---
title: Dynamics CRM configuration
description: Use the following steps to configure Dynamics CRM to consume the federation metadata provided by the PingFederate SP connection.
component: dynamicscrm
page_id: dynamicscrm::pf_dynamicscrm_integration_dynamics_crm_configuration
canonical_url: https://docs.pingidentity.com/integrations/dynamicscrm/pf_dynamicscrm_integration_dynamics_crm_configuration.html
revdate: July 3, 2024
section_ids:
  about-this-task: About this task
  steps: Steps
---

# Dynamics CRM configuration

## About this task

Use the following steps to configure Dynamics CRM to consume the federation metadata provided by the PingFederate SP connection.

## Steps

1. Access the Dynamics CRM server.

2. If Dynamics CRM is configured for token signature validation, run mmc.exe and attach the Certificates (Local Computer) Snap-in.

   Import the signature verification certificate used in PingFederate or the certificate's CA certificate into the appropriate certificate store. See [Enabling ADFS 2.0 Token Signing](https://technet.microsoft.com/en-us/library/gg188574\(v=crm.6\).aspx) for more information on token signature validation.

3. If WS-Trust STS was configured for the CRM connection in PingFederate, import the encryption certificate used in PingFederate (see [Select WS-Trust encryption algorithm](pingfederate_configuration/pf_dynamicscrm_integration_select_ws_trust_encryption_algorithm.html)) along with the certificate's private key into the Dynamics CRM server's personal certificate store. The Dynamics CRM server searches this store when configuring claims-based authentication.

4. On the Dynamics CRM server, run the Microsoft Dynamics CRM Deployment Manager.

5. Select Configure Claims-based Authentication and click **Next**.

6. Enter the following URL for the Federation metadata URL and click **Next**:

   ```
   https://<pf_host>:<pf_port>/pf/federation_metadata.ping?PartnerSpId=<SPConnectionID>&forceIssuedTokenPolicy
   ```

   where:

   * \<pf\_host> is the host name or IP address where PingFederate is running.

   * \<pf\_port> is the port number for PingFederate.

   * \<SPConnectionID> is the ID for the PingFederate SP Connection you configured above – for example:

     ```
     https://ping.crm.com/default.aspx
     ```

     |   |                                                                                                                                                                                                                                       |
     | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
     |   | If an error appears stating that the Federation URL is unavailable, add PingFederate's server certificate (signed by the domain controller) to the Dynamics CRM server to establish trust with PingFederate's SSL server certificate. |

7. When prompted for the encryption certificate, use the same certificate shared with PingFederate (see [Select WS-Trust encryption algorithm](pingfederate_configuration/pf_dynamicscrm_integration_select_ws_trust_encryption_algorithm.html)).

8. Save the configuration and run iisreset from the command line so the Dynamics CRM server recognizes the changes.