Protecting databases > Managing accounts > Creating accounts that authenticate via an OAuth identity provider
 

Creating accounts that authenticate via an OAuth identity provider

If you’re hosting FileMaker Pro Advanced files with FileMaker Server, you can set up accounts that authenticate users based on supported OAuth identity providers such as Amazon or Google. This allows you to control access to your databases through third-party identity providers and may allow access to additional security measures, such as multifactor authentication, which requires more than one method of authentication.

Note  Although you can set up OAuth identity provider accounts in FileMaker Pro Advanced, only database files hosted by FileMaker Server can authenticate users against an OAuth identity provider. Database files shared by FileMaker Pro Advanced won’t authenticate against an OAuth identity provider.

To create an account that authenticates via an OAuth identity provider:

1. Choose File menu > Manage > Security.

If the Manage Security dialog box displays the detailed security settings, click Use Basic Setup.

2. Click New Account.

3. For Authenticate via, choose an OAuth identity provider.

4. For Group or User, choose whether to authenticate group or individual user credentials, if supported by your OAuth identity provider.

5. Enter the Group Name (Object ID) or User Name defined by the OAuth identity provider.

To authenticate accounts by group via the Microsoft OAuth identity provider, enter the group’s Azure Object ID for Group Name (Object ID).

6. For Privilege Set, choose, create, or edit a privilege set.

See Creating and editing privilege sets.

The privilege set assigned to the account determines what the externally authenticated group members can do in the file.

7. To make the account active, select its checkbox.

To make an account inactive (for example, until you set up its privilege set), clear the checkbox.

Authenticating users with multiple accounts

It’s possible for a file with OAuth identity provider accounts to contain multiple accounts that could authenticate a user. For example, a file could contain:

both a FileMaker authenticated account and an OAuth identity provider account with the same name

both an External Server account and an OAuth identity provider account with the same name

two or more OAuth identify provider accounts that contain the same group member

When a user opens a file, FileMaker Pro Advanced opens the file using the first matching account in the authentication order. Any matching accounts that follow the first one are ignored. Therefore, it’s important to set the authentication order for accounts when one or more of the above situations exist. Otherwise, the wrong account may be used to access the file. See Creating and editing accounts.

The authentication order is an issue only if you are using an OAuth identity provider and have set up multiple accounts that could authenticate particular users.

Notes 

You’ll need to set additional options in FileMaker Server to authenticate users against an OAuth identity provider. See FileMaker Server Help.

Related topics 

Managing accounts

Creating and editing extended privileges

Creating and editing accounts

Managing saved find requests