PingOne supports several external identity providers, including Facebook. A sign-on policy configuration in PingOne for Facebook as an identity provider allows users to authenticate and gain access to a configured application using the Facebook sign-on flow and their Facebook credentials.

This scenario illustrates the following common operations supported by the PingOne APIs:

Workflow order of operations

To create a sign-on policy that specifies Facebook as a supported external identity provider, the following tasks must be completed successfully:

  1. Make a POST request to /environments/{environmentId}/identityProviders to create the identity provider configuration for Facebook.

  2. Make a POST request to /environments/{environmentId}/identityProviders/{providerId}/attributes to map the Facebook email attributes to PingOne email attributes. This step is optional.

  3. Make a POST request to /environments/{environmentId}/populations to create a population for users who will use their Facebook credentials to sign on.

  4. Make a POST request to /environments/{environmentId}/signOnPolicies to create a new sign-on policy.

  5. Make a POST request to /environments/{environmentId}/signOnPolicies/{policyId}/actions to create a new LOGIN sign-on policy action, which is associated with the new sign-on policy.

  6. Make a POST request to /environments/{environmentId}/applications to add a new application to the specified environment.

  7. Make a GET request to /environments/{environmentId}/resources to return a list of all resource entities associated with the specified environment to get the ID for the PingOne platform resource.

  8. Make a GET request to /environments/{environmentId}/resources/{resourceId}/scopes to list all scopes associated with a specified resource (the PingOne platform resource).

  9. Make a POST request to /environments/{environmentId}/applications/{applicationId}/grants to create a new resource access grant for the application.

  10. Make a POST request to /environments/{environmentId}/applications/{applicationId}/signOnPolicyAssignments to associate the sign-on policy with the application.

  11. Make a POST request to /{environmentId}/as/authorize to obtain an authorization grant. This request starts the authorization flow.

Click the Run in Postman button below to download the Postman collection for this use case.

Run in Postman