Fischer Identity supports authentication via Facebook. This can be used as a primary authentication factor when accessing Fischer's Self-Service Portal, only. Facebook cannot be used to authenticate users to the administration user interface and it cannot be used for identity verification procedures. Most organizations that may want to leverage Facebook as a form of authentication is during the recruitment and subsequent application procedures.
Social Authentication Security
Fischer International Identity strongly suggests that organizations that decide to utilize Facebook as a primary authentication factor should also employ a secondary factor of authentication given the instability and lack of true identity proofing provided by third part social applications.
It is also important to understand that as an organization, you must create a Facebook Developer account before you are able to obtain the necessary integration keys required to successfully leverage Facebook as a form of authentication within Fischer. In order to obtain a developer account, an active Facebook profile must exist. An organization should not allow the administrator tasks with maintaining this developer account to use their own personal social identity, rather they should generate a new Facebook account used exclusively for the purposes of accessing Facebook's development resources. Fischer will not document or support the process required to obtain a Facebook developer account, however you must obtain one in order to continue.
Email Address is important!
While Facebook supports the use of the mobile phone number as the username, Fischer's current integration support requires the actual email address of the Facebook account. This means that users that are currently leveraging mobile phone for authentication would need to convert the email address value to a valid email address associated with the Facebook profile and not the mobile phone.
Fischer requires the following to be enabled within your Facebook application.
A "Live" Facebook App | |
In order to obtain the required key information to leverage Facebook for authentication within Fischer an organization must setup and activate a live Facebook application. | |
Client OAuth Login | |
This value must be set to "Yes" within your Facebook login settings | |
Web OAuth Login | |
This value must be set to "Yes" within your Facebook login settings | |
Valid OAuth Redirect URIs | |
This value must be the (secure) URL within the domain your Fischer Identity solution is running. For example https://identity.yourdomain.com/identtity/socialauth/<$uiroot> Note that internal URLs will not work!
During your installation, if internal netbios names were used to refer to your Identity server(s), Fischer will pull those values into the Facebook configuration by default. You will need to make sure you update this to your public-facing URL. Furthermore if you did not install using SSL, your default URL will be http:// when configuring Facebook authentication. You will need to change this to https:.... before it will work.
|
|
Privacy Policy URL | |
In order to "launch" your Facebook app (i.e. make it "Live") you must specify a public URL notating your organization's privacy policy | |
Terms of Service URL | |
In order to "launch" your Facebook app (i.e. make it "Live") you must specify a public URL notating your organization's Terms of Service. |