Accessing external data sources > Working with external data sources > Enabling ODBC data source single sign-on (Windows only)
 

Enabling ODBC data source single sign-on (Windows only)

If you work with database files hosted by FileMaker Pro Advanced or FileMaker Server that access ODBC data from Microsoft SQL Server, you can configure the host computer to enable single sign-on (SSO). ODBC data source single sign-on permits a client to use one Windows-authenticated login to access ODBC data in shared files.

Important  Before you can enable ODBC data source single sign-on, your Windows domain administrator must:

configure the Account is trusted for delegation security setting for your Windows user account on the client.

configure the Trust this user for delegation and Use Kerberos only security settings for your Windows user account on the host computer.

enable the Impersonate a client after authentication privilege for your Windows user account on the host computer.

configure the ODBC DSN to use Windows authentication on the host computer.

configure Microsoft SQL Server to use Windows authentication.

To enable ODBC data source single sign-on:

1. With the database open, chose File menu > Manage > External Data Sources.

2. Select an ODBC data source from the list and click Edit.

3. For Authentication, select Use Windows Authentication (Single Sign-on), enter the SPN (Service Principal Name), and click OK.

Note  Your Windows domain administrator must provide the SPN, which is generally in this format: MSSQLSvc/<fully qualified domain name>:<port>

For example: MSSQLSvc/sql2005.filemaker.com:1433

Notes 

In order to open a hosted database, the administrator must configure the FileMaker Server service to log in as the privileged user account. See FileMaker Server Installation and Configuration Guide.

ODBC data source single sign-on is not supported:

on Macintosh.

for ODBC data accessed from MySQL or Oracle.

in web publishing.

Related topics 

Editing ODBC data sources

Creating accounts that authenticate via an external server