PingOne supports several external identity providers, including Facebook. A sign-on policy configuration in PingOne for Facebook as an identity provider allows users to authenticate and gain access to a configured application using the Facebook sign-on flow and their Facebook credentials.

This scenario illustrates the following common operations supported by the PingOne APIs:

• Create an identity provider configuration
• Create an optional identity provider attribute mapping
• Create a population for Facebook users
• Create a sign-on policy
• Create a sign-on policy action
• Create an application
• Associate the sign-on policy with the application

Workflow order of operations

To create a sign-on policy that specifies Facebook as a supported external identity provider, the following tasks must be completed successfully:

1. Make a POST request to /environments/{{envID}}/identityProviders to create the identity provider configuration for Facebook.

2. Make a POST request to /environments/{{envID}}/identityProviders/{{providerID}}/attributes to map the Facebook email attributes to PingOne email attributes. This step is optional.

3. Make a POST request to /environments/{{envID}}/populations to create a population for users who will use their Facebook credentials to sign on.

4. Make a POST request to /environments/{{envID}}/signOnPolicies to create a new sign-on policy.

5. Make a POST request to /environments/{{envID}}/signOnPolicies/{{policyID}}/actions to create a new LOGIN sign-on policy action, which is associated with the new sign-on policy.

6. Make a POST request to /environments/{{envID}}/applications to add a new application to the specified environment.

7. Make a GET request to /environments/{{envID}}/resources to return a list of all resource entities associated with the specified environment to get the ID for the PingOne platform resource.

8. Make a GET request to /environments/{{envID}}/resources/{{resourceID}}/scopes to list all scopes associated with a specified resource (the PingOne platform resource).

9. Make a POST request to /environments/{{envID}}/applications/{{appID}}/grants to create a new resource access grant for the application.

10. Make a POST request to /environments/{{envID}}/applications/{{appID}}/signOnPolicyAssignments to associate the sign-on policy with the application.

11. Make a POST request to /{{envID}}/as/authorize to obtain an authorization grant. This request starts the authorization flow.

Click the Run in Postman button below to download the Postman collection for this use case.