|
| 1 | +--- |
| 2 | +title: LinkedIn employment verification |
| 3 | +description: A design pattern describing how to configure employment verification using LinkedIn |
| 4 | +services: decentralized-identity |
| 5 | +author: barclayn |
| 6 | +manager: amycolannino |
| 7 | +ms.service: decentralized-identity |
| 8 | +ms.subservice: verifiable-credentials |
| 9 | +ms.topic: conceptual |
| 10 | +ms.date: 04/21/2023 |
| 11 | +ms.author: barclayn |
| 12 | +--- |
| 13 | + |
| 14 | +# LinkedIn employment verification |
| 15 | + |
| 16 | +If your organization wants its employees get verified on LinkedIn, you need to follow these few steps: |
| 17 | + |
| 18 | +1. Setup your Microsoft Entra Verified ID service by following these [instructions](verifiable-credentials-configure-tenant.md). |
| 19 | +1. [Create](how-to-use-quickstart-verifiedemployee.md#create-a-verified-employee-credential) a Verified ID Employee credential. |
| 20 | +1. Configure the LinkedIn company page with your organization DID (decentralized identity) and URL of the custom Webapp. |
| 21 | +1. Once you deploy the updated LinkedIn mobile app your employees can get verified. |
| 22 | + |
| 23 | +>[!NOTE] |
| 24 | +> Review LinkedIn's documentation for information on [verifications on LinkedIn profiles.](https://www.linkedin.com/help/linkedin/answer/a1359065). |
| 25 | +
|
| 26 | +## Deploying custom Webapp |
| 27 | + |
| 28 | +Deploying this custom webapp from [GitHub](https://github.com/Azure-Samples/VerifiedEmployeeIssuance) allows an administrator to have control over who can get verified and change which information is shared with LinkedIn. |
| 29 | +There are two reasons to deploy the custom webapp for LinkedIn Employment verification. |
| 30 | + |
| 31 | +1. You need control over who can get verified on LinkedIn. The webapp allows you to use user assignments to grant access. |
| 32 | +1. You want more control over the issuance of the Verified Employee ID. By default, the Employee Verified ID contains a few claims: |
| 33 | + |
| 34 | + - ```firstname``` |
| 35 | + - ```lastname``` |
| 36 | + - ```displayname``` |
| 37 | + - ```jobtitle``` |
| 38 | + - ```upn``` |
| 39 | + - ```email``` |
| 40 | + - ```photo``` |
| 41 | + |
| 42 | +>[!NOTE] |
| 43 | +>The web app can be modified to remove claims, for example, you may choose to remove the photo claim. |
| 44 | +
|
| 45 | +Installation instructions for the Webapp can be found in the [GitHub repository](https://github.com/Azure-Samples/VerifiedEmployeeIssuance/blob/main/ReadmeFiles/Deployment.md) |
| 46 | + |
| 47 | +## Architecture overview |
| 48 | + |
| 49 | +Once the administrator configures the company page on LinkedIn, employees can get verified. Below are the high-level steps for LinkedIn integration: |
| 50 | + |
| 51 | +1. User starts the LinkedIn mobile app. |
| 52 | +1. The mobile app retrieves information from the LinkedIn backend and checks if the company is enabled for employment verification and it retrieves a URL to the custom Webapp. |
| 53 | +1. If the company is enabled, the user can tap on the verify employment link, and the user is sent to the Webapp in a web view. |
| 54 | +1. The user needs to provide their corporate credentials to sign in. |
| 55 | +1. The Webapp retrieves the user profile from Microsoft Graph including, ```firstname```, ```lastname```, ```displayname```, ```jobtitle```, ```upn```, ```email``` and ```photo``` and call the Microsoft Entra Verified ID service with the profile information. |
| 56 | +1. The Microsoft Entra Verified ID service creates a verifiable credentials issuance request and returns the URL of that specific request. |
| 57 | +1. The Webapp redirects back to the LinkedIn app with this specific URL. |
| 58 | +1. LinkedIn app wallet communicates with the Microsoft Entra Verified ID services to get the Verified Employment VC issued in their wallet, which is part of the LinkedIn mobile app. |
| 59 | +1. The LinkedIn app then verifies the received verifiable credential. |
| 60 | +1. If the verification is completed, they change the status to ‘verified’ in their backend system and is visible to other users of LinkedIn. |
| 61 | + |
| 62 | +The diagram below shows the dataflow of the entire solution. |
| 63 | + |
| 64 | +  |
| 65 | + |
| 66 | + |
| 67 | +## Frequently asked questions |
| 68 | + |
| 69 | +### Can I use Microsoft Authenticator to store my Employee Verified ID and use it to get verified on LinkedIn? |
| 70 | + |
| 71 | +Currently the solution works through the embedded webview. In the future LinkedIn allows us to use Microsoft authenticator or any compatible custom wallet to verify employment. The myaccount page will also be updated to allow issuance of the verified employee ID to Microsoft Authenticator. |
| 72 | + |
| 73 | +### How do users sign-in? |
| 74 | + |
| 75 | +The Webapp is protected using Microsoft Entra Azure Active directory. Users sign-in according to the administrator's policy, either with passwordless, regular username and password, with or without MFA, etc. This is proof a user is allowed to get issued a verified employee ID. |
| 76 | + |
| 77 | +### What happens when an employee leaves the organization? |
| 78 | + |
| 79 | +Nothing by default. You can choose the revoke the Verified Employee ID but currently LinkedIn isn't checking for that status. |
| 80 | + |
| 81 | +### What happens when my Verified Employee ID expires? |
| 82 | + |
| 83 | +LinkedIn asks you again to get verified, if you don’t, the verified checkmark is removed from your profile. |
| 84 | + |
| 85 | +### Can former employees use this feature to get verified? |
| 86 | + |
| 87 | +Currently this option only verifies current employment. |
0 commit comments