configuring InsideView Sales SSO and SAML Settings for Dynamics CRM On-Premises Edition with AD FS

  • Updated

This article guides you in configuring Single Sign-On (SSO) for InsideView Sales on Microsoft Dynamics On-Premise edition with Active Directory Federation Services (AD FS) as identity provider (IDP).

Follow the instructions in these sections to complete your configuration: 

Note: Ensure that your AD FS (in case of AD FS version 3.0 and 4.0) and CRM are on different domains for this configuration to work. For more information, read this Dynamics community post: Avoid using the same domain for ADFS and CRM

Configuring a Relaying Party Trust in AD FS Server

Step Description Details
 1 Log in to AD FS Log in to the machine where the ADFS server installed and is integrated with your Microsoft Dynamics On-Premise CRM.
 2 Go to ADF S Admin tab Go to Administrative tools AD FS Management.
 3  Go to Relying Party Trusts Under ADFS, Go to Trust Relationships Relying Party Trusts.
 4 Start adding a Trust Click Add Relying Party Trust under "Actions" and click Start.

5 Select the 3rd Option Select the Enter data about the relying party manually option, then click Next.

6 Add a display name Enter display name as Insideview, click Next.

7 Choose first option Choose the AD FS profile option, then click Next.

8 Next Click Next.

9 Next Click Next.

10 Add an identifier Enter in the Relying party trust identifier field, then click Add.


11 Next Click Next.


12 Select an option Select the I do not want to configure multi-factor authentication settings for this relying party trust at this time option, then click Next.

13 Select the permission option Select the Permit all users to access this relying party option, then click Next.

14 Next Click Next.

15 Close Click Close.

16 Edit Claim Rules The Editing Claim Rules pop up opens. If it does not open you can manually click the link Edit Claim rules under Actions section for the Insideview identifier, then click Add Rule.

17 Select a claim rule Select the Claim rule template as Send LDAP Attributes as Claims, then click Next.

18 Enter claim rule details Enter claim rule name as Insideview and select Attribute store as Active Directory.

Select the following attributes as illustrated below in the LDAP Attribute (first column) and Outgoing Claim Type (second column) fields:

  • User-Principal-Name and UPN
  • Given-Name and Given Name 
  • Surname for both field values

Note: The LDAP attribute that you can select can either be user-principal-name (UPN) or E-Mail addresses. The UPN or E-mail address attribute will be used as a username when you login via AD FS to InsideView.


Click Finish.

19 Apply Click Apply and click OK.


20 Select the InsideView identifier Select the relying party identifier "Insideview", which you just created, and then double click or select Properties under Actions menu. Click on the Endpoints tab, then click Add WS-Federation.


21 Add endpoint details Enter /login.iv" as the Trusted URL, then click OK.

Where sts_name is the name of the STS configured for your InsideView account. The STS name will be in this format 17_{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}. 


22 Refresh Now click on Refresh under Actions menu.step22_small.png
23 Export Token Signing Certificate Go to AD FS Service Certificates  and select the Token-signing certificate as illustrated below:


Right-click to select the View Certificate option.


In the Certificate dialog, select the Details tab and click Copy to File.step23_2.png

In the Certificate Export Wizard window, click Next.step23_3.png

In the Export File Format window, select the Base-64 encoded X.509 (.CER) option and click Next.step23_4.png

In the File to Export window, click Browse to select the folder where you want to export the certificate file.step23_5.png

For example, select the Desktop location and click Next.step23_6.png

Once the certificate file is successfully exported, click Finish.step23_7.png

Go to the location where you saved the certificate file and double-click to open it in Notepad and the certificate file content will appear as illustrated below:step23_8.png

You will require this certificate details when you configure SSO settings in InsideView. Refer to the section below for more information.

Configuring SSO Settings in Insideview 

Step Description Details
 1 Log in to InsideView Log into Insideview with a User who:
  • belongs to the Account, which is mapped to your Dynamics On-Premise edition. 
  • and is an Account Admin
Note: In case, this is the first time you are accessing Insideview and you do not have an Account created, you can click on "Need Password" button in the Mashup to register and create a user account.
 2 Go to the SSO tab Once you login, go to Admin. Click on "SingleSignOn Settings" tab.
 3  Add SAML details Click the Add SAML link and enter the following details:
    • STS Name: Will be pre-populated based on the selection made above.
    • SAMLp/WS-Fed Unsolicated Endpoint: As this  /adfs/ls/?wa=wsignin1.0&wtrealm=, where is your AD FS server URL. 
    • STS Certificate: Enter a valid STS certificate code that you received from AD FS. Refer to the Step 23 of the previous section for copying the certificate details from your AD FS server.
    • CRM Email Mapping : Enter "upn" as field value.
    • CRM Org ID Mapping: Leave it as blank
    • CRM First Name Mapping:  Enter "Given Name" as field value. 
    • CRM Last Name Mapping: Enter "Surname" as field value. 


4 Save Click Save.

Note: If come across any technical issues, submit a request to our technical support . InsideView’s support team will contact you to address your technical problem and help you make necessary changes.

Was this article helpful?

0 out of 0 found this helpful