Tutorial: Configure Automated User Management for LinkedIn Learning via Okta SCIM
Overview
This tutorial describes the steps you need to perform in both LinkedIn Learning and Okta to configure automatic user provisioning. When configured, Okta automatically provisions and de-provisions users and groups to LinkedIn Learning using SCIM provisioning.
For additional details on what this service does, see Okta – Understanding SCIM.
Capabilities Supported
- Create user profiles and assign licenses in LinkedIn Learning
- Remove user licenses in LinkedIn Learning when they do not require access anymore
- Keep user attributes synchronized between Okta and LinkedIn Learning
- Create groups and manage group memberships in LinkedIn Learning
- Single sign-on to LinkedIn Learning
Prerequisites
The scenario outlined in this tutorial assumes that you already have the following prerequisites:
- Okta tenant with admin permissions
- LinkedIn Learning admin access
- SAML 2.0 Application configured in Okta (See configuration guide here.)
- Accurate user data in LinkedIn Learning. See this guide for instructions on cleaning up your user data if necessary for existing Learning accounts.
Configure LinkedIn Learning to Support SCIM Provisioning with Okta
Log into LinkedIn Learning as an admin and navigate to Me > Authenticate.
Click on Automate user management and expand the Configure SCIM section.
In the Configure SCIM section, elect Add SCIM.
Enter a name for the configuration and set Auto-assign licenses to On. Then, click Generate token.
Copy the Access token for use in the next section.
Enable SCIM Provisioning in Okta
If you have not yet configured SSO for LinkedIn Learning and plan to utilize SSO, follow the instructions here before moving on.
When utilizing SCIM with Okta, you must create a SAML 2.0 App Integration in Okta. There is an older LinkedIn Learning application available in the Okta catalog that does not support SCIM, so make sure you do not choose that application.
Determine who will be in scope for provisioning
Okta allows you to assign the application to specific users or groups. When SCIM provisioning is enabled, all users assigned to the application will be automatically provisioned in LinkedIn Learning.
Start small. Test with a small set of users and/or groups before assigning the application to your full user group.
Tip
When new users are provisioned in LinkedIn Learning, an invitation email is sent out automatically. If you want to assign users to the application without notifying them, make sure to disable emails to new learners in the LinkedIn Learning admin settings. Make sure to re-enable these settings when you are ready to notify your learners. You can also re-send the invitation email at any time in the admin settings.
Configure Automatic User Provisioning to LinkedIn Learning
This section guides you through the steps to configure the Okta SCIM provisioning service to create, update, and disable users in LinkedIn Learning based on user assignments in the Okta application.
To configure automatic user provisioning for LinkedIn Learning in Okta:
Sign into the Okta admin portal and navigate to Applications. In your list of applications, select the LinkedIn Learning SAML 2.0 application you created. If you have not yet created a LinkedIn Learning SAML 2.0 application, do so before continuing.
Select the General tab.
Under Application Settings, click Edit.
In the Provisioning section, select SCIM.
Click Save.
Navigate to the Provisioning tab and click Edit on the Integration section.
In the SCIM connector base URL field, input
https://api.linkedin.com/scim
.In the Unique identifier field for users field, input
userName
.Under Supported provisioning actions, select the following:
- Push New Users
- Push Profile Updates
- Push Groups
Select HTTP Header from the Authentication Mode drop-down.
In the Authorization field, input the access token retrieved from LinkedIn Learning in the previous section. Click Test Connector Configuration to ensure Okta can connect to LinkedIn Learning.
Click Save.
Make sure you are in the To App settings on the Provisioning tab and click Edit.
Enable the following settings:
- Create Users
- Update User Attributes
- Deactivate Users
Click Save.
Scroll down to the Attribute Mapping section.
Edit the attribute mappings or remove attributes as needed. The Username attribute is required and can be mapped to a specific user attribute in the Single Sign-On settings.
Push Okta Groups to LinkedIn Learning
This section guides you through the steps to configure the Okta SCIM provisioning service to create, update, and delete groups in LinkedIn Learning based on the selected groups in the Okta application. If members of a pushed group are assigned to the application in Okta, they will be added to a group of the same name in LinkedIn Learning and kept in sync.
Note
When pushing groups for the first time, group names must be unique between Okta and LinkedIn Learning. If you push a group with a name that already exists in LinkedIn Learning, you will receive an error.
To configure group syncing for LinkedIn Learning in Okta:
Navigate to the Push Groups tab and select + Push Groups.
Search for the group(s) you would like to push and click Save.
Continue adding as many groups as you like.
To remove a group, click on the Push Status and choose Unlink pushed group.
Monitor Your Deployment
Now that you have finished configuring SCIM provisioning, all users assigned to the application in Okta should be automatically provisioned with a license in LinkedIn Learning, and any pushed groups should be automatically created and populated in LinkedIn Learning.
The initial sync may take longer if you have a large employee population, but subsequent changes and user updates should reflect in LinkedIn Learning in near real-time.
To monitor the SCIM events, click on View Logs.
Note
Any future changes after the initial successful setup of SCIM implementation, it is highly recommended to stop the provisioning tool before making any changes on Okta side to avoid unnecessary sync process. This may lead to revoking licenses in error. Hence strongly suggest stopping the provisioning tool before making any changes first and turn back on provisioning once ready to sync.
If you wish to discuss any questions, please contact LinkedIn Learning Account team.
Appendix
Additional resources
LinkedIn’s Privacy and Data Security Policy
https://www.linkedin.com/legal/privacy-policy
LinkedIn Security Contacts
If you have any security questions or you would like to report a security issue, write to us at security@linkedin.com.
Commentaires
https://aka.ms/ContentUserFeedback.
Bientôt disponible : Tout au long de 2024, nous allons supprimer progressivement GitHub Issues comme mécanisme de commentaires pour le contenu et le remplacer par un nouveau système de commentaires. Pour plus d’informations, consultezEnvoyer et afficher des commentaires pour