aACE can help you leverage the FileMaker functionality for external authentication for increased security and streamlined user access.
With the external authentication feature, aACE internal user accounts are deactivated and your Open Directory account (or Active Directory for PC) is used to validate users, pass authentications, and set privileges in aACE. This puts the IT Department in direct control of user access for maximum security — you can update a user's record in the Open Directory account to prevent access to aACE. Another benefit is that when users click the aACE launcher, they can login using the same credentials for logging into their workstation — this reduces the number of credentials that your users must manage.
To activate this feature, you must set up the following requirements:
- A properly configured Open Directory server (or Active Directory server for PC) on a separate machine
- A connection (i.e. 'binding' or 'joining') between your Open Directory server and your FileMaker server (FMS)
- A user group in Open Directory (e.g. aaceusers) and corresponding user group in aACE
- FMS configured for external authentication
- aACE configured for external authentication
Of these requirements, only the configuration tasks are within the scope of aACE support. For the other details, we recommend that your IT staff coordinate closely with your aACE partner.
Configuring Your FileMaker Server for External Authentication
Login to FMS, then navigate to Admin Console > Administration > External Authentication tab. In the Database Sign In section, enable the External Server Accounts setting. Please see FileMaker's help guide on this topic for further information.
Configuring Your aACE Preferences for External Authentication
Login to aACE, then navigate to Menu > System Admin > Preferences > Database Management. Mark the flag for FMS External Authentication, then save your changes.
Troubleshooting External Authentications
Team Member Records not Constrained by External Authentication
Only Team Member records of the "Employee" type are affected by external authentication. Team Member records with the "Resource" record type are not affected. This means that any programmer accounts and any consultant accounts can still be used to login directly to aACE.
Logging In after Deactivating External Authentication
When you activate external authentications, aACE continues to store the password for each team member. If you later deactivate this feature, these old FileMaker-based account passwords will again be required. If users do not remember the old passwords, you will have to reset them.
Issues from Upgrading FMS
When you upgrade to a new version of FMS, the Client Authentication setting may get reset to the default (i.e. FileMaker accounts only). This will disrupt any team members that have been logging in with external authentication credentials. You must login to FMS again and enable the 'External Server Accounts' setting.
If you are unable to immediately update the server and users require access to aACE, you can reset their password, enabling them to login directly to aACE for a time.