Set up Facebook as a social login provider in SecureAuth Connect so users can sign in with their Facebook account.
Register Facebook as a provider
-
In your workspace, go to Authentication > Providers.
-
Click Create Connection.
-
Filter by Social Providers and select Facebook.
-
Choose a registration mode:
Mode Description Embedded Uses a client application registered by SecureAuth. No developer portal registration required. Bring your Own Uses a client application registered by your organization. Requires registering an application in the Meta for Developers console to obtain an App ID and App Secret. 
Configuration
| Setting | Description |
|---|---|
| Name | Display name for this provider. Default: Facebook. |
| Display order | Controls the position of this provider on the sign-in page. Default: 0. |
Use Try Sign-in to test the Facebook sign-in flow. Use Delete Identity to remove this provider.
Attributes
Facebook returns the following attributes after authentication:
| Connector name | Friendly name | Data type | Scope |
|---|---|---|---|
email | String | ID token | |
given_name | Given name | String | ID token |
family_name | Family name | String | ID token |
name | Name | String | ID token |
picture | Picture | String | ID token |
The picture attribute contains the URL of the user's Facebook profile picture.
To add custom attributes, click + Add attribute.
Mappings
Default attribute mappings from Facebook to the SecureAuth authentication context:
| Source | Facebook source name | SecureAuth trget name |
|---|---|---|
| ID token | ||
| ID token | Given name | Given name |
| ID token | Family name | Family name |
| ID token | Name | Name |
| ID token | Picture | URL of the profile picture |
To customize, click + Add mapping or + Add static mapping.
Provisioning
Provisioning controls what happens when a user authenticates through Facebook.
Disabled
Users are not persisted in the user store. Authentication succeeds but no user record is created.
Just-in-Time Provisioning
Users are persisted in the user store on first login.
Identifier Correlation
Maps the incoming Facebook identity to an existing user. Default: Facebook Email ↔ Users Email.
Attribute Provisioning
Maps Facebook attributes to user profile fields. Defaults:
Email→EmailGiven name→First nameFamily name→Last name
Pre provisioning mode
Users must already exist in the user store before they can authenticate. New users are not auto-created at login; they must be added via an offline process.
Authentication flow control
Select what happens when no matching user is found:
- Deny – Terminate the authentication flow.
- Allow – Proceed with the authentication flow.
Identifier Correlation
Maps the incoming Facebook identity to an existing user. Default: Facebook Email ↔ Users Email.
Attribute Provisioning
Maps Facebook attributes to user profile fields. Defaults:
Email→EmailGiven name→First nameFamily name→Last name
Extensions
| Extension | Description |
|---|---|
| Post Authentication script | A server-side script that runs after Facebook authentication completes. Click Manage Script to configure. |
| Post Authentication application | A custom application that receives a callback after Facebook authentication completes. Click Manage Custom App to configure. |