Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Bloc Access to CRM External Deployment

Posted on 2013-05-30
3
Medium Priority
?
351 Views
Last Modified: 2013-06-04
We just migrated our current CRm 2011 deployment to IFD.  Everything is working fine but our programmers didn't think of something.  Is there anyway to block just our hourly sales people from accessing the external URL remotely.  We obviously have remote users in other countries that access the system but in the US we have all our sales people we do not want in the system from outside of our building.  Is there a way to do this?
0
Comment
Question by:APWIP-Admin
3 Comments
 
LVL 30

Assisted Solution

by:Feridun Kadir
Feridun Kadir earned 1000 total points
ID: 39212049
I don't think there is a simple way to do this.

When a user access CRM using the external URL, they are presented with a page from ADFS asking them to login. Of course, the user has a valid windows acccount and password so they can log in. I think you would be better off looking to see if something could be done in ADFS to selectively grant/deny access to groups of users. I would envisage creating a security group in AD for users allowed to access CRM remotely or a group for users denied remote access.

Then, somehow (but I'm afraid I don't know how) configuring ADFS to allow or deny access using the new group(s).
0
 
LVL 37

Accepted Solution

by:
ArneLovius earned 1000 total points
ID: 39213129
to look at it a different way to feridun

if you forget about it being CRM for a moment and just think of it as a web server that is externally accessible

If I understand you correctly, you want to block some people from being able to access the web server, but the only way of discriminating between valid users and invalid users is wht group they are in within the company.

This is not possible to do directly as the web server doesn't know who they are before they have logged in.

You have two options

1/ Have an authenticating reverse proxy/SSL VPN "in front" of the web server to which user authenticate before accessing the web server and restrict access to the server using this method.

2/ Use Access Control within the web application to restrict access to only allowed users.

If you do not want users be be able to even attempt to login to the application, then 1/ would be your best option, however this would require either another application/server/appliance, so I would tend to go with option 2 as suggested by feridun
0
 

Author Closing Comment

by:APWIP-Admin
ID: 39219452
That is pretty much what I figured.  Thanks for your assistance though.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question