Solved

Bloc Access to CRM External Deployment

Posted on 2013-05-30
3
331 Views
Last Modified: 2013-06-04
We just migrated our current CRm 2011 deployment to IFD.  Everything is working fine but our programmers didn't think of something.  Is there anyway to block just our hourly sales people from accessing the external URL remotely.  We obviously have remote users in other countries that access the system but in the US we have all our sales people we do not want in the system from outside of our building.  Is there a way to do this?
0
Comment
Question by:APWIP-Admin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 29

Assisted Solution

by:Feridun Kadir
Feridun Kadir earned 250 total points
ID: 39212049
I don't think there is a simple way to do this.

When a user access CRM using the external URL, they are presented with a page from ADFS asking them to login. Of course, the user has a valid windows acccount and password so they can log in. I think you would be better off looking to see if something could be done in ADFS to selectively grant/deny access to groups of users. I would envisage creating a security group in AD for users allowed to access CRM remotely or a group for users denied remote access.

Then, somehow (but I'm afraid I don't know how) configuring ADFS to allow or deny access using the new group(s).
0
 
LVL 37

Accepted Solution

by:
ArneLovius earned 250 total points
ID: 39213129
to look at it a different way to feridun

if you forget about it being CRM for a moment and just think of it as a web server that is externally accessible

If I understand you correctly, you want to block some people from being able to access the web server, but the only way of discriminating between valid users and invalid users is wht group they are in within the company.

This is not possible to do directly as the web server doesn't know who they are before they have logged in.

You have two options

1/ Have an authenticating reverse proxy/SSL VPN "in front" of the web server to which user authenticate before accessing the web server and restrict access to the server using this method.

2/ Use Access Control within the web application to restrict access to only allowed users.

If you do not want users be be able to even attempt to login to the application, then 1/ would be your best option, however this would require either another application/server/appliance, so I would tend to go with option 2 as suggested by feridun
0
 

Author Closing Comment

by:APWIP-Admin
ID: 39219452
That is pretty much what I figured.  Thanks for your assistance though.
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
Here's a look at newsworthy articles and community happenings during the last month.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question