Facebook Login

FAQs

Updated: Mar 3, 2026

Q: What are managed Meta accounts?

A: Managed Meta accounts are an account type for business tools across Meta. Organizations are able to manage these accounts with administrative features including single sign-on (SSO) support, automated account provisioning and more. With managed Meta accounts, individuals can access business tools across Meta (that is, Meta Business Suite), with their work credentials, separating login from their personal Facebook account.

Q: Which tools can be accessed with managed Meta accounts? Is there a limit to the number of tools that can be used?

A: We plan on making managed Meta accounts available as an option to access business tools across Meta, such as Meta Business Suite and Ads Manager.

Q: Are managed Meta accounts managed at the business/organization-level or at the individual user-level?

A: Migration to managed Meta accounts will be at the business or organization-level. As part of an organization migrating to managed Meta accounts, an admin will grant access to their employees to access business tools across Meta using their work credentials (for example, work email address). The employee will then need to claim their managed Meta account as part of the setup process. Organizations will be able to manage employees’ Meta accounts centrally, with administrative features such as single sign-on, automated account provisioning and two-factor authentication.

Q: Are managed Meta accounts available for any business and Tech Providers to use?

A: Once we make managed Meta accounts generally available, any eligible business and Tech Providers interested in accessing business tools across Meta with a separate login will be able to do so at no additional cost. Eligibility includes requirements such as having client resourcing to support the migration and the technical know-how and tools in place, such as the ability to set up single-sign on and/or to provision managed Meta accounts via an identity provider. We'll share more information on general availability timelines as it becomes available.

Q: What is the user experience when re-integrating with 3P Tech Provider apps?

A: Meta is delaying the potential disruption by offering a 30-day grace period, where the User/Page Access Token backed by a Facebook user still has access to the business assets via third-party APIs. During the 30-day grace period, the user needs to reauthenticate on a third-party Tech Provider’s surface and create a new access token for the Tech Provider to store. By “reauthenticate”, the user has to authenticate with their MWA identity, reselect the same set of business assets, and pass back business permissions to the Tech Provider in the form of a new access token. If that 30-day grace period passes and the user has not authenticated or is still using their personal Facebook account, the API call will start failing.
Meta has a persistent 30-day banner in Meta Business Suite that counts down and shows all the third-party apps that the user needs to re-authenticate with their managed Meta accounts. If a third-party app is only using a System User Access Token (SUAT), it will not show up in the section since migration doesn't impact system users.

Q: Do Tech Providers need to take their users through the regular Facebook Login or Facebook Login for Business?

A: Both regular Facebook Login and Facebook Login for Business will support managed Meta accounts. The end users who decide to migrate to managed Meta accounts should be able to go through any existing web login integrations on the third-party developers’ surfaces. If end users encounter blockers throughout the flow, they’ll be able to leverage “Help Center” at the end of their managed Meta account onboarding flow to reach their Tech Providers for support. Tech Providers can still send to Meta 1) URL to help center and 2) a generic support email address to be included in the “Help Center” for their end users.

Q: Will the managed Meta accounts login flow be the same to request an access token?

A: Yes, the login flow will be the same to request an access token regardless if the user is authenticating with their Facebook account or their managed Meta account.

Q: Will a Tech Provider need to ask for any new permissions to support managed Meta accounts?

A: No, a Tech Provider will not need to ask for any new permissions or implement changes to support managed Meta accounts. Essentially, users can choose to adopt having a managed Meta account, and may wish to authenticate with a third-party app using this managed Meta account rather than their previously used Facebook account. The transition to choose which account to connect with will primarily be user driven.

Q: What can Tech Provider partners do to support end user migration?

A: If your app is accessing clients’ business assets using System user access tokens or partner sharing, your third-party integration should not be impacted. If your app is using User access tokens (or Page access token generated from User access tokens), your app’s permissions and access to business assets granted by personal Facebook accounts will not automatically transition to the new managed Meta accounts. Users will be required to regrant permissions to those business assets using their new managed Meta accounts to preserve your apps' access to those assets.
To minimize potential disruptions to your API calls, it is recommended your app provides the following:
1. Ability to proactively reauthorize an asset (e.g. page, ad account) before token invalidation. This can be done by periodically checking the user_access_expire_time field of each asset and prompting the user to reauthorize if a timestamp is returned.
2. Ability for users to bulk reauthorize assets for disconnected or soon-to-be disconnected assets. This can be done by providing a "Reconnect" or "Replace Expired Tokens" button in your application that allows users to reconnect all their business assets at once instead of one by one. The button should trigger an API call to your server with a list of business asset IDs and a new access token as parameters. Your server can then use the new access token for each of the business assets in the list and store them securely in your application's database or storage.

Q: If a user has granted a Tech Provider's app access to certain assets and they re-authenticate during the grace period, will the third-party app retain access to all of those assets (within the context of a specific business portfolio)?

A: Once a user logs in to a Tech Provider’s app with a managed Meta account via Facebook Login, they will need to re-select the assets from scratch. Once done, the third-party app will retain access to all of those assets, but only through the user access token associated with the user’s managed Meta account.

Q: Are there step-by-step CTAs that are required to be performed by Tech providers?

A: We cannot provide a definitive step-by-step end user experience because each 3P app and surface has different user flows / onboarding / access control, which results in a unique 3P installation experience.

Q: Are there any known issues preventing a user from re-authenticating with a Tech Provider’s app using managed Meta accounts

A: We don’t support mobile Facebook Login with these account identities on third-party surfaces yet, so we recommend users authenticate accounts via web surfaces to avoid disruptions.

Q: What does a typical end user reintegration with a Tech Provider’s app look like?

A: When a user starts reintegrating with a Tech Provider’s app using their accounts:
  1. The User Access Tokens associated with their Facebook accounts will continue to be active for a 30-day grace period
  2. During that time, that user will need to log into the App via web surfaces and re-grant permissions to business assets using their accounts
  3. the user will need to do that for each App they use
  4. the user will need to do that for each business portfolio they are part of
  5. it is possible that a user may be logged into one business portfolio using their personal account and a different business portfolio using their managed Meta account
  6. The users will then be able to use the App with their managed Meta accounts; User Access Tokens associated with the Meta accounts are generated for Tech Providers to make API calls
  7. After 30 days, the original User Access Tokens associated with their Facebook accounts will lose access to the migrated business assets; the user can still re-authenticate at any time using their managed Meta account to complete reintegration.
Note that users are migrated at business level, that is, a user with access to multiple business portfolios will have multiple grace periods if they choose to not complete all their migrations at the same time. They need to finish migration for each business respectively.

Q: If a Tech Provider uses a System User Access Token as opposed to a User Access Token, will those connections be impacted by this rollout?

A: No, System User access tokens will not be impacted by this rollout. Only User Access Tokens belonging to the Facebook users that are migrating to managed Meta accounts will be impacted, due to loss of access to business assets.

Q: Would managed Meta accounts reintegration with a Tech Provider’s app affect the app status?

A: No. It won’t trigger additional app reviews or access verifications; nor lift any existing enforcements on the app.

Q: Will existing Facebook integrations within Tech Providers’ product need to be reconnected/unauthorized after this change?

A: No, existing Facebook integrations will not expire or be deactivated. Apps will still continue to be able to use these Facebook-backed User Access Tokens. However, since the user might transfer some business assets away from their Facebook profile to their new managed Meta account, API calls that depend on the Facebook account having access to specific assets may start failing due to loss of permitted access.

Q: Could a Tech Provider have an account in pilot for testing?

A: Yes. A managed Meta account sandbox self-testing tool will be accessible to Tech Provider partners via Dev Alert in Q2 ‘23.

Q: Will the managed Meta accounts need to be admins on the clients pages in order to manage their listings and authenticate via Oauth?

A: Yes, the managed Meta accounts will need to be admins on the client pages and re-authenticate via Oauth. When a user migrates their business from their personal account to their managed Meta account, the admin permissions are transferred to the managed Meta account automatically; and existing accounts will not have access to those pages after the 30-day transition window is over.

Q: How would migrating to MWA impact Meta Business Extension (MBE) integrations?

A: When migrating to MWA, MBE integrations may also be affected. Third-party partners who have implemented MBE are guided during implementation to call the API to exchange personal User Access Token for the business portfolio’s System User Access Token. If a 3P partner follows this guidance, then businesses using their app for MBE will NOT have their MBE integrations affected when they migrate to MWA. However, MBE integrations will break for apps that do not follow the guidance and instead continue to use personal User Access Tokens. Meta still encourages businesses who migrate to MWA to reintegrate with MBE, regardless of whether the integration will break.
Did you find this page helpful?
Thumbs up icon
Thumbs down icon