Have a hosted solution where all users are able to modify their own passwords, and FM is handling all the user authentication.

Am upgrading that solution, but just realized that when I push the new solution live, I do not have access to the user passwords, so they will have to be reset (or will be equal to whatever they were when the base copy for the upgrade process was taken).

Anyway around this (I assume not, as it would compromise security if admin was given access to view passwords)?

 

Edited November 4, 201510 yr by Justin P.

Switch to external authentication. That way, passwords are not managed by FileMaker.

I thought as much, thanks Jeremy. The solution belongs to a very small company, they don't run any local servers, use Office 365 and that's about it.

Any recommendations for a lightweight external/web based authentication service?

 

When you say "it's hosted" what do you mean? peer-to-peer or on a FMS? You can use the Users/Groups on the host machine for authentication if it's FMS.

Its hosted on a third party FM hosting service that handles the FM Server licensing, Datatrium.

Only basic access to logs, file push/pull, though I suppose I could ask if they offer any authentication services? Is that common?

I don't know, I haven't used hosting services. I have been in the situation where after an update migration, we reset all passwords to a default and required user to immediately change.

You say that this is for a small company, so perhaps the time savings of the users needing to reset their own passwords rather than you needing to go out and find a 3rd party/develop your own login system is worth it in the long run?

Short answer is: Yes, there are 3rd party services that offer it.

Long answer is: Scary, scary, scary. Calculate the cost of downtime if/when that service either (1) shuts down, (2) glitches and you lose access, (3) is compromised and you lose access. How much would it cost the small company to get back up and running, and how much would it cost them to be down for a day or two or ten. Use that number to figure out if it's worth it to get your own server to host AD or OD yourself ( and learn best practice ).

All fair points. The client is dependent upon the host right now anyhow, so dependency for service continuity is built in there for now.

Overall though, the client cost of decreased user experience (password resets) is less than the cost of setting up and maintaining external authentication. Will stick with the status quo.

Thanks everyone.