Database Reference
In-Depth Information
Since these external accounts aren't actually stored in FileMaker, you don't need to add the
accounts themselves to your database. Instead, you tell FileMaker which groups in the ex-
ternal system should be granted access. For example, if your Windows Active Directory
already has a group for Accounting and another for Customer Service, you can tell
FileMaker what privileges people in each of these groups have.
If you don't have appropriate groups in the external system, then you can have the system
administrator add a new group (or several new groups) just for you. You can then assign a
privilege set to each group that should be given access, and the system administrator assigns
individual people to each group.
To assign a privilege set to an external group, you create a single account in FileMaker. But
instead of entering a user name and password, from the “Account is authenticated via” pop-
up menu, choose External Server. The Account Name and Password boxes disappear, and a
new Group Name box appears instead. Just type the name of the Active Directory or Open
Directory group in this box.
You can set up external authentication in two ways, but both require a working directory
server and FileMaker Server (see Chapter 19 ):
Local accounts on your FileMaker server . You can manage account names and pass-
words on the server itself and have them apply to every database. This method saves you
the trouble of creating individual FileMaker accounts in every file.
Domain accounts . FileMaker Server communicates with the directory server on your
company's network to authenticate users. This approach centralizes account management
and lets people log in with the same account names and passwords they use for every
other computer system on your network.
Both methods require coordination with your IT department. Consult IT (or the documenta-
tion for your directory server) for more information on setting up and maintaining external
authentication.
NOTE
You're free to use a mixture of normal FileMaker accounts and external authentication accounts. In
fact, you must have at least one full access FileMaker account in every file. If you need to extend ac-
cess to someone who's not in the directory server, then you can add a FileMaker account for that
person, too. People from the directory server can log in, and so can this special person.
Search WWH ::




Custom Search