This article describes how to configure Identity Cloud to use LinkedIn as a social provider for authentication and/or registration. Identity Cloud provides a standards-based solution for LinkedIn social sign-on based on OIDC standards. Once configured, users can log in to applications protected by Identity Cloud using their LinkedIn credentials.
ForgeRock assumes no responsibility for errors or omissions in the third-party software or documentation.
Create a LinkedIn app
- Go to the LinkedIn Developer portal.
Create an app, completing (at least) the
- App name: Enter any unique name for the app.
- LinkedIn page: Enter the LinkedIn company page URL that will be associated with this app.
- App logo: Upload the logo that is displayed to users when they authenticate with this app.
- Accept LinkedIn's legal terms and click Create app.
- Follow the verification approval process to associate the app with the LinkedIn page.
Configure OAuth 2.0 authentication for your LinkedIn app
- Navigate to the app's Auth page and make a note of the Client ID and Client Secret. You'll need this information when you configure the LinkedIn social identity provider in Identity Cloud.
- Under OAuth 2.0 settings, add the redirect URL for your app. This is the path that users are redirected
to after they have authenticated with LinkedIn, for example,
- Click Update.
- On the Products page, select Sign In with LinkedIn.
When you configure the Social Identity Provider in Identity Cloud, the
r_emailaddress OAuth 2.0 scopes are added by default. Refer to the LinkedIn
documentation for further information on athenticating
with OAuth 2.0.
- In the Identity Cloud Admin UI, navigate to Native Consoles > Access Management > Services > Social Identity Provider Service.
- Choose Secondary Configurations, click Add a Secondary Configuration, and select
Client configuration for LinkedIn.
- Complete the following configuration:
- Name: Enter a name for the social identity provider, for example, LinkedIn.
- Client ID: Enter the Client ID of your LinkedIn app.
Redirect URL: Enter the URL to go to once access has been granted. This must
match the Valid OAuth Redirect URIs you configured in your LinkedIn app, for example,
- Scope Delimiter: Enter the scope delimiter, which is usually an empty space.
- Click Create.
The full configuration for the new LinkedIn social identity provider is displayed.
- Enter the Client Secret for your LinkedIn app in the Client Secret field.
- Check the rest of the default settings are correct. In particular, check the following fields:
- Enabled: Ensure the configuration is enabled.
Transform Script: Ensure that
LinkedIn Profile Normalizationis entered. This script transforms LinkedIn credential data into a normalized form.
- Click Save Changes.
You can create custom end user journeys for social registration and sign in. These journeys will include all your enabled social identity providers, so you won't need to create different journeys for different providers.
See How do I create end user journeys for social registration and login in Identity Cloud? for information on how to create end user journeys for SSO with social providers.
- In the Identity Cloud Admin UI, navigate to Journeys.
- Click the journey that you want to test.
- Copy the Preview URL.
- Paste the preview URL into a browser using Incognito or Browsing mode.
- Follow the sign in and/or registration steps to test your journey.
For example, if LinkedIn is configured as a social identity provider for social login, end users are asked if they want to authenticate with Linkedin, similar to the screenshot below.