With the LinkedIn Login Integration Kit, PingFederate includes the LinkedIn authentication API in the sign-on flow.
The following figure illustrates a single sign-on (SSO) scenario in which PingFederate authenticates users to an SP application using the LinkedIn IdP Adapter.
- The user opens a web application and chooses the LinkedIn sign-on option.
- The sign-on link points to the LinkedIn IdP Adapter, which redirects the browser...
- ..to LinkedIn with a list of requested permissions. On LinkedIn, the user authenticates their identity and then authorizes the requested permissions.
- LinkedIn redirects the browser...
- ...to the LinkedIn IdP Adapter authorization callback endpoint with an
If the user fails to authenticate or does not authorize the request, the response includes an error code instead.
- PingFederate sends LinkedIn the authorization code.
- LinkedIn returns an access token.
- PingFederate sends LinkedIn a request for user attributes, and presents the access token.
- LinkedIn verifies the access token, and provides the user information.
- PingFederate redirects the user to the web application with the user attributes.