LinkedIn Learning and Google SSO Implementation Guide

Article
05/08/2023

What this Document Tells You

The following steps outline the Google SSO and LinkedIn Learning implementation process:

linkedin-learning-google-sso-implementation-steps

Google SSO Implementation Overview

The administrator for your organization account can configure your company to authenticate to LinkedIn Learning using Google SSO. To use Google authentication, your organization must have a Google account.

Prerequisites

An organization-level Google account
Your company email account
Full administrator privileges
Identity Provider (IdP) administrative privileges

About Google Single Sign-On (SSO)

If your organization uses a Google account, you can choose to give your learners access to LinkedIn Learning based on their email address. This method authenticates your learners via Google Sign-in or Sign in with Google, and Google serves as the identity provider (IdP) for your account. Use this option as an alternative to authentication via a third-party SAML SSO provider (IdP).

You can enable Google authentication by adding your organization’s email domain (@examplecompany.com) to LinkedIn Learning's "allow list". Once you have enabled the domains, LinkedIn Learning automatically assigns your learners licenses when they use their company email address to log into LinkedIn Learning.

If you upload a learners via CSV or invite by email, please either use the same domain used for Google authentication, or use the learner's Google ID as their external ID. If your learners use another domain or external ID, the process creates a duplicate profile for that learner.

Why you Should Use Google SSO

Simple, intuitive configuration
An alternative for small to medium-sized organizations that lack the resources to implement a traditional SAML IdP configuration
Leveraging of your existing company's authentication
Better security when employees use your company's established password protocols rather than their individual accounts
Easier user management when employees leave your company

Before you Begin

Please remember these conditions before you begin using Google SSO:

Authentication occurs via Google's OAuth 2.0 APIs: https://developers.google.com/identity/protocols/OpenIDConnect
Google Auth is always "just in time" or "JIT" (i.e., users are assigned licenses on a first-come-first-serve basis.) The JIT license assignment cannot be disabled at this time.
Google authentication supports custom attributes with Google as the IdP. Check out more information about managing custom attributes in LinkedIn Learning.
To use Google SSO, your learners must have their work email address listed on their LinkedIn profile. Check out more information about adding or changing email addresses on LinkedIn profiles.

Configure Google SSO

After you log in, if you are not already in the Admin screen, select Go to Admin > Me > Authenticate.
From the side navigation menu, select Configure single sign-on and click Add new SSO.
Select an SSO method (in this case, "Google SSO").
In the Authenticate users with Google SSO field, give your SSO connection a name, or leave the default name (in this case, "GOOGLE-1").
In the Enter a domain field, enter your organization's domain name and click the + icon.
Click Save.
On the Settings screen, enable SSO by selecting "Active" from the SSO Status drop down.