PingOne

Adding an identity provider - Facebook

Adding Facebook as an external identity provider (IdP) gives your users the option to sign in with Facebook when accessing your application.

Before you begin

Ensure that the application is added to PingOne.

Set the Grant Type for the application to Implicit.

Learn more in Adding an application.

Registering your application with Facebook for Developers

Facebook will generate an app ID and app secret for your application. You’ll need these values to connect the application to PingOne.

Steps

  1. Go to Facebook for Developers at https://developers.facebook.com.

    If you haven’t created a Facebook Developer Account, you can do so now.

  2. At the top of the page, click My Apps, click Create app, select the appropriate application type, and then click Continue.

  3. Enter the following information:

    • App Display name: The name you want to associate with this application ID.

    • App Contact email: The primary contact information for the application.

  4. Click Create app, and then complete the security check, if required.

    Result:

    The application dashboard is displayed.

  5. On the left side of the page, click Settings → Basic.

  6. Enter the following information:

    • App domains: (Leave this value blank for now.) The path in your application that users are redirected to after they have authenticated with Facebook.

    • Privacy policy URL: (Optional). The URL that contains your privacy policy.

    • Terms of service URL: (Optional). The URL that contains your terms of service.

  7. At the top of the page, locate the App ID and App secret.

  8. Copy the values and paste them in a secure location.

  9. Click Save changes.

Next steps

For more information, see https://developers.facebook.com/docs/apps.

Enabling Facebook login

You must enable Facebook login for your application if it’s not enabled already.

Steps

  1. Go to Facebook for Developers at https://developers.facebook.com.

  2. At the top of the page, click My Apps, and then select the appropriate app.

  3. On the left side of the page, click Products

  4. Locate the Facebook login card and click Set up.

  5. Follow the instructions to set up Facebook login.

Adding Facebook as an identity provider in PingOne

Configure the identity provider connection in PingOne.

Before you begin

Ensure that registration is enabled in the appropriate authentication policy. See Editing an authentication policy.

You should have the following information ready:

  • App ID

  • App secret

Steps

  1. Go to Integrations → External IdPs.

  2. Click Add provider.

  3. Click Facebook.

  4. On the Create Profile page, enter the following information:

    • Name: A unique identifier for the identity provider.

    • Description: (Optional). A brief description of the identity provider.

    You cannot change the icon and login button, in accordance with the provider’s brand standards.

  5. Click Continue.

  6. On the Configure Connection page, enter the following information:

    • App ID: The application ID that you copied earlier from the IdP. You can find this information on the Basic settings page in the Facebook for Developers portal.

    • App Secret: The application secret that you copied earlier from the IdP. You can find this information on the Basic settings page on the Facebook for Developers portal.

  7. Click Save and Continue.

  8. On the Map Attributes page, define how the PingOne user attributes are mapped to identity provider attributes. For more information, see Mapping attributes.

    • Enter the PingOne user profile attribute and the external IdP attribute. For more information about attribute syntax, see Identity provider attributes.

    • To add an attribute, click Add attribute.

    • To use the expression builder, click Build and test or Advanced Expression. See Using the expression builder.

    • Select the update condition, which determines how PingOne updates its user directory with the values from the identity provider. The options are:

      • Empty only: Update the PingOne attribute only if the existing attribute is empty.

      • Always: Always update the PingOne directory attribute.

        You can also map the PingOne attribute Email Address to the Facebook attribute Email.

        The Map Attributes screen, showing the User name and Email address attributes.

      If you don’t map a value for PingOne Email Address, the user must verify their email address when they sign on.

  9. Click Save and Finish.

Adding the callback URL to Facebook for Developers

In PingOne, copy the callback URL and paste it in the Facebook for Developers login settings.

Steps

  1. In PingOne, go to Integrations → External IdPs.

  2. Locate the appropriate identity provider (IdP) and click the details icon to expand the IdP.

  3. Click the Connection tab.

  4. Copy the callback URL and paste it to a secure location.

  5. Go to Facebook for Developers at https://developers.facebook.com.

  6. At the top of the page, click My Apps, and then select the appropriate app.

  7. On the left side of the page, click Facebook Login → Settings.

  8. For Valid OAuth Redirect URIs, paste the value that you copied from the PingOne console.

Next steps