Protecting databases > Managing accounts > Creating accounts that authenticate via an OAuth identity provider
 
Creating accounts that authenticate via an OAuth identity provider
If you’re hosting FileMaker Pro files with FileMaker Server, you can set up accounts that authenticate users based on supported OAuth identity providers such as Amazon or Google. This allows you to control access to your databases through third-party identity providers and may allow access to additional security measures, such as multifactor authentication, which requires more than one method of authentication.
Note  Although you can set up OAuth identity provider accounts in FileMaker Pro, only database files hosted by FileMaker Server can authenticate users against an OAuth identity provider. Database files shared by FileMaker Pro won’t authenticate against an OAuth identity provider.
To create an account that authenticates via an OAuth identity provider:
1. Choose File menu > Manage > Security.
If the Manage Security dialog box displays the detailed security settings, click Use Basic Setup.
2. Click New Account.
3. For Authenticate via, choose an OAuth identity provider.
4. For Group or User, choose whether to authenticate group or individual user credentials, if supported by your OAuth identity provider.
5. Enter the Group Name or User Name defined by the OAuth identity provider.
6. For Privilege Set, choose, create, or edit a privilege set.
See Creating and editing privilege sets.
The privilege set assigned to the account determines what the externally authenticated group members can do in the file.
7. To make the account active, select its checkbox.
To make an account inactive (for example, until you set up its privilege set), clear the checkbox.
8. If you’re finished, click OK.
Authenticating users with multiple accounts
It’s possible for a file with OAuth identity provider accounts to contain multiple accounts that could authenticate a user. For example, a file could contain:
both a FileMaker-authenticated account and an OAuth identity provider account with the same name
both an External Server account and an OAuth identity provider account with the same name
two or more OAuth identify provider accounts that contain the same group member
When a user opens a file, FileMaker Pro opens the file using the first matching account in the authentication order. Any matching accounts that follow the first one are ignored. Therefore, it’s important to set the authentication order for accounts when one or more of the above situations exist. Otherwise, the wrong account may be used to access the file. See Creating and editing accounts.
The authentication order is an issue only if you are using an OAuth identity provider and have set up multiple accounts that could authenticate particular users.
Notes 
You’ll need to set additional options in FileMaker Server to authenticate users against an OAuth identity provider. See FileMaker Server Help.
Related topics 
Managing accounts
Creating and editing extended privileges
Creating and editing accounts
Managing saved find requests