Versions Compared

Old Version 2

changes.mady.by.user Phillip Hanegan

Saved on

compared with

New Version Current

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The EmpowerID SSO framework allows you to configure LinkedIn as an identity provider (IdP) for the EmpowerID Web application. EmpowerID integrates with LinkedIn using the OAuth protocol to allow your users to log in to EmpowerID using their LinkedIn accounts.

InfoAs a prerequisite to creating an SSO Connection for

OAuth 2.0.

Note

Prerequisites:

Before configuring LinkedIn as an OAuth Identity Provider in EmpowerID, you need to meet the following conditions:

  • You must have a LinkedIn account

and register the EmpowerID web application for your organization under "My Applications" in the LinkedIn Developer Network. This creates a set of values known by the API Key and the API Secret (these values are generated by LinkedIn), as well as the OAuth 1.0 Accept Redirect URLs (this value is entered by you to tell LinkedIn where to post the assertion of a user's identity to the EmpowerID Assertion Consumer Service).

For specific directions on registering EmpowerID as an application in LinkedIn, see the information provided by LinkedIn at https://linkedin.com/secure/developer.

  • Create an application for EmpowerID in LinkedIn

note
Info

Once you have completed setting up an SSO connection for LinkedIn, you can create a link Once the IDP Connection has been set up for LinkedIn, you can create a link similar to the one below to allow users to login to EmpowerID using LinkedIn.

https://FQDN_OF_YOUR_EMPOWERID_SERVER/WebIdPForms/Login/Portal/LinkedIn?returnUrl=%2FWebIdPForms%2F

Be sure to replace "FQDN_OF_YOUR_EMPOWERID_SERVER" with the FQDN of the your EmpowerID Web server in your environment and "LinkedIn" with the name of the IDP connection you create for LinkedIn in EmpowerID.

Steps

To configure LinkedIn as an Identity Provider for EmpowerID, you will need to do the following:

  1. Create an application for EmpowerID in LinkedIn

  2. Configure the default LinkedIn OAuth Provider app

for LinkedIn in EmpowerID

Adding

  1. Add a Login

tile

Create an OAuth Provider app for LinkedIn in EmpowerID

  1. button to the Login page for LinkedIn

  • Testing the LinkedIn Connection

    1. Test the OAuth provider app

    Create an application for EmpowerID in LinkedIn

    To allow users to authenticate to EmpowerID using their LinkedIn credentials, you must register EmpowerID as an OAuth application in the LinkedIn developer console. See LinkedIn’s article at https://www.linkedin.com/developers/ for directions on how to do this. During the app creation process, LinkedIn will generate a Client ID and Client Secret for the application. You will use these when you create an OAuth Provider App for LinkedIn in EmpowerID.

    When creating an application for EmpowerID in LinkedIn, set the following:

    Setting

    Description

    App name

    Name of the application you are creating. This can be any value.

    LinkedIn Page

    Search for and select EmpowerID.

    App logo

    Upload a logo to represent the EmpowerID application.

    Authorized redirect URLs for your app

    https://YOUR_EMPOWERID_SERVER/WebIdPForms/oauth/v2

    Configure the default LinkedIn OAuth Provider app

    1. On the navbar, expand Single Sign-On > SSO Connections and click OAuth / OpenID Connect.

    2. Select the External OAuth Services tab and then search for LinkedIn.

    3. Click the Provider link for LinkedIn.

      Image RemovedImage Added

    4. Click the Edit icon button for the default LinkedIn OAuth provider app.

      Image Removed

    5. Enter the Consumer Key and Consumer Secret you received from LinkedIn in the Consumer Key and Consumer Secret fields, respectively.

    6. Select the LinkedIn account store from the Select existing Account Directory drop-down field.

    7. Enter the Callback URL for your environment in the Callback Url field. The URL should similar to the below URL where sso.empoweriam.com is the URL to your EmpowerID server.
      https://sso.empoweriam.com/WebIdPForms/OAuth/V2

    8. Click Save.

    Add a Login Tile
    1. Image Added

    2. Under General Settings, fill in the following information and then click Save.

    Field

    Description

    Consumer Key

    Consumer Key generated by LinkedIn for the app

    Consumer Secret

    Consumer Secret generated by LinkedIn for the app

    Is Identity Provider

    Select this option to flag the OAuth provider as an Identity Provider app.

    Select existing Account Directory

    Select LinkedIn to place authenticated users in the selected account store.

    Callback Url

    This is the URI that LinkedIn redirects users after they have authenticated with LinkedIn. The URL should look like the following: https://YOUR_EMPOWERID_SERVER/WebIdPForms/oauth/v2, where YOUR_EMPOWERID_SERVER is the FQN of your EmpowerID Web server.

    Add a Login Button for LinkedIn

    1. On the navbar, expand Single Sign-On > SSO Connections and click SSO Connections.

    2. Select the IdP Domains tab and then click the IdP Domains link for the IdP Domain where you want the Login tile to appear.

      Image RemovedImage Added

    3. Select the External OAuth Providers tab and then select the LinkedIn provider.

      Image RemovedImage Added

    4. Click Save.

    Note

    To give users the ability to log in using their EmpowerID credentials, be sure to select EmpowerID from the SAML Identity Providers tab of the IdP Domain Details page.

    Test the

    LinkedIn

    OAuth Provider App

    1. Log out of the EmpowerID Web interface and navigate your browser to the domain name you configured for the LinkedIn IdP connection.

    2. Click the Login Using LinkedIn tile.

    3. Log in to LinkedIn as you normally would.

    4. Go through the reCAPTCHA test.

    5. Click Allow to authorize EmpowerID to retrieve the necessary information to link the LinkedIn account to your EmpowerID identity (Person object).


      You should be authenticated to EmpowerID.

    Div
    stylefloat: left; position: fixed;

    IN THIS ARTICLE

    Table of Contents
    minLevel2
    maxLevel4
    stylenone

    Insert excerpt
    IL:External Stylesheet - Test
    IL:External Stylesheet - Test
    nopaneltrue