This is a built in capability. We use Active Directory here to manage a list of several hundred users over a set of more than 100 database files....
The precise details will vary a bit with the external authentication method used, see FileMaker Help for documentation on those details.
The basic method is that you define a "group" in AD, or other such system. You assign your users in that system to those Groups. You then define accounts in your files with the same account names as the group name, specifying a privilege set, but selecting external authentication in place of specifying a single password for that account.
Please note that the FileMaker account name is not returned by Get ( AccountName ) in this case. You get the user names specified in AD and thus can still identify individual users while using Get ( accountPrivilegeSetName ) to identify groups of users.