Okta

How to Configure SAML 2.0 for LinkedIn Learning

Contents

Supported Features

The Okta/LinkedIn Learning SAML integration currently supports the following features:

Configuration Steps

  1. Sign in to your LinkedIn Learning account as an administrator.

  2. Click Go to Admin:

    linkedinlearning1.png

  3. Navigate to SETTINGS > Global Settings:

    linkedinlearning2.png

  4. Expand the Single Sign-On (SSO) section, then click Download. This downloads the metadata you need to input into Okta:

    linkedinlearning3.png

  5. Open the metadata you just downloaded in an editor, then locate the following parameters:

    • entityID: Copy and save the value.

    • Location: Copy and save the value.

    linkedinlearning4.png

  6. Go back to the Global Settings tab, then do the following:

    • Save the following metadata file:

      Sign into the Okta Admin dashboard to generate this value.

    • Configure the LinkedIn service provider SSO settings: Click Upload XML file, then locate and upload the metadata file you just saved.

    • Click Edit.

    linkedinlearning5.png

  7. All configuration fields should now be filled except the SAML Subject identity attribute name. Click Save SSO configuration:

    linkedinlearning6.png

  8. Click Activate SSO Connection:

    linkedinlearning7.png

  9. OPTIONAL: If you want to enable JIT (Just In Time) Provisioning, switch Automatically assign licenses on:

    linkedinlearning8.png

  10. In Okta, select the General tab for the LinkedIn Learning SAML app, then click Edit.

    • Paste the Entity ID value you saved step 5 into the corresponding field.

    • Paste the Location value you saved step 5 into the corresponding field.

    • Click Save.

    linkedinlearning9.png

  11. In Okta, select the Sign On tab for the LinkedIn Learning SAML app and ensure that the Application username format is set to Okta username:

    linkedinlearning10.png

  12. Done!

LinkedIn Learning Login Process

LinkedIn Learning utilizes a function called Profile Binding that allows a user to associate their LinkedIn Learning login with their personal LinkedIn profile. If this function is enabled for your account you may encounter a LinkedIn login page after successful SSO authentication:

linkedinlearning11.png

This login page requests that a user authenticates into LinkedIn with their personal LinkedIn profile, these credentials have no association with a user’s corporate SSO.

For more details about account binding see LinkedIn's Privacy and Security Whitepaper (under Account Binding, page 8).

After a user’s authentication into their LinkedIn profile they will be asked to accept the account association:

linkedinlearning12.png

After which they will be granted access to the application.

Notes

The following SAML attributes are supported:

SP-initiated SSO

Use your Location URL, but in the URL change saml to login.

For example:

https://www.linkedin.com/checkpoint/enterprise/login/1234?application=learning&appInstanceId=11223344