If Facebook is specified as the the external identity provider, a subset of Facebook provider attributes can be used as the mapping attribute placeholder value.

The placeholder value must use the following syntax:

${providerAttributes.<Facebook attribute name>}

When you create a new Facebook identity provider entity, the POST request automatically maps the PingOne username attribute to the Facebook email attribute. The username attribute is the core mapping attribute; the default Facebook attribute value is email. It is also recommended that you map the PingOne email attribute to the Facebook email attribute.

The request body for the email-to-email mapping looks like this, with the value attribute showing the Facebook email attribute expressed using the placeholder syntax:

{
    "name": "email",
    "update": "EMPTY_ONLY",
    "value": "${providerAttributes.email}"
}

The POST /environments/{environmentId}/identityProviders operation adds a new identity provider resource to the specified environment.

When the type property value is set to FACEBOOK, Facebook’s appId and appSecret property values are required in the request body.

Facebook identity provider settings data model

Property Description
appId A string that specifies the application ID from Facebook. This is a required property.
appSecret A string that specifies the application secret from Facebook. This is a required property.

Facebook core attributes

Property Description
username A string that specifies the core Facebook attribute. The default value is ${providerAttributes.email} and the default update value is EMPTY_ONLY.

Facebook provider attributes

Permission Provider attributes
<default> Options are: id, first_name, last_name, middle_name, name, name_format, and email.
USER_AGE_RANGE Options are: age_range.
USER_BIRTHDAY Options are: birthday.
USER_GENDER Options are: gender.