PingOne supports several external identity providers, including Facebook. A sign-on policy configuration in PingOne for Facebook as an identity provider allows users to authenticate and gain access to a configured application using the Facebook sign-on flow and their Facebook credentials.
This scenario illustrates the following common operations supported by the PingOne APIs:
Workflow order of operations
To create a sign-on policy that specifies Facebook as a supported external identity provider, the following tasks must be completed successfully:
Make a POST
request to /environments/{{envID}}/identityProviders
to create the identity provider configuration for Facebook.
Make a POST
request to /environments/{{envID}}/identityProviders/{{providerID}}/attributes
to map the Facebook email
attributes to PingOne email
attributes. This step is optional.
Make a POST
request to /environments/{{envID}}/populations
to create a population for users who will use their Facebook credentials to sign on.
Make a POST
request to /environments/{{envID}}/signOnPolicies
to create a new sign-on policy.
Make a POST
request to /environments/{{envID}}/signOnPolicies/{{policyID}}/actions
to create a new LOGIN sign-on policy action, which is associated with the new sign-on policy.
Make a POST
request to /environments/{{envID}}/applications
to add a new application to the specified environment.
Make a GET
request to /environments/{{envID}}/resources
to return a list of all resource entities associated with the specified environment to get the ID for the PingOne platform resource.
Make a GET
request to /environments/{{envID}}/resources/{{resourceID}}/scopes
to list all scopes associated with a specified resource (the PingOne platform resource).
Make a POST
request to /environments/{{envID}}/applications/{{appID}}/grants
to create a new resource access grant for the application.
Make a POST
request to /environments/{{envID}}/applications/{{appID}}/signOnPolicyAssignments
to associate the sign-on policy with the application.
Make a POST
request to /{{envID}}/as/authorize
to obtain an authorization grant. This request starts the authorization flow.
Click the Run in Postman button below to download the Postman collection for this use case.