How to Configure SSO With Google Workspace

In this tutorial, we will configure Google Workspace (formerly known as G Suite and Google Apps for Work). 

• Access Udemy Business SAML Metadata for Google Workspace.
• Learn how to configure advanced SSO settings on an organizational level.
• Cohort learning: Review how to configure SSO for our cohort learning platform, Corp U.
• Note: SSO integration is only available with the Enterprise Plan.

Features

Learn more about the provisioning features that are supported through single sign-in (SSO) with Udemy Business.

Locating Your SaasID

To configure Google Workspace you will need your SaasID. This value will be provided by Udemy Business and it is going to be the sub domain to access udemy, e.g. the yoursubdomain where the Udemy Business full address is yoursubdomain.udemy.com.

In addition to your SaasID, you will also need the following parameters to configure Google Workspace.

• ACS URL
  https://sso.connect.pingidentity.com/sso/sp/ACS.saml2?saasid=yoursubdomain
• EntityID
  PingConnect
• Start URL
  https://pingone.com/1.0/d905a6ca-adf9-45e2-9b9d-0d6485f27206

Please note:  If you are already using PingConnect as an Entity ID for another existing SSO application, please contact Udemy Business to create a unique Entity ID and generate a custom metadata file.

Creating a New SAML Application in Google Workspace

The steps below outline how to create a new SAML application in Google Workspace.

• Log into Google Workspace Admin Console.
• Navigate to Apps > Web and Mobile apps.

• Click Add app > Add custom SAML app.

• Enter the Application Name and Description, upload a logo if desired, and click Continue.
• Click on the Download Metadata under Option 1 and click Continue.
• Fill in the ACS URL, Entity ID, Start URL and Name ID with the property values below and click continue.
  • ACS URL
    https://sso.connect.pingidentity.com/sso/sp/ACS.saml2?saasid=yoursubdomain
    EntityID
    PingConnect
    Start URL
    https://pingone.com/1.0/d905a6ca-adf9-45e2-9b9d-0d6485f27206

• Leave Start URL blank if users will only be accessing Udemy Business directly from the account URL (i.e., yoursubdomain.udemy.com). If your users will be accessing Udemy Business from Google Workspace, then you will need to apply the following value for the Start URL: https://pingone.com/1.0/d905a6ca-adf9-45e2-9b9d-0d6485f27206
• Next, add the attributes exactly seen in the screenshot below.

• Click Finish to complete the wizard.
• By default, new applications are OFF for all users. To turn this on, go back to Apps > Web and mobile apps and click User Access.

•  In Service status, change the toggle to ON for everyone and click Save.

• Finally, you will grab the metadata file created in Step 5 and enter it into your Udemy Business account to create the SSO connection.
  In Udemy Business, access the Single Sign-On (SSO) tab. Click Start setup and choose Google Workspace.

• On the configuration page, select Metadata file and Select file. Then upload the file received from Step 5.

Please note: when adding a new SAML application in Google Workspace, it might take up to 24 hours for the process to be completed.

Once the SAML application is created, you will need to configure attributes that are going to be sent in the SAML assertion.

Udemy Business supports the following SAML attributes

Please note: all attributes are space and case sensitive and do not include the colon. Required attributes

• email : the unique email of the user 

Optional attributes 

• firstName : the first name of the user
• middleName : the middle name (if any) of the user
• lastName : the last name of the user
• displayName : the fully formatted name of the user
• Name ID : an identifier that can be used in cases where a name is duplicated
• groups : the list of groups to which the user belongs
• externalID : a unique user ID specified by the customer
• lmsUserID : a unique user ID specified by the customer