Creating accounts that authenticate via an external server
If you’re hosting FileMaker Pro files with FileMaker Server and your organization uses centrally managed authentication for users and groups such as Apple Open Directory or a Windows domain, you can set up accounts that authenticate users based on your authentication server. This allows you to use your existing authentication server to control access to databases without having to manage an independent list of accounts in each FileMaker Pro database file.
Note  Although you can set up accounts for external authentication servers in FileMaker Pro, only database files hosted by FileMaker Server can authenticate users against an authentication server. Database files shared by FileMaker Pro won’t authenticate against an authentication server.
Important  When a database file contains one or more External Server accounts, make sure you use operating system security settings to limit direct access to the file. Otherwise, it might be possible for an unauthorized user to move the file to another system that replicates your authentication server environment and gain access to the file. For more information, see the FileMaker Server documentation.
To create an account that authenticates via an external server:
1.
Choose File menu > Manage > Security.
If the Manage Security dialog box displays the detailed security settings, click Use Basic Setup.
2.
Click New Account.
3.
For Authenticate via, choose External Server.
4.
For Group Name, enter the name of a group that is defined on an external authentication server.
5.
For Privilege Set, do one of the following:
 •
 •
Choose New Privilege Set, then create a new one.
 •
Choose a privilege set, then click Edit and change the privilege set.
See Creating and editing privilege sets.
The privilege set assigned to the account determines what the externally authenticated group members can do in the file. See Creating and editing privilege sets.
6.
To make an account inactive (for example, until you set up its privilege set), clear the checkbox.
7.
Or, to continue working with accounts and privileges, see Managing accounts, Managing privilege sets, or Managing extended privileges.
Notes
 •
 •
 •
 •
 •
When a user opens a file, FileMaker Pro opens the file using the first matching account in the authentication order. Any matching accounts that follow the first one are ignored. Therefore, it’s important to set the authentication order for accounts when one or both of the above situations exist. Otherwise, the wrong account may be used to access the file. For more information on changing the authentication order, see Viewing and reordering accounts.
Tip  The authentication order is only an issue under specific circumstances: you must be hosting files with FileMaker Server, using an external authentication server, and have accounts set up in such a way that there are multiple accounts that could authenticate particular users. If you are only using FileMaker-authenticated accounts, authentication order is not a concern because each account must have a unique name.
 •
Related topics 
Creating and editing accounts
Managing saved find requests