Set up OAuth identity provider authentication

If you host files using FileMaker Server, you can create account access entries in the files that authenticate users via supported OAuth identity providers. This allows you to control access to your custom apps through third-party identity providers. Instead of managing an independent list of accounts in each file, you can use your OAuth identity provider to control access to your app. An OAuth identity provider may also provide additional security measures—such as multifactor authentication, which requires more than one method of authentication.

To authenticate via OAuth identity providers, use FileMaker Pro to set up account access entries within the custom app. Then host the app using FileMaker Server, and configure the host to authenticate with OAuth identity providers. See "Editing OAuth account access" in FileMaker Pro Help; and Enable OAuth identity provider authentication.

Important information when using OAuth identity providers

• You must use the OAuth identity provider to reset passwords.

• Set account access entries in the order you want FileMaker clients to authenticate them. When an OAuth identity provider account is in multiple groups that have account access, or an OAuth account user has account access both as an individual user and as a member of a group, FileMaker clients open the file using the first active, matching account access entry in the priority (authentication) order. Any subsequent matching account access entries are ignored. See "Changing the priority of account access" in FileMaker Pro Help.

• OAuth account access shouldn't be the only type of account access with the Full Access privilege set. Maintain a FileMaker file account for administration purposes in case the file needs to be removed from the host. If there are no FileMaker file accounts, FileMaker clients can open the file only if the file is hosted and the OAuth identity provider is available.