How to Configure SSO With Google Workspace

In this tutorial, we will configure Google Workspace (formerly known as G Suite and Google Apps for Work). 

Features

Learn more about the provisioning features that are supported through single sign-in (SSO) with Udemy Business.

Locating Your SaasID

To configure Google Workspace you will need your SaasID. This value will be provided by Udemy Business and it is going to be the sub domain to access udemy, e.g. the yoursubdomain where the Udemy Business full address is yoursubdomain.udemy.com.

In addition to your SaasID, you will also need the following parameters to configure Google Workspace.

Please note:  If you are already using PingConnect as an Entity ID for another existing SSO application, please contact Udemy Business to create a unique Entity ID and generate a custom metadata file.

Creating a New SAML Application in Google Workspace

The steps below outline how to create a new SAML application in Google Workspace.

  • Log into Google Workspace Admin Console.
  • Navigate to Apps > Web and Mobile apps.

web_and_mobile_apps.png

  • Click Add app > Add custom SAML app.

add_custom_saml_app.png

service_provider_details.png

  • Leave Start URL blank if users will only be accessing Udemy Business directly from the account URL (i.e., yoursubdomain.udemy.com). If your users will be accessing Udemy Business from Google Workspace, then you will need to apply the following value for the Start URL: https://pingone.com/1.0/d905a6ca-adf9-45e2-9b9d-0d6485f27206
  • Next, add the attributes exactly seen in the screenshot below.

  • (Optional: Adding Users to Groups via SAML Assertion
    To assign users to groups through SAML assertions, include the “groups” attribute under the Group Membership section.
  • Important:
    • Ensure the groups you wish to assign are already created in Udemy.
    • Use the “Search for a group” field to select and add the desired groups. Any groups not added in this section will not be passed to Udemy.
  • Click Finish to complete the wizard.
  • By default, new applications are OFF for all users. To turn this on, go back to Apps > Web and mobile apps and click User Access.

user_access.png

  •  In Service status, change the toggle to ON for everyone and click Save.

on_for_everyone.png

 

  • Finally, you will grab the metadata file created in Step 5 and enter it into your Udemy Business account to create the SSO connection.
    In Udemy Business, access the Single Sign-On (SSO) tab. Click Start setup and choose Google Workspace.

sso_settinngs.png

  • On the configuration page, select Metadata file and Select file. Then upload the file received from Step 5.

metadata_file_select_file.png

Please note: when adding a new SAML application in Google Workspace, it might take up to 24 hours for the process to be completed.

Once the SAML application is created, you will need to configure attributes that are going to be sent in the SAML assertion.

Udemy Business supports the following SAML attributes

Please note: all attributes are space and case-sensitive and do not include the colon.  Please copy paste directly from the list below to ensure proper formatting:

Required attributes

  • email : the unique email of the user 

Optional attributes

  • firstName : the first name of the user
  • middleName : the middle name (if any) of the user
  • lastName : the last name of the user
  • displayName : the fully formatted name of the user
  • Name ID : an identifier that can be used in cases where a name is duplicated
  • groups : the list of groups to which the user belongs. Note: If you do not plan to pass over groups do not send this attribute, as it will override existing groups.
  • externalID : a unique user ID specified by the customer
  • lmsUserID : a unique user ID specified by the customer

Related articles

Contact Us