Tutorial: Configure Automated User Management for LinkedIn Learning via SCIM


The System for Cross-domain Identity Management (SCIM) specification is designed to make managing user identities in cloud-based applications and services like LinkedIn Learning easier. By utilizing SCIM, you can automate user provisioning and de-provisioning and keep user attributes and group memberships up to date with your internal systems.

LinkedIn Learning currently supports SCIM integrations with the following Identity Providers:

Capabilities Supported

  • Create user profiles and assign licenses in LinkedIn Learning
  • Remove user licenses in LinkedIn Learning when they do not require access anymore
  • Keep user attributes synchronized between your Identity Provider and LinkedIn Learning
  • Provision groups and group memberships in LinkedIn Learning

Features and Functionality

Below are the list of SCIM features LinkedIn supports as of February 2023.

Functionality Supported?
Automatically add users and assign standard attributes Yes
Assign licenses Yes
Revoke licenses Yes
Assign permissions No
Automatically update user attributes Yes
Change or revoke permissions No
Delete users No
Add users to groups Yes
Remove users from groups Yes
Assign/remove users from groups based on attribute value(s) and/or pre-set conditions No
Access rules based on attribute value(s) and/or pre-set conditions No
SCIM + SSO Login Enabled Yes
Large scale group sync (10k >) Yes


Before implementing SCIM for LinkedIn Learning, you must already have the following prerequisites:

  • A supported Identity Provider (Azure AD or Okta)
  • Admin access to your Identity Provider
  • LinkedIn Learning admin access
  • Accurate user data in LinkedIn Learning. See the appendix for instructions on cleaning up your user data if necessary for existing Learning accounts.
  • Single Sign-on enabled in LinkedIn Learning (preferred)

Configure LinkedIn Learning to Support SCIM Provisioning

LinkedIn Learning currently supports SCIM integrations with Azure AD and Okta. Please follow the detailed instructions for your relevant Identity Provider to configure automatic provisioning for your organization:

If you are interested in utilizing a SCIM integration outside of the supported Identity Providers, please let your LinkedIn Customer Success Manager know so we can gauge interest for future enhancements and partnerships.


It's important to be cautious when making any changes to the Azure AD / Okta / One Login groups or dynamic groups in scope after completing the integration. To avoid any sync issues, make sure to stop the provisioning tool before proceeding. Turn it back on once you're ready to sync again. If you have any doubts or questions, don't hesitate to consult with a Technical Consultant.

Generate SCIM Token

LinkedIn Learning utilizes a bearer token for SCIM authentication, which can be generated in the interface by a Full Admin.

  • SCIM base URL = https://api.linkedin.com/scim

To generate a SCIM token in LinkedIn Learning:

  1. Log into LinkedIn Learning as an admin and navigate to Me > Authenticate.

    Authentication menu

  2. Click on Automate user management and expand the Configure SCIM section.

    Configure SCIM section

  3. In the Configure SCIM section, elect Add SCIM.

    Add SCIM

  4. Enter a name for the configuration and set Auto-assign licenses to On. Then, click Generate token.

    Generate SCIM token

  5. Copy the Access token for use in the next section.

    Copy access token


User List Clean Up

If you are implementing user provisioning for an existing LinkedIn Learning account, it is very important to ensure your existing user list in LinkedIn Learning is accurate and has the correct Primary Email Address and Unique User Identifier values for every user. To clean up your existing user list:

  1. Log into LinkedIn Learning as an admin and navigate to the People tab.

  2. Filter the user list to only show Active and Invited users.

  3. Click Manage users via CSV > Download filtered users via CSV.

  4. Under User attributes, add Unique user id.

  5. Click Download CSV.

  6. In the downloaded CSV file, correct the unique_user_id value for any user record that is incorrect. This value will need to match exactly the unique user identifier that is used for both Provisioning and Single Sign-on. This value is case sensitive.

  7. Once you have ensured the unique_user_id values are correct, return to the People tab and click Manage users via CSV> Upload Custom Attributes CSV.

  8. Select your updated CSV file and click Upload. Invitation emails are only sent if you included the license status column in the CSV. If you followed the above instructions, no email notifications will be sent and the option can be ignored.

    Upload users via CSV


    The same steps can be followed to make changes to the Primary Email Address values, but these two identifiers cannot be changed in the same upload. If both values need to be corrected, first make adjustments to the unique_user_id column, upload the file, then make changes to the primary_email_address column and upload the file a second time.

If you have questions about ensuring your user list data is accurate, please reach out to your LinkedIn Learning Customer Success Manager for assistance. It is very difficult to correct profiles once duplicates are created, so it's best to extra careful and get it right the first time.

Additional resources

LinkedIn’s Privacy and Data Security Policy


LinkedIn Security Contacts

If you have any security questions or you would like to report a security issue, write to us at security@linkedin.com.

Back to Top