With the implementation of Dynamic CRM Online administration services in Microsoft Office 365, it is important to understand that CRM Online organizations can now be accessed via an external company domain name (e.g. firstname.lastname@example.org/stg) for all CRM Online users in that organization.
In order to have this functionality, however, your domain needs to be verified in the Office 365 administration portal. This ensures that only the actual owner of a particular domain can add it to an Office 365 setup and use it to login to a CRM Online organization. To verify a domain, Office 365 utilizes DNS record verification.
To verify an external domain in Office 365:
Begin by logging in to your Office 365 administration portal via https://portal.microsoftonline.com.
Please note: you must be an administrator in your Office 365 setup to access the Admin section of the Office 365 portal.
Click on Domains on the left side of the administration portal. This will bring you to the Domains page of the Office 365 administration portal, in which you can add, view, and modify any domains you may have in your Office 365 setup. Initially, if you have not added any domains yet, you will likely only see one domain there, which will look something like yourcompanyname.onmicrosoft.com. To add your company’s actual domain, click on the Add a domain link.
This will bring you to the Specify domain page. On this page, you would put in your company’s domain name. For example, if your email address is email@example.com/stg, you would put powerobjectsweb.com/stg into that field. Then, click Next.
Next, you will be taken to the Verify domain page. This page exists to provide you with a DNS TXT or MX entry to put into your domain’s DNS host. Step-by-step instructions are provided for most major domain hosts, including general instructions for and an email template that can be sent to whoever administers your domain/DNS settings.
Select what company you use as your domain host, or select general if your domain host is not part of the list. Follow the instructions provided by Microsoft, or select General instruction in the drop-down list and use the template email provided to inform whoever administers your domain that this DNS record needs to be added.
Please note: The adding of either the TXT or the MX record to your DNS will not impact your DNS or domain function at all, it is only to check that you have permissions to modify your DNS, and thus likely own it.
After you/your administrator have added the record to your domain’s DNS configuration, you may need to wait up to 72 hours before you can continue the verification process, since your DNS takes time to show an update externally. Typically, it will take a lot less time, and can sometimes be ready for verification in a matter of 15-30 minutes, depending on who hosts your DNS records.
You can click on the Done, verify now button at the bottom of the Verify domain page if you would like, however, it is likely that due to the amount of time you need to wait for the DNS records to propagate, you will be automatically logged out of your Office 365 administration portal. So, to complete the verification process a bit later, re-login to your Office 365 administration portal, click on Domains on the left, and click on Click to verify next to your domain. Then proceed to click the Done, verify now button once more.
Once you have your domain verified, you can go into existing CRM user accounts in the Office 365 administration portal (click Users on the left to get there) and change the end domain string from yourcompany.onmicrosoft.com to yourcompany.com via a drop-down list next to the User name: field. Now you can also create new accounts with your company’s domain name, instead of the onmicrosoft.com domain.
If you have multiple domains for your company, you can add those as well, through the same DNS verification process.
Passwords for these Office 365-based CRM Online users are assigned within Office 365 itself.
However, a big benefit of Office 365 is the capability to use your local Active Directory password to login to Dynamics CRM, you can setup what is called ADFS (Active Directory Federation Services). This will, in essence, tie your users’ local Active Directory accounts (which they use to sign-in to their Windows machines, Exchange/Office 365 email, and other Active Directory federated logins) to your CRM organization, allowing for “single sign-on” capabilities. In addition, a synchronization can be setup so any new account created in your local active directory is automatically available for setup in Office 365. ADFS for CRM can be a tricky to implement properly. However, we have done hundreds of such setups.
We all love diagrams. Diagrams rock. Here’s a diagram of the two items:
If you are interested in getting ADFS setup on your CRM organization OR Directory Sync, please contact us and we can have it setup for you in just a couple of days.
We have literally helped over 100 clients with this type of setup.