How to: Configure Facebook as an Identity Provider

Updated: June 19, 2015

Applies To: Azure

Applies To

  • Microsoft Azure Active Directory Access Control (also known as Access Control Service or ACS)

Summary

This How To describes how to configure Facebook as an identity provider using ACS. Configuring Facebook as an identity provider for your ASP.NET web application will allow your users to authenticate to your ASP.NET web application by logging on to their Facebook account.

Contents

  • Objectives

  • Overview

  • Summary of steps

  • Step 1 – Get a Facebook Application ID and a Facebook Application Secret

  • Step 2 – Configure Facebook as an Identity Provider

Objectives

  • Configure a namespace to be used with Facebook as an identity provider.

  • Configure trust and token transformation rules.

  • Become familiar with the endpoint reference, list of services, and metadata endpoints.

Overview

Configuring Facebook as an identity provider eliminates the need to create and manage the authentication and identity management mechanism. A familiar authentication procedure helps the end user. Using ACS, it is easy to set up a configuration that allows your application to use Facebook authentication. This topic explains how to accomplish this task. The following illustration depicts the overall flow of configuring a relying party for ACS use.

ACS v2 Workflow

Summary of Steps

  • Step 1 – Get a Facebook Application ID and a Facebook Application Secret

  • Step 2 – Configure Facebook as an Identity Provider

Step 1 – Get a Facebook Application ID and a Facebook Application Secret

This step gets a Facebook Application ID and a Facebook Application Secret. These are required to configure Facebook as an identity provider.

To get a Facebook Application ID and Facebook Application Secret

  1. Create a Facebook account at http://facebook.com.

  2. Navigate to http://www.facebook.com/developers/.

  3. On the Facebook Developers page, click Create New App and then follow the instructions.

  4. On the main page for your application, copy the values of the App ID and App Secret fields. You will use these when you configure Facebook as an identity provider on the ACS Management Portal in the next step.

  5. In the Site URL field, specify the fully qualified domain name (FQDN) URL of your namespace, including the leading HTTPS://, for example, https://my-ns1.accesscontrol.windows.net. Your namespace will be different.

Step 2 – Configure Facebook as an Identity Provider

In this step you will specify Facebook as an identity provider using information that you got in the previous step.

To configure Facebook as an identity provider

  1. Go to the Microsoft Azure Management Portal (https://manage.WindowsAzure.com), sign in, and then click Active Directory. (Troubleshooting tip: "Active Directory" item is missing or not available)

  2. To manage an Access Control namespace, select the namespace, and then click Manage. (Or, click Access Control Namespaces, select the namespace, and then click Manage.)

  3. In the ACS portal, click Identity Providers and then click Add.

  4. Select Facebook Application.

  5. On the Add Facebook Application page, specify the following values:

    • Display name: Enter any name.

    • Application ID: Enter the value of the App ID field on the Facebook page.

    • Application Secret: Enter the value of the App Secret field on the Facebook page.

    • Application Permissions: Enter email. Review additional permissions you might need at http://developers.facebook.com/docs/authentication/permissions.

    • Login link text: Enter Facebook.

    • Image URL—Optionally, you can specify the image URL.

    • Relying party applications: Select the relying party applications that will use Facebook for authentication.

See Also

Concepts

ACS How To's