One of the benefits of the new CRM Online identity platform is the ability to federate user identities so that end users can use their Active Directory (AD) credentials to logon to CRM Online without having to use a separate set of username and password. This is also referred to as single sign-on (SSO) wherein a user signs in once and can access many applications including CRM Online, Office 365, local on-premises applications and more.
I often get asked how can one setup a demo/test environment to showcase this functionality with CRM Online so I spent a little bit of time putting together the list of steps required to have a CRM Online demo environment with federated identity. In the end, it is a "no drama" demo as all you are doing is just signing in but there are plenty of things happening behind the scenes to enable this magic!
The list of steps might seem long because I cover everything from setting up active directory from the ground up to adding users in AD. End-to-end, it'll take about 2 to 3 hours to setup. . I pretty much followed the video walkthrough by Planky to put together my demo environment however there are few steps missing in planky's videos that I've included here. Please note that these instructions are strictly for demo environments and not recommended for production environments. In typical production environments, much of this would be done in advance and you'd need backup/redundant servers for failover, etc. In short, you're better off following the official documentation for production environment setup
The post assumes that you have already created a new CRM Online trial and have a fair bit of knowledge on Windows Server and Active Directory setup. If you don't have that background, you can easily search the terms I mention on your favorite search engine and you can find plenty of articles to help.
CRM Online Identity Federation Demo Setup Steps
Note: Do the above setup only if you haven't added yourdomain.com as the forest domain in AD. For example if you added crmpmg.local during dcpromo, this UPN addition is necessary, otherwise not required.
Note: In Hyper-V, you might want to create an additional network switch (Internal or Private) to bridge the VMs together to able to domain join. This network setup is similar to the 2010 IW VM.
Note: Office 365 supports synchronization of up to 50,000 objects (users, groups, etc). To synchronize more than 50,000 objects, contact Office 365 Support.