PingOne

Adding an identity provider - Facebook

Adding Facebook as an external identity provider (IdP) gives your users the option to sign on with Facebook when accessing your application.

Before you begin

Ensure that you have:

Registering your application with Facebook for Developers

Facebook generates an app ID and app secret for your application. You’ll need these values to connect the application to PingOne.

Steps

  1. Sign on to your Facebook Developer Account.

    If you haven’t created a Facebook Developer Account, you can do so now.

  2. At the top of the page, click My Apps and then click Create app.

  3. Select the appropriate application type and then click Continue.

  4. Enter the following information:

    • App Display name: The name you want to associate with this application ID.

    • App Contact email: The primary contact information for the application.

  5. Click Create app, and then complete the security check, if required.

    Result:

    The application dashboard is displayed.

  6. On the left side of the page, go to Settings > Basic and enter the following information:

    • App domains: The path in your application that users are redirected to after they have authenticated with Facebook.

      Leave App domains blank for now.

    • Privacy policy URL (optional): The URL that contains your privacy policy.

    • Terms of service URL (optional): The URL that contains your terms of service.

  7. At the top of the page, locate the App ID and App secret and copy their values to a secure location.

  8. Click Save changes.

Next steps

Learn more in Meta App Development.

Enabling Facebook login

You must enable Facebook login for your application if it’s not enabled already.

Steps

  1. Go to Facebook for Developers.

  2. At the top of the page, click My Apps, and then select the appropriate app.

  3. On the left side of the page, click Products

  4. Locate the Facebook login card and click Set up.

  5. Follow the instructions to set up Facebook login.

Adding Facebook as an identity provider in PingOne

Configure the IdP connection in PingOne.

Before you begin

Ensure that registration is enabled in the appropriate authentication policy. Learn more in Editing an authentication policy.

You should have the following information ready:

  • App ID

  • App secret

Steps

  1. In the PingOne admin console, go to Integrations > External IdPs and click .

  2. Click Facebook.

  3. Click Next.

  4. On the Add External Identity Provider page, enter the following information:

    • Name: A unique identifier for the IdP.

    • Description (optional): A brief description of the IdP.

    • Population: A population that overrides the authentication policy’s registration population and enables just-in-time registration from the IdP.

      You can’t change the Icon and Sign-on button in accordance with the provider’s brand standards.

  5. Click Next.

  6. Configure the connection and enter the following information:

    • App ID: The application ID that you copied earlier from the IdP. You can find this information on the Basic settings page in the Facebook for Developers portal.

    • App Secret: The application secret that you copied earlier from the IdP. You can find this information on the Basic settings page on the Facebook for Developers portal.

    • Callback URL: Copy the Callback URL to a secure location. You’ll provide this value to the IdP later.

  7. Click Next.

  8. Define how the PingOne user attributes are mapped to IdP attributes. Learn more in Mapping attributes.

    • Enter the PingOne user profile attribute and the external IdP attribute. Learn more about attribute syntax in Identity provider attributes.

    • To add an attribute, click Add.

    • To use the advanced expression builder, click the Gear icon. Learn more in Using the expression builder.

    • Select the update condition, which determines how PingOne updates its user directory with the values from the IdP. The options are:

      • Empty only: Update the PingOne attribute only if the existing attribute is empty.

      • Always: Always update the PingOne directory attribute.

  9. Click Save.

Adding the callback URL to Facebook for Developers

Copy the callback URL from the PingOne admin console and paste it in the Facebook for Developers login settings.

Steps

  1. In the PingOne admin console, go to Integrations > External IdPs and browse or search for the appropriate IdP.

  2. Click the IdP to open the details panel.

  3. On the Connection tab, copy the Callback URL to a secure location.

  4. Go to Facebook for Developers.

  5. At the top of the page, click My Apps, and then select the appropriate app.

  6. Go to Facebook Login > Settings.

  7. For Valid OAuth Redirect URIs, paste the value that you copied from the PingOne admin console.

Next steps