I had a issue today where a machine was getting a 404 error while logging into CRM over IFD. Using the internal crm login url worked just fine. Since this was only affecting this one machine, I didn’t suspect any issue with the IFD setup. Not that I didn’t check the CRM server to verify if the login was actually successful or not (it was) and to make sure the ADFS Relaying party was updated.
What this issue finally came down to was that the organization url (hxxps://org.crmhost.com) was added as a trusted site. It seems that caused some issues with the ADFS/IFD login page. Removing that from trusted sites made it work as expected.
The important piece here is that multiple urls are used during the login process and other aspects. dev, auth, and sts are other default subdomains used during the IFD setup process. Adding these to trusted sites will allow this to work properly. In addition and easier to setup, using a wildcard (hxxps://*.crmhost.com), is much easier to add to trusted sites.
Finally, if you have a trust setup between the crm host domain and your domain and you can use the internal crm url (hxxp://internalcrm.crmhost.com). Using that you would add the internal crm url (hxxp://internalcrm.crmhost.com) to the internal sites. This allows your domain credentials to be passed directly to the server without the need for a login prompt. Just remember to setup your security policies to prevent logins to machines and other security risks.