Important to know
LinkedIn began support of a new SSO certificate on March 25, 2020. This updated certificate is valid for the next ten years.
If you didn’t renew your previous certificate before March 25, 2020, please follow the instructions below based on your IdP (identity provider) to restore access:
In order to restore access for your users, please do one of the following two options:
Option 1:
LinkedIn SSO Certification
Download the new certificate and add to the existing signature certificates list in Identity Provider (IDP).
To add a certificate in ADFS:
-
Download the new certificate and add it to the existing signature certificates list in ADFS.
-
In ADFS, locate Relying Party Trust for Sales Navigator and open properties to edit.
-
Click the Signature tab.
-
Click Add.
OR
Option 2:
Update SSO Settings
Turn off the option to sign authentication requests in the SSO settings for Sales Navigator and make the corresponding change in your IDP.
To turn off sign authentication requests:
-
Sign in to Sales Navigator.
-
Click Admin in the top menu.
-
Click Admin Center in the top menu.
-
Click the Settings tab.
-
Locate the SAML connection you'd like to update and click
Expand. -
Scroll down to the SSO Options section, and select No for Sign AuthnRequest.
-
Click Save.
If you are unable to update your certificate, as a temporary workaround, you can send a SAML assertion to Sales Navigator by invoking an IdP-Initiated request.
To send a SAML assertion:
1. Navigate to https://your.adfsserver.com/adfs/ls/IdpInitiatedSignOn.aspx
2. Replace your.adfsserver.com with your server
Once you have your link, you may share it with any learners from your organization who require immediate access.
Important: This workaround should only be used as a short-term solution until the new certificate can be added.
Important to know
IDPs Azure AD, Okta, and OneLogin ignore the SSO certificate as long as your organization hasn't built any custom functionality to sign authentication requests.
If your organization hasn’t built any custom functionality, no action is needed.
If your organization has built any custom functionality that requires a signed authentication request, please do one of the following options:
Option 1:
LinkedIn SSO Certification
Download the new certificate and add to the existing signature certificates list in Identity Provider (IDP).
OR
Option 2:
Update SSO Settings
Turn off the option to sign authentication requests in the SSO settings for Sales Navigator and make the corresponding change in your IDP.
To turn off sign authentication requests:
-
Sign in to Sales Navigator.
-
Click Admin in the top menu.
-
Click Admin Center in the top menu.
-
Click the Settings tab.
-
Locate the SAML connection you'd like to update and click
Expand. -
Scroll down to the SSO Options section, and select No for Sign AuthnRequest.
-
Click Save.
In order to ensure continuous access for your users, please either do one of the following options:
Option 1:
LinkedIn SSO Certification
Download the new certificate and add to the existing signature certificates list in Identity Provider (IDP).
OR
Option 2:
Update SSO Settings
Turn off the option to sign authentication requests in the SSO settings for Sales Navigator and make the corresponding change in your IDP.
To turn off sign authentication requests:
-
Sign in to Sales Navigator.
-
Click Admin in the top menu.
-
Click Admin Center in the top menu.
-
Click the Settings tab.
-
Locate the SAML connection you'd like to update and click
Expand. -
Scroll down to the SSO Options section, and select No for Sign AuthnRequest.
-
Click Save.
If you need further assistance, please contact your account team or your customer success manager. You can also email your rep to confirm that you’ve either taken action to update your certificate, or that you don't use signed authentication requests and aren't impacted by this change.
FAQs
SSO certificate stands for Single Sign-on certificate. It is a certificate that validates our system’s initiated authentication requests.
When setting up your organization’s SSO (Single Sign-on) integration with our products, CA-signed certificate was downloaded through the process. Though many customers aren't affected by the expiry of this certificate, the following customers are affected:
-
Customers using ADFS where ADFS is configured with SP certificate signing turned on.
-
Customers using self-built/smaller IDPs or other major IDPs with custom functionality added that turns on SP certificate signing.
LinkedIn's previous SSO certificate expired on March 25, 2020 at Noon GMT (8:00 am ET / 5:00 am PT).
Please work with your IT team to confirm that your certificate and SSO settings are correct to ensure all employees can continue to log into Sales Navigator.
We don't have the ability to renew the certificate on your behalf. Please work with your IT team to confirm that your certificate and SSO settings are correct to ensure all employees can continue to log into Sales Navigator.