Set up Claris ID or external IdP authentication

In files hosted by FileMaker Cloud, you must create account access entries that authenticate users via the Claris ID identity provider or an external IdP. FileMaker Cloud team managers control access to hosted files through Claris Customer Console. There they can add users to the team and manage groups of users, instead of managing an independent list of accounts for individual users in each file. Team managers have access to additional security measures—such as multifactor authentication, which requires more than one method of authentication.

To authenticate via the Claris ID identity provider or an external IdP, use FileMaker Pro to set up account access entries within the custom app. Then host the app using FileMaker Cloud. There is no configuration required in Admin Console for FileMaker Cloud. See "Editing Claris ID account access" in FileMaker Pro Help; and Enable Claris ID or external IdP authentication for groups and users.

Important information when using the Claris ID or an external identity provider

  • Claris ID users can reset their password on their Profile page in Claris Customer Console, but external IdP users can't.

  • Set account access entries in the order you want FileMaker clients to authenticate them. When a Claris ID or an external IdP user is in multiple groups that have account access, or when they have account access both as an individual user and as a member of a group, FileMaker clients open the file using the first active, matching account access entry in the priority (authentication) order. Any subsequent matching account access entries are ignored. See "Changing the priority of account access" in FileMaker Pro Help.

  • You must create at least one Claris ID or external IdP account access entry with the Full Access privilege set in order to have full access privileges while the file is hosted by FileMaker Cloud. A FileMaker Cloud host supports no other types of accounts. Also maintain a FileMaker file account with the Full Access privilege set in case the file needs to be removed from the host and opened locally. If there are no FileMaker file accounts, FileMaker clients can open the file only if the file is hosted by FileMaker Cloud.