Database Server security settings > External authentication for database access
External authentication for database access
Note  The following information is for server administrators.
FileMaker Server authenticates users with FileMaker accounts defined within a FileMaker Pro database. In addition, FileMaker Server supports authentication with the following externally defined accounts and groups:
Windows or macOS accounts and groups locally defined on the master machine
Apple Open Directory and Windows Active Directory accounts and groups, which can be on a centrally-managed authentication server
OAuth identity providers including Login with Amazon, Google Identity Platform, and Microsoft. See Using an OAuth identity provider to authenticate FileMaker clients.
If you’re hosting FileMaker Pro database files with FileMaker Server, you can use your existing authentication server to control access to databases without having to manage an independent list of accounts in each FileMaker Pro database file.
On the Database Server > Security tab, if you choose FileMaker and external server accounts for Client Authentication, the clients’ access privileges are determined by the accounts defined in the hosted databases and by accounts that are defined on the master machine or on an authentication server. Using FileMaker Pro, you specify in a database whether an account is authenticated via FileMaker or an external authentication server. These are Active Directory accounts (Windows), Open Directory accounts (macOS), or OAuth identity provider accounts.
Depending on the specific network configuration, an external authentication server on one platform can authenticate users on the other platform. In other words, a macOS user might be authenticated by Active Directory, or a Windows user might be authenticated by Open Directory in macOS Server.
If you choose FileMaker and external server accounts, records of all login attempts are logged in the Windows Security Log, if the master machine is a Windows machine. For information about the Security Log, see your Windows documentation.
Important  When a database file contains one or more External Server accounts, make sure you use operating system security settings to limit direct access to the file. Otherwise, it might be possible for an unauthorized user to move the file to another system that replicates your authentication server environment and gain access to the file. Group names for accounts authenticated with the external server feature are stored as text strings. If the group name is reproduced on another system, the copied file can be accessed with the privilege set assigned to the members of the group, which might expose data inappropriately.
See “Creating accounts that authenticate via an external server” in FileMaker Pro Help.
Go to the FileMaker Knowledge Base and search for articles containing the keywords external and authentication (and optionally cross-platform).
Related topics 
Database Server security settings
Securing your data