718 Washington Ave. N. Suite #101
Minneapolis, MN 55401
View map and all Locations

Send us a message

Active Directory Federation Services (ADFS) is a great option to enable single sign on with Microsoft Dynamics CRM Online and other applications. If you are using ADFS with a portal or other application (pretty soon CRM too), you want to make sure the login mechanism works with all browsers and NOT just IE.


A small glitch is that browsers such as Chrome and Firefox do not support ‘enhanced protection’ when using windows authentication. So what does this mean?

It means that if you log in with ADFS from a non-IE browser, it will not work. You will see this authentication failure in the application log:

An account failed to log on.

    Security ID:        NULL SID
    Account Name:        –
    Account Domain:        –

The good news is that the fix is easy. Simply turn off Enhanced Protection for Windows Authentication in IIS in the adfsls folder.

Log in to your ADFS server. In IIS, expand adfs, then right click on the ls subfolder.

Double click on authentication, then in the advanced properties for windows authentication, turn off ‘enhanced protection’.

ADFS and single sign on

There you go! ADFS and single sign on for non-IE browsers.

Happy CRM’ing!

Avatar for JoeCRM


Joe CRM is a CRM superhero who runs on pure Microsoft Dynamics CRM adrenaline. As the face of PowerObjects, Joe CRM’s mission is to reveal innovative ways to use Dynamics CRM and bring the application to more businesses and organizations around the world.