FileMaker tips, techniques, and news.

By Michael Westendorf  Posted on  February 4th, 2022  in  FileMaker, FileMaker & Salesforce

FileMaker Authentication with Salesforce

FileMaker's custom IdP authentication is a great way to extend your organization's security. FileMaker has used Amazon, Google, and Microsoft with an easy configuration since version 16. Now, we have the ability to configure a custom provider using industry-standard OAuth2 or OpenID protocols. We will be showing you how to configure your Salesforce instance as an authentication source for your FileMaker applications. 

Using an identity provider is a great way to manage and secure your application.  

Preparing the Salesforce Organization 

Let's start by preparing the Salesforce organization. Every identity provider will require configuration. We will need information from this process when configuring the FileMaker Server Custom IdP settings. 

Identity Provider

In your Salesforce setup, search for "Identity Provider." This page allows you to enable Salesforce as a single sign-on provider. Once enabled, it will prompt you to choose the certificate used when communicating. For the purpose of this article, we will use the default self-signed certificate.  

Save your certificate and document your Issuer on the following screen. For example, in my test org, it is https://dbservices-b-dev-ed.my.salesforce.com, which we will use to configure our FileMaker Server below. 

FileMaker OAuth Salesforce Identity Provider Page

Connected Apps

After your Identity Provider is enabled, you will need to create a Connected Application. At the bottom, you will find the Service Providers section. Click the link to create a new Connected App: "Service Providers are now created via Connected Apps. Click here."

FileMaker OAuth Salesforce Manage Connected Apps

Fill in (at a minimum) the required basic information at the top of the form.

  • App Name
  • API Name- Default to the app name.
  • A contact email
  • Logo URLs- You can use their default logos or upload your own.


Next, check the box to Enable OAuth Settings.

  • Callback URL - This is the URL the app will call when a sign-on is successful. It is the same for every FileMaker server, just replace YourFMServerDomain, with the public address of your FileMaker Server.
  • OAuth scopes - You will need to include two scopes in order for the app to authenticate properly. 
  • Access the identity URL service (id, profile, email, address, phone)
  • Access unique identifiers (OpenID)


Save your changes, the confirmation screen will have additional information we need to document for the implementation.

Confirmation Page

Before leaving this page, be sure to copy and document both the Consumer Key and the Consumer Secret. Keep this information in a safe place; we will use it later.

FileMaker OAuth Salesforce Confirmation Page

Configuring FileMaker Server

Next, we will configure our FileMaker Server. This is where all the information we've collected will be put to use. Along with the information we collected, we will also need the endpoints our OAuth provider uses to make the necessary calls. The required endpoints are for the authorization code, authorization token, and authorization profile. The paths for Salesforce all begin with the Issuer path we documented above in our case, https://dbservices-b-dev-ed.my.salesforce.com. The endpoints for our server would be: 

  • Authorization Code → https://dbservices-b-dev-ed.my.salesforce.com/services/oauth2/authorize
  • Authorization Token → https://dbservices-b-dev-ed.my.salesforce.com/services/oauth2/token
  • Authorization Profile → https://dbservices-b-dev-ed.my.salesforce.com/services/oauth2/userinfo


After logging into your FileMaker Server Admin Console, navigate to the Administration tab and then to the External Authentication area on the sidebar. Now, we'll expand the Custom IdP Authentication Settings.

FileMaker Security Custom IdP Button

Now that we have all the required information, we will enter it into the server settings. As you can see, everything we collected fits into the FileMaker settings page in the first set of fields. Along with this information, we need to let FileMaker Server know the user account schema and scope. The standard for these is: 

Schema: email

Scopes: OpenID, profile, email 

These let FileMaker identify the user account information when logging into the server. Finally, choose the authentication type you are using and save your settings - in our case, that is OAuth 2.0. 

FileMaker Security Custom IdP Settings Page

Verify Your Identity Provider

FileMaker provides a way to verify your settings, and we recommend you test your settings and confirm you can authenticate correctly before moving on to configuring your FileMaker files.

FileMaker OAuth Salesforce Identity Provider Page

Configure FileMaker Pro Security

As the last step, add your users under FileMaker Security. You will find a Custom OAuth from the list of configured providers. Add any authorized users and choose a privilege set for them. 

FileMaker Security Custom OAuth

Conclusion

This custom configuration with Salesforce is a great way to manage and secure your FileMaker application. If you have any questions or need help using Salesforce as an authentication source for FileMaker, contact our team at DB Services and we will be happy to assist you. 

Did you know we are an authorized reseller for Claris FileMaker Licensing?
Contact us to discuss upgrading your Claris FileMaker software.

Michael Westendorf thumbnail
Michael Westendorf

Michael is a FileMaker Certified Developer who joins DB Services with nearly a decade of experience as an Information Technology Manager in the printing industry. Originally from San Diego, he moved to Iowa during his teens and earned his Bachelor's Degree in Management Information Systems from Iowa State University.

"We were actually able to add more features than we thought would be possible within our budget. We always experienced a ‘can do’ attitude and DB Services was incredibly patient and easy to work with."
Courtney Hartman
Art Director
"The new FileMaker custom website interface is very user-friendly and easy to follow for our clients. In addition, it is much faster than the old Instant Web Publishing (IWP) interface. Thank you and all the others who have helped us out at DB Services. I am very grateful for the excellent service you provide us. Its nice to know we can call you for help if we have an issue."
Wayne Capek
President
"We needed a solution that would simplify the administration of our responsibilities under our contract with the State of Indiana. We have seen a dramatic increase across the state in the number of potential foster and adoptive parents that have begun the preparation and training process. This increase has resulted in a significant opportunity for children available for adoption. That’s a big win for everyone! And it’s all because we can refer potential parents to the proper state contacts efficiently and quickly."
Chris Morrison
Executive Director
"Thank you for all of your expertise and valuable help. I am so grateful to have found DB Services."
Linda Findlay
Owner
"Thank you for our new database system. We transitioned from a carbon copy paper based system to a digital database. The software has saved us time and money. We used to archive all our jobs in cabinets, now we can look up a job in seconds from anywhere. The software allows us to easily email estimates to our customers in pdf format. In a year there was a return on investment just from eliminating the purchasing of our carbon forms."
Todd Cartmel
Owner
"The new system allows us to create and track jobs for customers along with inventory, something we had been doing with separate word and spreadsheet files. Because it’s now so intuitive, new staff members are able to begin using the database immediately without our usual training session and ‘cheat sheets’ for getting around within the file."
Tom Andrews
President