When you connect your Customer Relationship Management (CRM) platform with LinkedIn Business Manager, your CRM data is stored securely with encryption, data isolation, and access controls.

The CRM Sync is a one-directional data flow that relies on secure, dedicated APIs between Business Manager (LinkedIn) and your CRM. We ingest all CRM objects and fields as listed here at initial connection, then the accounted difference daily. 

How it works:

OAuth is used for authentication. This allows customers to retain control of their data at a more granular level and ensure CRM permissions are respected. As a result, LinkedIn does not have access to the member’s CRM credentials, and the administrator can revoke the access token at any time through the service provider’s application authorization flow.

Secure data storage

LinkedIn uses encryption both in transit, leveraging the Transport Layer Security (TLS) protocol to securely transfer data between the cloud services and customers, and at rest, using a combination of the AES and RSA industry standard, where we ensure that the CRM data is encrypted when persisted to disk. To protect member privacy, we implement robust privacy measures, including differential privacy, before exposing metrics data to advertisers.

Data Isolation

Customer data isolation is provided by logical isolation, where the data of all customers is in the same infrastructure and logical isolation is provided for storage and access. 

Our software stack uses encryption with a per-customer key to facilitate tenant isolation as well as provide a higher degree of data security.

Secure data access 

• Data Access - Access is based on the principle of least privilege whereby access is restricted to the minimum level necessary to perform a given function. Access is password protected and is granted based on granular role-based permissions with clear segregation of duties dependent on job function. An individual accessing the environment is assigned a unique user ID. The technical controls to restrict and monitor access include enforcement of two-factor authentication (2FA) and VPN. Any access is logged and auditable. 
• Debugging and Maintenance - Developers and other support roles are only granted elevated access, for a specific time period, for debugging and maintenance.

Related tasks 

• Share your Business Manager CRM data with Campaign Manager
• Change your Business Manager CRM connection with Campaign Manager
• Access your Revenue Attribution Report in Business Manager

Learn more

• Azure encryption overview 
• The Revenue Attribution Report in Business Manager
• Revenue Attribution Report metric definitions from CRM data 
• Revenue Attribution Report data imports from CRM data