Adding an identity provider - LinkedIn
Adding LinkedIn as an external identity provider (IdP) gives your users the option to sign in with LinkedIn when accessing your application.
Before you begin
Ensure that the application is added to PingOne.
Set the Grant Type for the application to Implicit. |
Learn more in Adding an application.
Registering the application with LinkedIn
LinkedIn will generate an app ID and app secret for your application. You’ll need these values to connect the application to PingOne.
Steps
-
Go to the LinkedIn Developers page at https://developer.linkedin.com.
-
Create an application, following the instructions at https://www.linkedin.com/developers/apps.
-
Enter the following information:
-
App name: A unique name for the application. Must be fewer than 50 characters.
-
Company: The company to be associated with your application.
-
App logo: The logo that users will see when they authenticate with your application.
-
-
Click Create app.
-
On the Auth page, copy the client ID and client secret to a secure location.
You can always access the client ID and client secret later from the Auth page.
-
In the OAuth 2.0 Settings section, you’ll see a field for Redirect URLs, which is the path in your application that users are redirected to after they have authenticated with LinkedIn. Leave this value blank for now.
Next steps
For more information, see https://www.linkedin.com/developers/apps.
Adding LinkedIn as an identity provider in PingOne
Configure the identity provider connection in PingOne.
Before you begin
Ensure that registration is enabled in the authentication policy. See Editing an authentication policy.
You should have the following information ready:
-
Client ID
-
Client secret
Steps
-
In PingOne, go to Integrations → External IdPs.
-
Click Add Provider.
-
Click LinkedIn.
-
On the Create Profile page, enter the following information:
-
Name: A unique identifier for the identity provider.
-
Description: (Optional). A brief description of the identity provider.
You cannot change the icon and login button, in accordance with the provider’s brand standards.
-
-
Click Next.
-
On the Configure Connection page, enter the following information:
-
Client ID: The client ID that you copied earlier from the IdP. You can find this information on the Auth page on the LinkedIn Developers site.
-
Client secret: The application secret that you copied earlier from the IdP. You can find this information on the Auth page on the LinkedIn Developers site.
-
-
Click Save and Continue.
-
On the Map Attributes page, define how the PingOne user attributes are mapped to identity provider attributes.
For more information, see Mapping attributes.
-
Enter the PingOne user profile attribute and the external IdP attribute. For more information about attribute syntax, see Identity provider attributes.
-
To add an attribute, click Add attribute.
-
To use the expression builder, click Build and test or Advanced Expression. See Using the expression builder.
-
Select the update condition, which determines how PingOne updates its user directory with the values from the identity provider. The options are:
-
Empty only: Update the PingOne attribute only if the existing attribute is empty.
-
Always: Always update the PingOne directory attribute.
-
-
-
Click Save and Close.
Adding the callback URL to the LinkedIn Developer page
Copy the callback URL and paste it in the LinkedIn Developers page.
Steps
-
In PingOne, go to Integrations → External IdPs.
-
Locate the appropriate identity provider (IdP) and then click the details icon to expand the identity provider.
-
Click the Connection tab.
-
Copy the callback URL and paste it to a secure location.
-
Go to the LinkedIn Developers page at https://developer.linkedin.com.
-
In the My Apps list at the top of the page, select the appropriate application.
-
Click the Auth tab.
-
In the OAuth 2.0 Settings section, click the Pencil icon.
-
Click Add redirect URL.
-
Paste the value that you copied from the PingOne console earlier.
Next steps
-
Enable the external IdP. See Enabling or disabling an identity provider.
-
Add the IdP to your authentication policy. See Editing an authentication policy.
-
Add the authentication policy to your application. See Applications.