Note: If you are not using active federation (for native client cases such as the Dynamics CRM plug-in for Outlook), then you do not need to configure WS-Trust STS settings: skip ahead to Configure credentials. If the task bar is showing WS-Trust STS, return to the Connection Type screen and clear the WS-Trust check box. Then go to the Credentials screen.

  1. Click Configure WS-Trust STS.
  2. Enter the base URL of your Dynamics CRM Web site on the Protocols Settings screen.
    for example,
    https://ping.crm.com
  3. Select the Generate Key for SAML Holder of Key Subject Confirmation Method check box.
  4. When configuring token creation, extend the attribute contract on the Attribute Contract screen by adding upn and selecting http://schemas.xmlsoap.org/ws/2005/05/identity/claims as the attribute name format.