Adding on-premise Dynamics 9 as a Relying-Party (RP) trust in ADFS 4.0 follows the same path as listed here but ADFS 4.0 has few changes to wizard options as detailed below:


In the next step of the wizard make sure the metadata end point is accessible through IE, in the example below the URL is, give a display name and choose Next



Access Control Policies defines the level of access that can be provided to RP


Click Next after reviewing the following settings


The Relying Party (RP) will be added successfully the next step will the configuring Claims Issuance Policy (aka adding Claims Rules in ADFS 3.0 and below…)


Right click on RP and select Edit Claim Issuance Policy and add the claims rule set as indicated here


Once the RP has been successfully accessing the CRM organisation will display the following error because of certain defaults in ADFS 4.0


In the event viewer on ADFS server the above error will translate to a MSIS7102 error code of ADFS indicating an unsupported Authentication Method


In order to identify the Authentication Method  extract the redirection URL from CRM to ADFS and you will notice that Windows Integrated Authentication (WIA) is used as per wauth parameter, and this is not enabled in ADFS by default for Intranet scenarios

Bring up the ADFS management console and edit Primary Authentication Methods to include Windows Authentication and restart ADFS