How to Configure SSO in Azure AD for Udemy Business

This guide provides the steps required to configure Single Sign-On (SSO) using Security Assertion Markup Language (SAML 2.0) for Udemy Business.

Existing Azure AD and Udemy Business customers who wish to enable SCIM Provisioning in Azure AD should use this configuration guide.

Udemy Business SAML Metadata for Azure AD is linked here.

• Learn how to configure advanced SSO settings on an organizational level.
• Cohort learning: Review how to configure SSO for our cohort learning platform, Corp U.

Notes:

• Single sign-on and provisioning are available to Udemy Business Enterprise Plan customers.
• Users provisioned through Azure AD will not take up a license until they log into the Udemy Business application for the first time. 
• SCIM provisioning changes can only be synced from Azure AD to Udemy Business, not the other way round. 
• Users and Groups managed by SCIM in Azure AD cannot be changed within the Udemy Business app - SCIM is the single source of truth for user and group data.
• You can still create groups manually in Udemy Business if you have users that you don’t need or want to push from Azure AD, eg. contractors or temporary staff.

1. Configure Single Sign-On (SSO) with Azure

Log in to your Azure portal and click Azure Active Directory.

Next, select Enterprise applications.

 Now click + New application in the top bar.

 Select Non-gallery application.

Enter a name for the new application and click Add at the end of the window.

Then select Set up single sign on.

For Single Sign-on mode, select SAML based Sign-on.

Follow the 4 steps on the SSO with SAML screen. Azure AD has also provided a detailed configuration guide at the top of the page for further guidance.

For Step 1, Basic SAML Configuration:

• In the Identifier (Entity ID) field, enter PingConnect.
• In Reply URL field, enter this value: https://sso.connect.pingidentity.com/sso/sp/ACS.saml2
• In Sign on URL field, enter your Udemy Business account URL: https://{yoursubdomain}.udemy.com
• Replace the {yoursubdomain} with your organization's unique, Udemy Business subdomain.

For Step 2, User Attributes and Claims:

In the User Identifier field, enter user.mail.

Udemy Business supports the following SAML attributes 

Please note: all attributes are space and case sensitive and do not include the colon.

Required attributes

• email : the unique email of the user 

Optional attributes 

• firstName : the first name of the user
• middleName : the middle name (if any) of the user
• lastName : the last name of the user
• displayName : the fully formatted name of the user
• Name ID : an identifier that can be used in cases where a name is duplicated
• groups : the list of groups to which the user belongs
• externalID : a unique user ID specified by the customer
•  

To change each attribute, click on the respective row.

Enter the attribute name as specified in the table above, select the corresponding value and remove Namespace value (leave it blank) and click OK.

To add more attributes to your SAML assertion, click Add attribute and repeat the process.

Once you’re done adding the attributes, click Save to complete the configuration.

For Step 3, in the SAML Signing Certificate section, copy the App Federation Metadata URL or click Download Federation Metadata XML, which will export the Metadata file.

Access the Single Sign-On (SSO) tab of your Udemy Business account. Click Start setup and choose your Identity Provider. On the configuration page, choose the appropriate metadata configuration method and follow the instructions to create the SSO connection with your Identity Provider and Udemy Business.

Click on Azure Active Directory.

Select Enterprise applications.

Select your newly created application from the list.

Click Users and groups.

Click on Add User -> Users and Groups

Select all users you want to add to the application and click Select.

You have now completed configuring SSO for Udemy Business with Azure AD.