Skip to content

Facebook Identity Provider

You can configure Facebook as Identity Provider (IdP) in the Onegini IdP. The Onegini IdP uses Facebook Graph API. This chapter will guide you though all steps that are required to fully configure and use the Facebook IdP with the Onegini IdP.


To successfully complete this topic guide you need to ensure following prerequisites:

  • Onegini IdP instance must to be running, for the sake of this guide we assume it's available under address
  • Onegini IdP must have the Username & password identity provider configured

Configure Facebook identity provider

To register a Facebook IdP within the Onegini IdP as an Identity Provider first you need to create an application on the Facebook platform and obtain it's Client ID and Client Secret. Make sure that the option 'Require app secret' is turned off. Next visit the page and login to the Onegini IdP admin console. Select the Config menu option and navigate to the Identity Providers tab. Hit the + button to create a new Identity Provider configuration. Fill in the form as follows:

  1. Type - open the dropdown list and select Facebook
  2. Name - name your Facebook IdP instance
  3. Authentication Level - choose desired authentication level
  4. Enabled - mark your Identity Provider as enabled
  5. OAuth attributes - paste your Facebook Client ID as Client ID and Client Secret as Client Secret. Define Client Scope, you can read more about supported scopes in the official Facebook documentation
  6. Attributes mappings - Onegini IdP within the configuration form gives you option to define the attribute mappings. It's a very useful functionality which allows you define "translations" for user's profile and custom attributes. The automatic Sign-up functionality requires at least Email address attribute to mapped from the external identity provider (Facebook). Depending on the scope that you use you can also provide additional mappings for other fields. To get more info about attribute mappings please check the Attribute Mappings topic guide.


If Graph API return a list of values for one attribute, only first one will be saved. Also there is no support for complex value in form of a map, like address.