Set up sign-up and sign-in with a Facebook account using Azure Active Directory B2C

Create a Facebook application

To use a Facebook account as an identity provider in Azure Active Directory B2C (Azure AD B2C), you need to create an application in your tenant that represents it. If you don't already have a Facebook account, you can sign up at https://www.facebook.com/.

  1. Sign in to Facebook for developers with your Facebook account credentials.
  2. If you have not already done so, you need to register as a Facebook developer. To do this, select Get Started on the upper-right corner of the page, accept Facebook's policies, and complete the registration steps.
  3. Select My Apps and then Create App.
  4. Select Build Connected Experiences.
  5. Enter a Display Name and a valid Contact Email.
  6. Select Create App ID. This may require you to accept Facebook platform policies and complete an online security check.
  7. Select Settings > Basic.
    1. Choose a Category, for example Business and Pages. This value is required by Facebook, but not used for Azure AD B2C.
    2. Enter a URL for the Terms of Service URL, for example http://www.contoso.com/tos. The policy URL is a page you maintain to provide terms and conditions for your application.
    3. Enter a URL for the Privacy Policy URL, for example http://www.contoso.com/privacy. The policy URL is a page you maintain to provide privacy information for your application.
  8. At the bottom of the page, select Add Platform, and then select Website.
  9. In Site URL, enter the address of your website, for example https://contoso.com.
  10. Select Save Changes.
  11. At the top of the page, copy the value of App ID.
  12. Select Show and copy the value of App Secret. You use both of them to configure Facebook as an identity provider in your tenant. App Secret is an important security credential.
  13. From the menu, select the plus sign next to PRODUCTS. Under the Add Products to Your App, select Set up under Facebook Login.
  14. From the menu, select Facebook Login, select Settings.
  15. In Valid OAuth redirect URIs, enter https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com/oauth2/authresp. Replace your-tenant-name with the name of your tenant. Select Save Changes at the bottom of the page.
  16. To make your Facebook application available to Azure AD B2C, select the Status selector at the top right of the page and turn it On to make the Application public, and then select Switch Mode. At this point, the Status should change from Development to Live.

Configure a Facebook account as an identity provider

  1. Sign in to the Azure portal as the global administrator of your Azure AD B2C tenant.
  2. Make sure you're using the directory that contains your Azure AD B2C tenant by selecting the Directory + subscription filter in the top menu and choosing the directory that contains your tenant.
  3. Choose All services in the top-left corner of the Azure portal, search for and select Azure AD B2C.
  4. Select Identity providers, then select Facebook.
  5. Enter a Name. For example, Facebook.
  6. For the Client ID, enter the App ID of the Facebook application that you created earlier.
  7. For the Client secret, enter the App Secret that you recorded.
  8. Select Save.