LinkedIn social identity provider
Social authentication is deprecated and will be removed in a future release of IDM. For more information, refer to Deprecation. |
Microsoft has deprecated the "Sign In with LinkedIn" functionality as of August 1, 2023. Refer to Sign In with LinkedIn. |
Set up a LinkedIn app
Before you start, you will need a LinkedIn account. You can use a personal LinkedIn account for testing, but you should use an organizational account to avoid problems if individuals leave your organization.
To set up a LinkedIn app:
-
Log in to LinkedIn, and navigate to LinkedIn Developers → MyApps.
-
Select Create app, and enter the following information:
-
App name—Any unique name fewer than 50 characters.
-
Company—The company name associated with this application.
-
Privacy policy URL—An optional URL that displays a privacy policy.
-
Business email—The business email address that is associated with this application.
-
App logo—The logo that is displayed to users when they authenticate with this app.
-
-
Select the products that should be integrated into the app.
-
Accept LinkedIn’s legal terms.
-
Select Verify to associate the app with your company, then follow the verification approval process.
-
After you have approved the app, select it under My Apps, then select the Auth tab.
-
Take note of the
Client ID
andClient Secret
—you will need them in the next procedure. -
The app should have the following Permissions:
-
r_emailaddress
-
r_liteprofile
-
w_member_social
-
-
Under OAuth 2.0 settings, select Add redirect URL and enter the FQDN and port number of your IDM instance. For example,
http://openidm.example.com:8080/
For LinkedIn’s procedure, refer to their documentation on Authenticating with OAuth 2.0. |
Configure a LinkedIn social identity provider
To configure a LinkedIn social identity provider using the admin UI:
-
From the navigation bar, click Configure > Social ID Providers.
-
On the Social Identity Providers page, enable LinkedIn.
-
In the LinkedIn Provider window, enter applicable values in the fields, and click Save. For a complete list of fields, refer to LinkedIn Social Identity Provider Configuration Details.
After you save the social identity provider configuration, IDM generates a conf/identityProvider-linkedIn.json
file:
{
"provider" : "linkedIn",
"authorizationEndpoint" : "https://www.linkedin.com/oauth/v2/authorization",
"tokenEndpoint" : "https://www.linkedin.com/oauth/v2/accessToken",
"userInfoEndpoint" : "https://api.linkedin.com/v2/me?projection=(id,firstName,lastName,profilePicture(displayImage~:playableStreams))",
"emailAddressEndpoint" : "https://api.linkedin.com/v2/emailAddress?q=members&projection=(elements*(handle~))",
"clientId" : "77l9udb8qmqihq",
"clientSecret" : {
"$crypto" : {
"type" : "x-simple-encryption",
"value" : {
"cipher" : "AES/CBC/PKCS5Padding",
"stableId" : "openidm-sym-default",
"salt" : "2cmC36Ds++6xAtRhlvNOEw==",
"data" : "TJ7VOHjJI0VWWedTKX4agviqc3H3Un5RDVAWyB2u64g=",
"keySize" : 16,
"purpose" : "idm.config.encryption",
"iv" : "QbGAUSuOMrCh1i8F0fWGyA==",
"mac" : "rUFVcSJ5+s+LZL6YFB3rFQ=="
}
}
},
"scope" : [
"r_liteprofile",
"r_emailaddress"
],
...
The file includes schema
information, indicating the properties of each social identity account that will be collected by IDM, and the order in which these properties appear in the admin UI. When you have registered a user with a LinkedIn social identity, you can verify these properties by selecting Manage > LinkedIn, then selecting the user.
Further down in the file, the propertyMap
maps user information between the source
(social identity provider) and the target
(IDM).
For more information about the properties in this file, refer to LinkedIn Social Identity Provider Configuration Details.
Configure user registration with LinkedIn
To configure LinkedIn social user registration using the admin UI:
-
From the navigation bar, click Configure > User Registration, and click the Social tab.
-
Enable Social Registration.
For more information, refer to Self-service end user UI.
When you enable social registration, you are allowing users to register in IDM through all active social identity providers. |
LinkedIn social identity provider configuration details
You can set up the LinkedIn social identity provider through the admin UI or in a conf/identityProvider-linkedIn.json
file. IDM generates the identityProvider-linkedIn.json
file when you configure and enable this social identity provider in the admin UI. Alternatively, you can create the file manually.
The following table includes the information shown in the admin UI LinkedIn Provider pop-up window, along with associated information in the identityProvider-linkedIn.json
file:
Property (UI) | Property (JSON file) | Description |
---|---|---|
Client ID |
|
The client identifier for your LinkedIn Application |
Client Secret |
|
Used with the Client ID to access the applicable LinkedIn API |
Scope |
|
An array of strings that allows access to user data; refer to LinkedIn’s documentation on Lite Profile Fields. |
Authorization Endpoint |
|
As per RFC 6749, "used to interact with the resource owner and obtain an authorization grant". For LinkedIn’s implementation, refer to their documentation on Authenticating with OAuth 2.0. |
Token Endpoint |
|
Endpoint that receives a one-time authorization code, and returns an access token. For LinkedIn’s implementation, refer to their documentation on Authenticating with OAuth 2.0. |
User Info Endpoint |
|
Endpoint that transmits scope-related fields through LinkedIn’s API. |
Email Address Endpoint |
|
API that must be called to retrieve the email address of the user. |
Well-Known Endpoint |
|
Not used for LinkedIn |
Not in the admin UI |
|
Name of the social identity provider |
Not in the admin UI |
|
Authentication module |
Not in the admin UI |
|
Authentication identifier, as returned from the User Info Endpoint for each social identity provider |
Not in the admin UI |
|
Mapping between LinkedIn and IDM |
For information on social identity provider buttons and badges, refer to Social identity provider button and badge properties.