BlogFileMaker

Passwordless Login into Your FileMaker Solutions

By June 23, 2020 2 Comments

We’ve said it before: your password is useless. The 2020 Verizon Data Breach Investigations Report underlines it: over 80% of the hacking breaches involved brute force or stolen credentials. If your whole identity is unlocked with just a string of text that is easy to guess or has been compromised in an earlier data breach, then your identity is not very safe, and neither is anything that it has access to.

Screenshot of the 2020 Data Breach Investigations Report (DBIR) data on hacking

Figure 1. 2020 DBIR datea on hacking

Relying on the old-style username and password combo is dangerous. So why not make it so that your FileMaker solution does not need a password at all for login?

Since FileMaker 16, you have been able to use modern external Identity Providers (IdPs) to do the user authentication for you in the form of Microsoft Azure AD, Amazon, and Google accounts. And since FileMaker 17, you can basically use any provider that uses the OAuth2 variant of OpenID Connect. And many of these are now adopting the new WebAuthn protocol. For a quick primer on what that is, visit this very informative web site: https://webauthn.guide/

In short, you can now use a security key or token to use as the primary authentication factor or as one of the multiple forms of authentication you want to support.

Steven Blackwell and I have co-authored a new white paper in our OAuth series that describes how to use a Yubikey security key to log into our FileMaker solution.

Photo of the Yubikey 5 Series

Figure 2. Yubikey 5 Series

And to underline the many options and choices you have in choosing your preferred Identity Provider, we are also showing how to configure Red Hat’s Keycloak as an on-premise IdP. This demonstrates you are not limited to cloud-only options like the ones we have used up to this point: Okta, Ping, OneLogin, MiniOrange, Auth0, or commercial on-premise authentication providers such as Active Directory and its AD FS.

This white paper complements the others in this series:

You can also keep track of our content around modern authentication by using the OAuth tag on our web site. If you have any questions about how to implement this in your own FileMaker solution, our team is happy to help.

Wim Decorte

Wim Decorte

Wim is a Senior Technical Solution Architect at Soliant. He is a FileMaker 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17 and 18 Certified FileMaker Developer and the author of numerous Tech Briefs and articles on FileMaker Server. Wim is one of the very few multiple FileMaker Excellence Award winners and was most recently awarded the FileMaker Community Leader of the Year award at the 2015 FileMaker Developer Conference. He is also a frequent speaker at the FileMaker Developer Conference and at FileMaker Developer groups throughout the world. In addition to being a renowned expert on FileMaker Server, Wim also specializes in integrating FileMaker with other applications and systems. His pet project is the open source fmDotNet connector class that he created.

2 Comments

  • Avatar Eric Matthews says:

    No SAML?

    • Wim Decorte Wim Decorte says:

      SAML is not supported directly by FileMaker Server. But depending on your choice of identity provider, you can use it as a broker to an identity provider that only supports SAML. Keycloak for instance – that we are using in addendum 3 – supports that. One of our future white papers will show this in action.

Leave a Reply

Need to adjust your business processes quickly? We're helping clients use technology to keep their teams productive and running smoothly in these times of uncertainty. Our team can guide yours if you need help in these areas.

Talk to a Consultant