Merge pull request #115573 from jkdouglas/jodougla-exiddocuments

Jak-MS · web-flow · commit 7afec55468f4 · 2020-05-19T14:37:22.000-05:00
Update Facebook instructions to be more descriptive
diff --git a/articles/active-directory/b2b/facebook-federation.md b/articles/active-directory/b2b/facebook-federation.md
@@ -20,6 +20,8 @@ ms.collection: M365-identity-device-management
 # Add Facebook as an identity provider for External Identities
 
 You can add Facebook to your self-service sign-up user flows (Preview) so that users can sign in to your applications using their own Facebook accounts. To allow users to sign in using Facebook, you'll first need to [enable self-service sign-up](self-service-sign-up-user-flow.md) for your tenant. After you add Facebook as an identity provider, set up a user flow for the application and select Facebook as one of the sign-in options.
+> [!NOTE]
+> Users can only use their Facebook accounts to sign up through apps using self-service sign-up and user flows. Users cannot be invited and redeem their invitation using a Facebook account.
 
 ## Create an app in the Facebook developers console
 
@@ -51,7 +53,9 @@ To use a Facebook account as an [identity provider](identity-providers.md), you
 18. To make your Facebook application available to Azure AD, select the Status selector at the top right of the page and turn it **On** to make the Application public, and then select **Switch Mode**. At this point the Status should change from **Development** to **Live**.
 	
 ## Configure a Facebook account as an identity provider
+Now you'll set the Facebook client ID and client secret, either by entering it in the Azure AD portal or by using PowerShell. You can test your Facebook configuration by signing up via a user flow on an app enabled for self-service sign-up.
 
+### To configure Facebook federation in the Azure AD portal
 1. Sign in to the [Azure portal](https://portal.azure.com) as the global administrator of your Azure AD tenant.
 2. Under **Azure services**, select **Azure Active Directory**.
 3. In the left menu, select **External Identities**.
@@ -62,8 +66,39 @@ To use a Facebook account as an [identity provider](identity-providers.md), you
    ![Screenshot showing the Add social identity provider page](media/facebook-federation/add-social-identity-provider-page.png)
 
 7. Select **Save**.
+### To configure Facebook federation by using PowerShell
+1. Install the latest version of the Azure AD PowerShell for Graph module ([AzureADPreview](https://www.powershellgallery.com/packages/AzureADPreview)).
+2. Run the following command:
+   `Connect-AzureAD`.
+3. At the sign-in prompt, sign in with the managed Global Administrator account.  
+4. Run the following command: 
+   
+   `New-AzureADMSIdentityProvider -Type Facebook -Name Facebook -ClientId [Client ID] -ClientSecret [Client secret]`
+ 
+   > [!NOTE]
+   > Use the client ID and client secret from the app you created above in the Facebook developer console. For more information, see the [New-AzureADMSIdentityProvider](https://docs.microsoft.com/powershell/module/azuread/new-azureadmsidentityprovider?view=azureadps-2.0-preview) article. 
+
+## How do I remove Facebook federation?
+You can delete your Facebook federation setup. If you do so, any users who have signed up through user flows with their Facebook accounts will no longer be able to log in. 
+
+### To delete Facebook federation in the Azure AD portal: 
+1. Go to the [Azure portal](https://portal.azure.com). In the left pane, select **Azure Active Directory**. 
+2. Select **External Identities**.
+3. Select **All identity providers**.
+4. On the **Facebook** line, select the context menu (**...**) and then select **Delete**. 
+5. Select **Yes** to confirm deletion.
+
+### To delete Facebook federation by using PowerShell: 
+1. Install the latest version of the Azure AD PowerShell for Graph module ([AzureADPreview](https://www.powershellgallery.com/packages/AzureADPreview)).
+2. Run `Connect-AzureAD`.  
+4. In the sign-in prompt, sign in with the managed Global Administrator account.  
+5. Enter the following command:
+
+    `Remove-AzureADMSIdentityProvider -Id Facebook-OAUTH`
+
+   > [!NOTE]
+   > For more information, see [Remove-AzureADMSIdentityProvider](https://docs.microsoft.com/powershell/module/azuread/Remove-AzureADMSIdentityProvider?view=azureadps-2.0-preview). 
 
 ## Next steps
 
-- [Invite external users for collaboration](add-users-administrator.md)
 - [Add self-service sign-up to an app](self-service-sign-up-user-flow.md)
