Dynamics (On-Premises) can be configured to use claims-based authentication to authenticate both internal users and to enable access for external users not using VPN.

Claims-based authentication relies on a trust established between a Relying Party—which can be an application like Dynamics On-Premises—and a Trusted Claims Provider or Trusted Issuer like Okta. A user authenticates to an Identity Provider (Okta). The Identity Provider issues a claim containing information about the user. These claims are called “assertions.” The Relying Party (Dynamics On-Premises) will allow or deny access based on the information contained within the claim.