Creating accounts that authenticate via an external server
If you’re hosting FileMaker Pro database files with FileMaker Server and your organization uses centrally-managed authentication for users and groups such as Apple OpenDirectory or a Windows Domain, you can set up accounts that authenticate users based on your authentication server. This allows you to use your existing authentication server to control access to databases without having to manage an independent list of accounts in each FileMaker Pro database file.
Note  Although you can set up accounts for external authentication servers in FileMaker Pro, only database files hosted by FileMaker Server can authenticate users against an authentication server. Database files shared by FileMaker Pro won’t authenticate against an authentication server.
Important  When a database file contains one or more External Server accounts, make sure you use operating system security settings to limit direct access to the file. Otherwise, it might be possible for an unauthorized user to move the file to another system that replicates your authentication server environment and gain access to the file. For more information, see the FileMaker Server documentation.
To create an account that authenticates via an external server:
1.
Choose File menu > Manage > Security.
The Manage Security dialog box appears. The Accounts tab lists the accounts defined for this file.
2.
Click New.
3.
In the Edit Account dialog box, for Account is authenticated via, choose External Server.
4.
For Group Name, enter the name of a group that is defined on an external authentication server.
5.
For Account Status, choose whether you want the account to be active or inactive.
For example, you may want to keep the account inactive until you finish setting up its privilege set. Users cannot open a database using an inactive account.
6.
For Privilege Set, choose the privilege set you want to use with this account.
The privilege set assigned to the account determines what the externally authenticated group members can do in the database file. You can choose an existing privilege set, or choose New Privilege Set and create a new one. See Creating new privilege sets.
7.
For Description, enter a description of the account (optional).
8.
You see the Manage Security dialog box again.
9.
 •
If you’re finished working with accounts and privileges, click OK. In the dialog box that appears, enter an account name and password that is assigned the Full Access privilege set, and click OK.
 •
Notes
 •
 •
 •
 •
When a user opens a file, FileMaker Pro opens the file using the first matching account in the authentication order. Any matching accounts that follow the first one are ignored. Therefore, it’s important to set the authentication order for accounts when one or both of the above situations exist. Otherwise, the wrong account may be used to access the file. For more information on changing the authentication order, see Viewing and reordering accounts.
Tip  The authentication order is only an issue under specific circumstances: you must be hosting files with FileMaker Server, using an external authentication server, and have accounts set up in such a way that there are multiple accounts that could authenticate particular users. If you are only using FileMaker-authenticated accounts, authentication order is not a concern because each account must have a unique name.
 •