Configure the identity provider connection in PingOne.
Ensure that registration is enabled in the appropriate authentication policy. See Editing an authentication policy.
You should have the following information ready:
- App ID
- App secret
- Go to Integrations > External IDPs.
- Click + Add provider.
- Click Facebook.
-
On the Create Profile page, enter the following
information:
- Name: A unique identifier for the identity provider.
- Description: (Optional). A brief description of the identity provider.
You cannot change the icon and login button, in accordance with the provider's brand standards.
- Click Continue.
-
On the Configure Connection page, enter the following
information:
- App ID: The application ID that you copied earlier from the IdP. You can find this information on the Basic settings page in the Facebook for Developers portal.
- App Secret: The application secret that you copied earlier from the IdP. You can find this information on the Basic settings page on the Facebook for Developers portal.
- Click Save and Continue.
-
On the Map Attributes page, define how the PingOne user attributes are
mapped to identity provider attributes. For more information, see Mapping attributes.
- Enter the PingOne user profile attribute and the external IdP attribute. For more information about attribute syntax, see Identity provider attributes.
- To add an attribute, click + Add attribute.
- To use the expression builder, click Build and test or Advanced Expression. See Using the expression builder.
- Select the update condition, which determines how PingOne updates its user
directory with the values from the identity provider. The options
are:
- Empty only: Update the PingOne attribute only if the existing attribute is empty.
- Always: Always update the PingOne directory attribute.
Tip:You can also map the PingOne attribute
Email Address
to the Facebook attributeEmail
.
If you don't map a value for PingOne
Email Address
, the user must verify their email address when they sign on. - Click Save and Finish.