Access Keys:
Skip to content (Access Key - 0)
Skip to end of metadata
Go to start of metadata
You are viewing an old version of this page. View the current version. Compare with Current  |   View Page History
<< Previous Version 3 Next >>

FileMaker Authentication

Current FileMaker versions allow for an approximation of single sign on; that is through integration with the host server's own authorization and authentication: Active Directory for Windows or Open Directory for Mac OS X.

External authentication

Enable external authentication through the FileMaker Server admin tool and in individual database files. The FileMaker Server setting lives in the Security tab (this can be found in the Database Server section of the Admin Console). Select "FileMaker and External Server accounts." This allows you to tie into user accounts and groups either on the host machine itself or on a networked domain controller.

You must have corresponding accounts set up in your FileMaker database file. These accounts represent user roles, not individual users. Define the account and assign the authentication method to "External Server" and indicate the appropriate Group to which that user account belongs. The name of this Group with its associated privilege set should match the appropriate group defined on your host OS or domain controller. You must have the extended privilege [istdraft:fmapp] enabled in the associated privilege set for single sign on to work. If you use external authentication, you must have at least one FileMaker account that is separate from the external authentication system. It is recommended that any admin-level accounts not be included in externally authenticated accounts.

Gotchas
To approximate single sign-on on OS X, the user's credential must be stored in the keychain. Any user account changes in the FileMaker database file must be correspondingly updated in the keychain manager. Also, be sure that the Group name you identify in your FileMaker accounts matches the Macintosh OS "short" name.

If you have granted the access privilege to a privilege set (FileMaker parlance for a particular set of authorizations or role) that allows users to change their own passwords, this will break the effect of external authentication, not to mention single sign on. The user will have to log into the server, and change the OS account password before being able to access the database. Mac clients will have to update the appropriate keychains.

More information on External Authentication can be found in FileMaker's in-depth guide.

Other security features involving authentication

Hiding file names
You also have the additional security option of only displaying to each user those database files to which that user account is allowed access. If you have not enabled external authentication, the user will be prompted twice for authentication: once to see the appropriate list of files and again to open the desired file.

Protecting access to your FileMaker Server configurations
There is an additional level of authentication available for managing the hosting settings for FileMaker server through the Server Administration Tool. Enable this in the Admin Console tab (in the Admin console under the General Settings section). The three options are to limit access by IP address, set a username and password to use the Server Admin Tool or require that the FileMaker Server administrator be a member of an external authentication group.

Labels:
None
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.

Last Modified:

page-info: unable to locate page


Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
Feedback
This product/service is:
Easy to use
Average
Difficult to use
This article is:
Helpful
Inaccurate
Obsolete
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki