Google Groups authentication
You can skip directly to the Setup Guide if you wish, for a step by step walktrhough of the process.
This doc is a high-level overview of what we need to set up Otto and FileMaker Server so you can Google Group membership to authenticate to FileMaker files. It contains links to the other resources you will need.
Every Google Group gets an email address in the form firstname.lastname@example.org. Once Otto is properly configured you can use that group email as the "Group" in FileMaker's security setup.
How is this different then the built in Google Oauth?
FileMaker Server can use other identity providers to authenticate users to FileMaker databases. But only one of them, Microsoft, allows you to use Groups as shown in the image above. The 3 built in providers are:
- Google email address only
- Microsoft email or group membership
- Amazon email address only.
Otto brings groups to Google OAuth
Otto provides a Custom Auth Provider that extend the Google Auth Provider to allow it to use groups, instead of just email addresses. That's the big differnce between the 3 built in providers and the Otto's Google Groups Custom Auth providor.
Custom OAuth providers are only available starting with FileMaker Server 19.4.
Required information from your Google account
You will need a couple bits of information and special access to your Google Account to setup Otto
Otto needs special access to your Google Account to be able to get the Groups that a person belongs to. You provide that access through the use of a special Service Account OAuth Client that has been restricted to only allow getting group information and group membership info. This is read-only access to groups and group members. Nothing else in your google account can be accessed or updated.
The process for creating this special credential is a little confusing, but we have a step-by-step guide and a video to help you do it.
Google account admin email
You will also need an email address that has Admin privileges in your Google Account. We don't need the password. Just the email address. If you are an Admin in your google account, your email address will work. If you aren't then you will need to ask your Google Account administrator to give you an email address that is an Admin.
FMS 19.5 Required
FileMaker Server 19.5 is required for Google Groups Oauth.
Configuring FileMaker Server
Once you have everything, you can complete the Custom Oauth setup.
Configuring your FileMaker File.
Once your Custom Oauth Provider has been verified, you can configure a google group to authenticate to your FileMaker File.