Use an external identity provider for authentication

Team managers can set up single sign-on (SSO) account authentication with an external identity provider (IdP) so that groups of users can sign in with that provider account. Each team may be set up with only one external IdP at a time. When you configure an external IdP, you can select one or more groups for new users to be added to when they sign in with an external IdP for the first time. See Work with groups.

Important  External IdP configuration for Claris Studio is separate from external IdP configuration for FileMaker Cloud and Claris Customer Console. This means that if you want users to be able to sign in to Claris Studio the same way they sign in to FileMaker Cloud or Claris Customer Console, you will need to configure the external IdP the same way in Claris Studio as you did in FileMaker Cloud or Claris Customer Console. However, FileMaker Cloud does not support Security Assertion Markup Language (SAML), so you can either use OpenID Connect (OIDC) for both, or a mix of SAML for Claris Studio and OIDC for FileMaker Cloud.

Configure external IdPs

Before you begin, you must configure the external IdP for use with Claris Studio. Also, you will need to obtain the following information from your IdP depending on whether you're using OIDC or SAML:

OIDC

• Client ID

• Client Secret

• Metadata URL

SAML

• Metadata URL or SAML metadata file

You will also need to choose which Claris Studio groups you want to use the external IdP for authentication. See Work with groups.

Supported IdPs

The following IdPs are supported:

• Microsoft Active Directory Federation Services (AD FS)

  • OIDC

  • SAML

• Amazon Cognito

  • OIDC

• Google Workspace

  • OIDC

  • SAML

• Microsoft Entra ID

  • OIDC

  • SAML

• Okta

  • OIDC

  • SAML