Solved

Bloc Access to CRM External Deployment

Posted on 2013-05-30
3
315 Views
Last Modified: 2013-06-04
We just migrated our current CRm 2011 deployment to IFD.  Everything is working fine but our programmers didn't think of something.  Is there anyway to block just our hourly sales people from accessing the external URL remotely.  We obviously have remote users in other countries that access the system but in the US we have all our sales people we do not want in the system from outside of our building.  Is there a way to do this?
0
Comment
Question by:APWIP-Admin
3 Comments
 
LVL 29

Assisted Solution

by:feridun
feridun earned 250 total points
ID: 39212049
I don't think there is a simple way to do this.

When a user access CRM using the external URL, they are presented with a page from ADFS asking them to login. Of course, the user has a valid windows acccount and password so they can log in. I think you would be better off looking to see if something could be done in ADFS to selectively grant/deny access to groups of users. I would envisage creating a security group in AD for users allowed to access CRM remotely or a group for users denied remote access.

Then, somehow (but I'm afraid I don't know how) configuring ADFS to allow or deny access using the new group(s).
0
 
LVL 36

Accepted Solution

by:
ArneLovius earned 250 total points
ID: 39213129
to look at it a different way to feridun

if you forget about it being CRM for a moment and just think of it as a web server that is externally accessible

If I understand you correctly, you want to block some people from being able to access the web server, but the only way of discriminating between valid users and invalid users is wht group they are in within the company.

This is not possible to do directly as the web server doesn't know who they are before they have logged in.

You have two options

1/ Have an authenticating reverse proxy/SSL VPN "in front" of the web server to which user authenticate before accessing the web server and restrict access to the server using this method.

2/ Use Access Control within the web application to restrict access to only allowed users.

If you do not want users be be able to even attempt to login to the application, then 1/ would be your best option, however this would require either another application/server/appliance, so I would tend to go with option 2 as suggested by feridun
0
 

Author Closing Comment

by:APWIP-Admin
ID: 39219452
That is pretty much what I figured.  Thanks for your assistance though.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

As network administrators; we know how hard it is to track user’s login/logout using security event log (BTW it is harder now in windows 2008 because user name is always “N/A” in the grid), and most of us either get 3rd party tools, or just make our…
Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now