1. On the Connection Type screen, select the Browser SSO Profiles check box and select WS-Federation as the Protocol. If you are configuring the connection for active federation (for native client cases such as the Dynamics CRM plug-in for Outlook), select the WS-Trust STS check box. You must select SAML 1.1 as the Default Token Type.
  2. On the General Info screen, enter the CRM Web site in the Partner’s Realm field.
    For example, https://ping.crm.com/default.aspx
  3. Enter a value in the Connection Name field.
  4. On the Browser SSO screen, click Configure Browser SSO.
  5. On the Assertion Lifetime screen, update the lifetime of the assertion as needed. Note that Dynamics CRM uses the SAML token to determine the session lifetime; you may increase the Minutes After value to extend the CRM session lifetime beyond 5 minutes (the default value).
  6. On the Assertion Creation screen, click Configure Assertion Creation.
  7. On the Identity Mapping screen, select User Principal Name.
  8. On the Attribute Contract screen, extend the contract by adding upn and selecting http://schemas.xmlsoap.org/ws/2005/05/identity/claims as the attribute name format.