Setting Up LinkedIn as a Social Identity Provider

Configuring LinkedIn as a social identity provider for IDM includes the following basic steps:

Setting Up a LinkedIn App

Before you start, you will need a LinkedIn account. You can use a personal LinkedIn account for testing, but you should ultimately use an organizational account to avoid problems if individuals leave your organization.

To set up a LinkedIn app:

  1. Log in to LinkedIn and navigate to LinkedIn Developers -> MyApps.

  2. Select Create app and enter the following information:

    • App name. Enter any unique name that is fewer than 50 characters.

    • Company. The company name that will be associated with this application.

    • Privacy policy URL. An optional URL that displays your company's Privacy Policy.

    • Business email. The business email address that is associated with this application.

    • App logo. The logo that is displayed to users when they authenticate with this app.

  3. Select the products that should be integrated into the app.

  4. Accept LinkedIn's legal terms.

  5. Select Verify to associate the app with your company, then follow the verification approval process.

  6. After you have approved the app, select it under My Apps, then select the Auth tab.

  7. Take note of the Client ID and Client Secret—you will need them in the next procedure.

  8. The app should have the following Permissions:

    • r_emailaddress

    • r_liteprofile

    • w_member_social

  9. Under OAuth 2.0 settings, select Add redirect URL and enter the FQDN and port number of your IDM instance. For example, http://openidm.example.com:8080/

Note

For LinkedIn's procedure, see their documentation on Authenticating with OAuth 2.0.

Configuring a LinkedIn Social Identity Provider

  1. To configure a LinkedIn social identity provider, log in to the Admin UI and navigate to Configure > Social ID Providers.

  2. Enable the LinkedIn social identity provider.

  3. Make sure that the Redirect URI on this screen matches the OAuth 2.0 Redirect URL that you entered in "Setting Up a LinkedIn App".

  4. Copy the Client ID and Client Secret that you obtained in "Setting Up a LinkedIn App".

  5. (Optional) Change any of the Advanced Options listed in "LinkedIn Social Identity Provider Configuration Details".

  6. Select Save.

When you enable a LinkedIn social identity provider, IDM generates the corresponding identityProvider-linkedIn.json file in your project's conf/ subdirectory.

When you review that file, you should see information beyond what you see in the Admin UI. The first part of the file includes the name of the provider, endpoints, as well as the clientId and encrypted clientSecret. 

{
    "provider" : "linkedIn",
    "authorizationEndpoint" : "https://www.linkedin.com/oauth/v2/authorization",
    "tokenEndpoint" : "https://www.linkedin.com/oauth/v2/accessToken",
    "userInfoEndpoint" : "https://api.linkedin.com/v2/me?projection=(id,firstName,lastName,profilePicture(displayImage~:playableStreams))",
    "emailAddressEndpoint" : "https://api.linkedin.com/v2/emailAddress?q=members&projection=(elements*(handle~))",
    "clientId" : "77l9udb8qmqihq",
    "clientSecret" : {
        "$crypto" : {
            "type" : "x-simple-encryption",
            "value" : {
                "cipher" : "AES/CBC/PKCS5Padding",
                "stableId" : "openidm-sym-default",
                "salt" : "2cmC36Ds++6xAtRhlvNOEw==",
                "data" : "TJ7VOHjJI0VWWedTKX4agviqc3H3Un5RDVAWyB2u64g=",
                "keySize" : 16,
                "purpose" : "idm.config.encryption",
                "iv" : "QbGAUSuOMrCh1i8F0fWGyA==",
                "mac" : "rUFVcSJ5+s+LZL6YFB3rFQ=="
            }
        }
    },
    "scope" : [
        "r_liteprofile",
        "r_emailaddress"
    ],
...

You should also see UI settings related to the social identity provider icon (badge) and the sign-in button, described in "Social Identity Provider Button and Badge Properties".

The file includes schema information, indicating the properties of each social identity account that will be collected by IDM, and the order in which these properties appear in the Admin UI. When you have registered a user with a LinkedIn social identity, you can verify these properties by selecting Manage > LinkedIn, then selecting the user.

Further down in the file, the propertyMap maps user information between the source (social identity provider) and the target (IDM).

For more information about the properties in this file, see "LinkedIn Social Identity Provider Configuration Details".

Configuring User Registration With LinkedIn

After you have configured the LinkedIn social identity provider, activate it by enabling User Registration:

  1. Select Configure > User Registration > Enable.

  2. On the Social tab, enable Social Registration. For more information about user self-service features, see "Self-Service End User UI".

Note

When you enable social registration, you are allowing users to register in IDM through all active social identity providers.

Read a different version of :