Prepare Microsoft Dynamics CRM for Riva Cloud Corporate

Riva Cloud Corporate requires a CRM connection to Microsoft Dynamics CRM using a designated account that can impersonate target user CRM user accounts. Riva Cloud supports customers with public internet access who use:

• Office 365 Exchange Online.

• Exchange Web Services (EWS) 2016, 2013, 2010, or 2007 on-premises or hosted. (Riva Cloud is not available for customers with on-premises or hosted Exchange 2003 user accounts.)

• Internet accessible login into their Microsoft Dynamics CRM accounts.

These instructions are specific to preparing for Riva Cloud Corporate CRM connections to Microsoft Dynamics CRM.

The following preparations must be completed:

1. Supported CRM Systems.
2. Prepare a Riva connection account in Microsoft Dynamics CRM.
3. Prepare the target user accounts in Microsoft Dynamics CRM.
4. Firewall requirements.
5. Information to know for the Microsoft Dynamics CRM connection wizard.

Supported CRM Systems

Riva supports connections to the following Microsoft Dynamics CRM systems:

• Dynamics CRM Online: using Office 365 (on microsoft.com) using XRM based connections.
• Dynamics CRM 2016, 2015, 2013, and 2011 (On-Premises or hosted): Internet Facing Deployment using Claims-based authentication using XRM-based connections.
• Dynamics CRM 4 and 2011 On-Premises: using Windows-Integrated-based authentication.
• Dynamics CRM 4 (On-Premises or Hosted): Internet Facing Deployment using Forms-based authentication.

NOTE: To sync with Riva Cloud, Microsoft Dynamics On-Premises has to be set up as an IFD (Internet Facing Device).

Prepare a Riva Cloud connection account in Microsoft Dynamics CRM

The requirements for the Riva Cloud connection account for Microsoft Dynamics CRM vary depending on the target CRM system:

• Microsoft Dynamics CRM 2015 (Online): Riva Cloud uses an XRM-based connection specifically available for Office 365 customers that connect to the CRM using the credentials of a CRM user account. For this account:

  • If CRM authentication is using ADFS, create a CRM account (for example, rivasvc), and add it to the 'Delegate' role, which will grant the prvActOnBehalfOfAnotherUser privilege that is necessary to impersonate another CRM user. See Impersonate another user (Microsoft Technet).

  • If CRM authentication is using Office 365 user accounts, create a CRM service account with administrator permissions, or use an existing administrator account.

  • Ensure that the account password is configured to never expire or change. Enforced password changes on this account will break this connection.

  • Riva connects using an XRM-based connection specifically for Office 365 customers.

• Microsoft Dynamics CRM 2016, 2015, 2013, 2011 (Claims): based on Windows-Claims-based authentication. When Dynamics CRM 2011 is configured for Internet Facing Deployment, all connections (internal and external) use Claims-based authentication. (Windows Integrated authentication is no longer used.)

  • Create a CRM account (for example rivasvc), and add it to the 'Delegate' role, which will grant the prvActOnBehalfOfAnotherUser privilege that is necessary to impersonate another CRM user. See Impersonate another user (Microsoft Technet).

  • Ensure that the account password is configured to never expire or change. Enforced password changes on this account will break this connection.

  • Ensure that the IIS Authentication feature for the Dynamics CRM website(s) is configured as follows:
    
    

• Microsoft Dynamics CRM 4 / 2011 (On-Premises): based on using Windows Integrated authentication, the Riva connection account connects to the CRM using the credentials of a designated AD user account. For this account:

  • Create a normal AD account (for example, rivasvc) in the same AD domain as Dynamics CRM is installed.

    Note: If a password change policy forces credentials to expire, ensure that the credentials are updated in Riva at the same time.

  • Add this user to the PrivUserGroup of the "Organization" for each Dynamics CRM instance installed in that AD domain. The connection account does not need to be assigned to a CRM Role. The permissions provided from the PrivUserGroup membership provide the necessary access to facilitate account delegation between the connection account and the target CRM accounts.

  • Because Riva connects using Windows Integrated authentication against the AD account, the UPN or NTLM credentials for that account must be used in the Riva connection.

• Microsoft Dynamics CRM 4 (IFD On-Premises or hosted): based on using Windows Forms authentication, the Riva connection account connects to the CRM using the credentials of a designated (AD or CRM) user account. For this account:

  • Create a CRM account (for example, rivasvc), and add it to the 'Administrator' role, which will grant the privilege that is necessary to impersonate another CRM user.

  • Ensure that the account password is configured to never expire or change.

Prepare the target user accounts in Microsoft Dynamics CRM

The following must be verified for each target CRM user account:

• Email Address Matching: The primary email address for each target CRM user account must match the primary SMTP Reply-to email address of the corresponding email account (Exchange or GroupWise). For example: If the Microsoft Dynamics CRM email address for Ian Sample is iansample@mycompany.com, then the Exchange SMTP Reply-to email address value for the corresponding email account must also be iansample@mycompany.com.
• Security Role Permissions: The Riva connection account will use the permissions assigned to the target user's security role. Security Role permissions must be set to permit the user to create, modify, and delete items. See Microsoft Dynamics CRM: Security Role Permissions.
• User email access settings for inbound email are set to none. (See Microsoft Dynamics CRM: Access is Denied error when creating email item.)

Firewall Requirements

• Microsoft Dynamics CRM (On-Premises): The Riva connection to Microsoft Dynamics CRM uses SOAP through http and https to the base URL for the CRM portal as provided by the Dynamics CRM server. Corporate firewalls must support:

  • Dynamics CRM 2011+: Windows Claims based authentication and SOAP on ports 80/443 plus whichever SSL ports are defined for the Claims-based authentication provider. The default port is 444. Refer to the CRM Deployment Manager.

  • Dynamics CRM 4: Windows Integration authentication and SOAP on designated port. The default port is 5555.

Information to know for the Microsoft Dynamics CRM connection Wizard

Ensure that the following information is known for creating a Riva connection to Microsoft Dynamics CRM:

• Microsoft Office 365 - Dynamics CRM Online connections:
  • Office365 User name, for example imsample@mycompany.com
  • Password

• Microsoft Dynamics CRM Online connections:

  • Windows Live Passport Login User name, for example imsample@mycompany.com
  • Password
  • Address: for example, https://customerinstance.crm.dynamics.com

• Microsoft Dynamics 2011 or higher, Claims (IFD) connections:

  • CRM Login User name, for example imsample@mycompany.com
  • Password
  • Address: one of
    • On-Premises IFD URL, for example https://mscrm.mycompany.com:444
    • Hosted Dynamics CRM URL, for example https://customerinstance.crm.hostingprovider.com

• Microsoft Dynamics CRM 4 / 2011 On-Premises connections:

  • User name: For the Riva connection account in one of two formats:
    • AD UPN (username@AD-Domain-Name), for example imsample@mycompany.com - OR
    • NLTM (Domain-Name\Username), for example MYCOMPANY\imsample
  • Password
  • Address: one of
    • On-Premises Dynamics CRM URL, for example https://mscrm.mycompany.com:5555
    • Hosted Dynamics CRM URL, for example https://customerinstance.crm.hostingprovider.com

• Microsoft Dynamics 4 IFD (Internet Facing Deployment) connections:

  • CRM Login User name, for example imsample@mycompany.com
  • Password
  • Address: one of
    • On-Premises IFD URL, for example https://mscrm.mycompany.com:444
    • Hosted Dynamics CRM URL, for example https://customerinstance.crm.hostingprovider.com