The EmpowerID SSO framework allows you to configure Facebook as an identity provider (IdP) for the EmpowerID Web application. EmpowerID integrates with Facebook using the OAuth protocol to allow your users to log in to EmpowerID using their Facebook accounts.
This topic describes how to configure an Identity Provider connection for Facebook and is divided into the following activities:
To add the Facebook AppID and AppSecret keys to the Facebook OAuth Connection
Adding MFA Points to the Facebook OAuth Connection
Adding a Login Tile for Facebook
Testing the Facebook Connection
As a prerequisite to creating an IDP Connection for Facebook, you must have a Facebook account and register the EmpowerID web application for your organization in the Facebook Developers Center. This creates a set of values known by Facebook and the EmpowerID web application that allow the two to trust one another. These values include theAppIDand theApp Secret(these values are generated by Facebook), as well as theOAuth redirect URI. (This value is entered by you to tell Facebook where to post the assertion of a user's identity to the EmpowerID Assertion Consumer Service).
For specific directions on registering EmpowerID as an application in Facebook, see the information provided by Facebook at https://developers.facebook.com.
When registering EmpowerID in Facebook, use the following URL as the valid OAuth redirect under Facebook Login Settings.Be sure to replace "FQDN_OF_YOUR_EMPOWERID_SERVER" with the FQDN or fully resolvable DNS of the EmpowerID Web server in your environment.
Once the IDP Connection has been set up for Facebook, you can create a link similar to the one below to allow users to login to EmpowerID using Facebook. Be sure to replace "FQDN_OF_YOUR_EMPOWERID_SERVER" with the FQDN or fully resolvable DNS of the EmpowerID Web server in your environment and "Facebook" with the name of the IDP connection you create for Facebook in EmpowerID.
From the Navigation Sidebar of the EmpowerID Web interface, expandAdmin > SSO Connectionsand clickOAuth.
From the OAuth Applications management page, click theOAuth Service Providertab and then search forFacebook.
From theOAuth Service Providergrid, click theFacebooklink.
In the External OAuth Provider Details page that appears, click theEditbutton for the specific Facebook connection you want to edit. By default, EmpowerID includes one connection. However, you can add as many connections for Facebook as your organization needs.
Edit links have the pencil icon.
In the OAuth Connection pane that appears, type theAPP IDFacebook generated for your application in theConsumer Keyfield and theApp Secretin theConsumer Secretfield.
Prepend the value of theCallback Urlwith the FQDN of your EmpowerID Web server, using thehttpsscheme. For example, the FQDN of the EmpowerID Web server in our environment is "sso.empowersso.com" so the full Callback Url for our site is "https://sso.empowersso.com/webidpforms/oauth/v2".
ClickSaveto close the OAuth Connection pane.
Optionally, add any desired MFA points to the Facebook application by following the below steps.
To add MFA points to the Facebook application
From the External OAuth Providers page for Facebook, click theProvider Editlink at the top of the page.
In theMFA Point Valuefield, type the number of MFA points you want to give to users logging in with Facebook.
ClickSave.
Next, add a login tile for Facebook to the desired IdP Domains. This allows your users to authenticate to EmpowerID with their Facebook credentials. If you have not set up an IdP Domain for your environment, you can do so by following the directions in the below drop-down.