Friday, December 15, 2017

Use the same ADFS Server for multiple On Premises Environment - Dynamics 365 for Finance & Operations On Premises Installation

Hi All

According to the Microsoft documentation you should have an ADFS Server for each On Premise Environment.

As per my understanding, the reason is related to the workflowClientId that is an hard coded value in  the \Publish-ADFSApplicationGroup.ps1 Powershell script.
Check my post as well.

Due to this reason, in order to use the same ADFS Server you have to add a new Host in the Application definition of the ADFS:

  1. AD FS Manager, Application Groups, open "Microsoft Dynamics 365 for Operations On-premises" 
  2. Open Native application "Microsoft Dynamics 365 for Operations On-premises - Native application" 
  3. Add Redirect URI of new environment (DNS) and select Add button to include, press OK
  4. Open Native application "Microsoft Dynamics 365 for Operations On-premises - Financial Reporting - Native application" 
  5. Add Redirect URI of new environment (DNS) and select Add button to include, press OK
  6. Open Financial Reporting Web API "Microsoft Dynamics 365 for Operations On-premises - Financial Reporting Web API" 
  7. In the "Relying party identifiers" section, add the new Environment Name URL with "FinancialReporting" in the prefix
  8. Open Web API "Microsoft Dynamics 365 for Operations On-premises - Web API" 
  9. In the "Relying party identifiers" section, add the new Environment URL with and without "namespaces/AXSF. This is very important in order to avoid any issues with Microsoft Office addins.
    Something like:
    1. https://XXXX/namespaces/AXSF
    2. https://XXXX














































Till Soon!

11 comments:

F.C.F said...

Is your ADFS server configured for D365FFO external access with additional WAP server in DMZ?

I'm currently in the middle of configuring ADFS WAP for D365FFO and have have a external client redirection issue. The WAP website is published with ADFS authentication for Web and MSOFBA and connecting to "MS D365 for Operations On-Premises - Web Application" ADFS Relaying Party Name.

The redirection issues is that the D365 for Operations Web application is redirecting the external client the internal ADFS server but as the ADFS server is located in internal network, it's DNS name is not solved.

What would be your suggestion?

nbrowne1 said...

We're using a WAP to connect to our Test D365FO On-Prem environment from the Web.

Our configuration is as basic as possible:
1 - Wizard setup of the WAP connection to ADFS with appropriate SSL Cert
2 - Open Remote Access MMC
3 - Setup a "passthrough" entry to the D365FO On-Prem URL with appropriate SSL Cert - a wildcard in our case (eg https://ax.contoso.com/namespaces/AXSF/)

Manuel Schöpf said...

Hi Denis,
do you think it would also be possible modifying the ApplicationName String in the Publish-ADFSApplicationGroup script to Prod and Test instead of adding the DNS-entry?
Regards
Manuel

Charles COLOMBEL said...

Silvio Fabrizio, do you find a solution for the internal ADFS redirection ?

nbrowne1 : how user has been authentifiate ? if i setup with passthrough, D365 can be reach but redirect me automatically on my ADFS server for authentification, how you manage this ?

Thanks

nbrowne1 said...

Charles COLOMBEL - it is meant to redirect you to ADFS. The pass through is so you can securely get to D365 on-prem then logon as normally. You should be logging into D365 on-prem through ADFS normally from within your network as well.

Frederik Lerno said...

Hi,

I would like to know if Manuel Schöpf's suggestion (changing the application name in the PS script) is a working solution?

Thanks

Denis Macchinetti said...

Hi Frederik,

as per my experience, changing the Application Name F&O works but not Financial Reporting.
I didn't found yet the cause.

GeeKey said...

Or you can create a new Application Group for each environment and know no trouble

Najeeb Ullah said...

Hi Experts,

I have install in my on Premise environment "Dynamics 365 finance and operations 2019 (10.0.6) on premise " and need to integrate it with ADFS 3.0 for SSO .Whats steps are involved.Need help form experts.

Thanks

Bhanu Sree said...


It is amazing to visit your site. Thanks for sharing this information, this is useful to me...
Microsoft Dynamics AX Technical Training in Hyderabad
MS Dynamics Technical Online Training
MS Dynamics AX Technical Training in Hyderabad
MS Dynamics AX Online Training
D365 AX Online Training

Chaitanya said...

Inside the top five of the favorite articles, thankyou!Splunk Training from Hyderabadg
Sap Security Training from Hyderabadg
Microsoft Dynamics CRM 365 Training from Hyderabadg