The Okta/LinkedIn Learning SAML integration currently supports the following features:
Sign in to your LinkedIn Learning account as an administrator.
Click Go to Admin:
Navigate to SETTINGS > Global Settings:
Expand the Single Sign-On (SSO) section, then click Download. This downloads the metadata you need to input into Okta:
Open the metadata you just downloaded in an editor, then locate the following parameters:
entityID: Copy and save the value.
Location: Copy and save the value.
Go back to the Global Settings tab, then do the following:
Save the following metadata file:
Sign into the Okta Admin dashboard to generate this value.
Configure the LinkedIn service provider SSO settings: Click Upload XML file, then locate and upload the metadata file you just saved.
Click Edit.
All configuration fields should now be filled except the SAML Subject identity attribute name. Click Save SSO configuration:
Click Activate SSO Connection:
OPTIONAL: If you want to enable JIT (Just In Time) Provisioning, switch Automatically assign licenses on:
In Okta, select the General tab for the LinkedIn Learning SAML app, then click Edit.
Paste the Entity ID value you saved step 5 into the corresponding field.
Paste the Location value you saved step 5 into the corresponding field.
Click Save.
In Okta, select the Sign On tab for the LinkedIn Learning SAML app and ensure that the Application username format is set to Okta username:
Done!
LinkedIn Learning utilizes a function called Profile Binding that allows a user to associate their LinkedIn Learning login with their personal LinkedIn profile. If this function is enabled for your account you may encounter a LinkedIn login page after successful SSO authentication:
This login page requests that a user authenticates into LinkedIn with their personal LinkedIn profile, these credentials have no association with a user’s corporate SSO.
For more details about account binding see LinkedIn's Privacy and Security Whitepaper (under Account Binding, page 8).
After a user’s authentication into their LinkedIn profile they will be asked to accept the account association:
After which they will be granted access to the application.
The following SAML attributes are supported:
Name | Value |
---|---|
user.email | |
firstname | user.firstName |
lastname | user.lastName |
Use your Location URL, but in the URL change saml to login.
For example:
https://www.linkedin.com/checkpoint/enterprise/login/1234?application=learning&appInstanceId=11223344