This page
Other pages
Account
You are viewing an old version of this page. View the current version.
Compare with Current |
View Page History
FileMaker Authentication
FileMaker Security Basics
Using FileMaker securely rests first and foremost on employing and setting up FileMaker's existing authorization features thoughtfully. For hosted and single user files alike, it is critical that you make sure that you have only password protected full access accounts and that you have set up your privilege sets to manage user activities appropriately. This document addresses some of the things that you should consider when setting up user accounts and access settings in FileMaker.
Manage Full Access Accounts
By default, each file is assigned an admin full access user with a blank password. Setting the password for the admin account and/or disabling that account is a first critical step! As of version 15, FileMaker Server now provides a setting that will disallow hosting of files that have non-password protected full-access accounts. We strongly recommend using this setting for all hosted solutions, but this setting does nothing to protect the data in a file if a non-password protected file can be opened as a stand alone file. After setting authorizations correctly, making sure that your files reside on secure machines is the next critical piece to providing security for your database solutions. Wherever you have data that is sensitive, it is strongly recommended that you host the file on an IS&T managed server.
More about FileMaker Default Account Settings
In addition to each file being set to have a blank full-access Admin account, there is a default setting enabled in the File>>File Options dialog box that you should be aware of and change once you have set up additional password protected accounts in FileMaker. Unless there is a compelling reason to do so, do not set a default account/password option in your solution.
Note: A user may set a default log-in account name for themselves under FileMaker>>Preferences.
Set Up Individual User Accounts
Use of shared user accounts is never recommended. FileMaker provides group privilege sets and individualized user accounts. Setting privilege sets up with appropriate access controls and then assigning users to individual user accounts is the first and best security mechanism available in every circumstance. NOTE: Individual users can be given control over their own passwords in FileMaker, but users should be advised against reuse of Kerberos passwords in FileMaker. Forgotten passwords can be reset by a full-access user at any time. See section on External Authentication if you wish to investigate the option of using external authentication in FileMaker to manage groups of users.
External Authentication with Kerberos at MIT
Where FIleMaker files are being hosted on servers users may be set up to use External Authentication, allowing authentication via an Active Directory Service on a Windows Domain Server or through local domain access controls set up on the host machine. At MIT this means that files that are hosted on MIT's Windows domain servers can be set up to use FileMaker's external authentication feature. When used in conjunction with Moira groups, users who are members of Moira groups recognized in your FileMaker solutions will be able to authenticate using their Kerberos name and password.*
If you intend to use external authentication as a means for access to any of the databases hosted on your server, you must enable the external authentication option on the server console accordingly. The FileMaker Server setting lives in the Security tab available on the Database Server window of the FileMaker Server Admin Console. Select "FileMaker and External Server accounts." In addition you will need to add accounts associated with external groups (if using the MIT Windows Domain that would be a Moira group) to each FileMaker database for which external authentication is to be used.
It is strongly recommended that only dedicated FileMaker-specific Moira groups be employed for use with FileMaker. These accounts represent user roles, not individual users and list access will need to be maintained over time so as not to inadvertently expose your database solutions to members of a Moira list who should no longer be granted access to your database. As an example, if we wanted to set up a Moira group for use by the three administrators in the Department of Useless Research, the only three people who currently use the database, you would not want to borrow the existing dur-all Moira group list for this purpose since that includes everyone in the department. Instead, a new Moira group should be created. In this case, you might name the new Moira group dur-fm-admin. Membership would be limited to just those in the department who need to work in the database and the list ownership should be assigned with consideration. It may make sense to have the list be self-managed or it may be appropriate to assign membership to a supervising person or another Moira list entity. In FileMaker, the associated account name you create for this group would need to be entered thusly: dur-fmp-admin_group. NOTE: The "_group" appendage is critical in FileMaker, but do not appended "_group" to the Moira list when setting it up. In the FileMaker privilege set definition, you must enable the extended privilege [istdraft:flap] for the associated privilege set to which this group will be assigned in FileMaker.
If you use external authentication, you will still be required to maintain at least one FileMaker full access account that is not externally authenticated. Note that externally authenticated accounts may not commit changes to security settings in a file. See above recommendations for setting up password secure full access FileMaker accounts.
*Note : Clients using FileMaker's external authentication on Windows machines in MIT's Win Domain will experience the approximation of single sign on once they have logged into the MIT Windows Domain they will not be prompted to re-enter their user name and password to access FileMaker files for which they have valid external authentication accounts.
Potential Issues with External Authentication
Management of externally authenticated and Kerberos enabled accounts in FileMaker poses its own set of use and maintenance challenges. If Moira groups are to be used to control membership in externally authenticated groups then the server must be on MIT's WIN domain. Further, only dedicated FileMaker specific Moira groups for each solution should be used. Long-term management/maintenance of the externally authenticated group should be discussed before implementation of externally authenticated groups. If using Moira groups, when configuring the group name in FileMaker append "_group" to the Moira group name.
More information on External Authentication can be found in FileMaker's in-depth guide.
Other security features involving authentication
Requiring Password Protected Databases and Hiding Files
With FileMaker 15, FM Server now has a setting for restricting upload of databases to those that are password protected. You may also enable a setting that restricts display of hosted files to only those files for which a user is allowed access. If you have not enabled external authentication, the user will be prompted twice for authentication: once to see the appropriate list of files and again to open the desired file.
Protecting access to your FileMaker Server configurations
There is an additional level of authentication available for managing the hosting settings for FileMaker server through the Server Administration Tool. Enable this in the Admin Console tab (in the Admin console under the General Settings section). The three options are to limit access by IP address, set a username and password to use the Server Admin Tool or require that the FileMaker Server administrator be a member of an external authentication group.
