The following figure illustrates a single sign-on (SSO) scenario in which PingFederate authenticates users to an SP application using the LinkedIn IdP Adapter.


  1. The user opens a web application and chooses the LinkedIn sign-on option.
  2. The sign-on link points to the LinkedIn IdP Adapter, which redirects the browser...
  3. LinkedIn with a list of requested permissions. On LinkedIn, the user authenticates their identity and then authorizes the requested permissions.
  4. LinkedIn redirects the browser...
  5. the LinkedIn IdP Adapter authorization callback endpoint with an authorization code.

    If the user fails to authenticate or does not authorize the request, the response includes an error code instead.

  6. PingFederate sends LinkedIn the authorization code.
  7. LinkedIn returns an access token.
  8. PingFederate sends LinkedIn a request for user attributes, and presents the access token.
  9. LinkedIn verifies the access token, and provides the user information.
  10. PingFederate redirects the user to the web application with the user attributes.