LinkedIn Identity Provider Connection
- Phillip Hanegan
The EmpowerID SSO framework allows you to configure LinkedIn as an identity provider (IdP) for EmpowerID. EmpowerID integrates with LinkedIn using OAuth 2.0.
Prerequisites:
Before configuring LinkedIn as an OAuth Identity Provider in EmpowerID, you need to meet the following conditions:
You must have a LinkedIn account
Create an application for EmpowerID in LinkedIn
Once you have completed setting up an SSO connection for LinkedIn, you can create a link Once the IDP Connection has been set up for LinkedIn, you can create a link similar to the one below to allow users to login to EmpowerID using LinkedIn.
https://FQDN_OF_YOUR_EMPOWERID_SERVER/WebIdPForms/Login/Portal/LinkedIn?returnUrl=%2FWebIdPForms%2F
Be sure to replace FQDN_OF_YOUR_EMPOWERID_SERVER with the FQDN of your EmpowerID server and LinkedIn with the name of the IDP connection you create for LinkedIn in EmpowerID.
Steps
To configure LinkedIn as an Identity Provider for EmpowerID, you need to do the following:
Create an application for EmpowerID in LinkedIn
To allow users to authenticate to EmpowerID using their LinkedIn credentials, you must register EmpowerID as an OAuth application in the LinkedIn developer console. See LinkedIn’s article at https://www.linkedin.com/developers/ for directions on how to do this. During the app creation process, LinkedIn will generate a Client ID and Client Secret for the application. You will use these when you create an OAuth Provider App for LinkedIn in EmpowerID.
When creating an application for EmpowerID in LinkedIn, set the following:
Setting | Description |
|---|---|
App name | Name of the application you are creating. This can be any value. |
LinkedIn Page | Search for and select EmpowerID. |
App logo | Upload a logo to represent the EmpowerID application. |
Authorized redirect URLs for your app |
|
Â
Configure the default LinkedIn OAuth Provider app
On the navbar, expand Single Sign-On > SSO Connections and click OAuth / OpenID Connect.
Select the External OAuth Services tab and then search for LinkedIn.
Click the Provider link for LinkedIn.
Â
Click the Edit button for the default LinkedIn OAuth provider app.
Â
Under General Settings, fill in the following information and then click Save.
Field | Description |
|---|---|
Consumer Key | Consumer Key generated by LinkedIn for the app |
Consumer Secret | Consumer Secret generated by LinkedIn for the app |
Is Identity Provider | Select this option to flag the OAuth provider as an Identity Provider app. |
Select existing Account Directory | Select LinkedIn to place authenticated users in the selected account store. |
Callback Url | This is the URI that LinkedIn redirects users after they have authenticated with LinkedIn. The URL should look like the following: |
Â
Add a Login Button for LinkedIn
On the navbar, expand Single Sign-On > SSO Connections and click SSO Components.
Select the IdP Domains tab and then click the IdP Domains link for the IdP Domain where you want the Login tile to appear.
Â
On the IdP Domain Details view, select the External OAuth Providers tab and then select the LinkedIn provider.
Â
Click Save.
To give users the ability to log in using their EmpowerID credentials, be sure to select EmpowerID from the SAML Identity Providers tab of the IdP Domain Details page.
Test the OAuth Provider App
Log out of the EmpowerID Web interface and navigate your browser to the domain name you configured for the LinkedIn IdP connection.
Click the Login Using LinkedIn tile.
Log in to LinkedIn as you normally would.
Go through the reCAPTCHA test.
Click Allow to authorize EmpowerID to retrieve the necessary information to link the LinkedIn account to your EmpowerID identity (Person object).
You should be authenticated to EmpowerID.
IN THIS ARTICLE