Set up sign-up and sign-in with a LinkedIn account using Azure Active Directory B2C
Create a LinkedIn application
To use a LinkedIn account as an identity provider in Azure Active Directory B2C (Azure AD B2C), you need to create an application in your tenant that represents it. If you don't already have a LinkedIn account, you can sign up at https://www.linkedin.com/.
- Sign in to the LinkedIn Developers website with your LinkedIn account credentials.
- Select My Apps, and then click Create app.
- Select the Auth tab. Under Authentication Keys, copy the values for Client ID and Client Secret. You'll need both of them to configure LinkedIn as an identity provider in your tenant. Client Secret is an important security credential.
- Select the edit pencil next to Authorized redirect URLs for your app, and then select Add redirect URL. Enter
your-tenant-namewith the name of your tenant. You need to use all lowercase letters when entering your tenant name even if the tenant is defined with uppercase letters in Azure AD B2C. Select Update.
- By default, your LinkedIn app isn't approved for scopes related to sign in. To request a review, select the Products tab, and then select Sign In with LinkedIn. When the review is complete, the required scopes will be added to your application.
You can view the scopes that are currently allowed for your app on the Auth tab in the OAuth 2.0 scopes section.
Configure a LinkedIn account as an identity provider
- Sign in to the Azure portal as the global administrator of your Azure AD B2C tenant.
- Make sure you're using the directory that contains your Azure AD B2C tenant by selecting the Directory + subscription filter in the top menu and choosing the directory that contains your tenant.
- Choose All services in the top-left corner of the Azure portal, search for and select Azure AD B2C.
- Select Identity providers, then select LinkedIn.
- Enter a Name. For example, LinkedIn.
- For the Client ID, enter the Client ID of the LinkedIn application that you created earlier.
- For the Client secret, enter the Client Secret that you recorded.
- Select Save.
Migration from v1.0 to v2.0
LinkedIn recently updated their APIs from v1.0 to v2.0. As part of the migration, Azure AD B2C is only able to obtain the full name of the LinkedIn user during the sign-up. If an email address is one of the attributes that is collected during sign-up, the user must manually enter the email address and validate it.