How to Configure SSO in Azure AD for Udemy Business

This guide provides the steps required to configure Single Sign-On (SSO) using Security Assertion Markup Language (SAML 2.0) for Udemy Business.

• Access Udemy Business SAML Metadata for Azure AD.
• Cohort learning: Review how to configure SSO for our cohort learning platform, Corp U.

Configure Single Sign-On (SSO) with Azure

Log in to your Azure portal and click Azure Active Directory.

Next, select Enterprise applications.

 Now click + New application in the top bar.

 Select Create your own application.

Enter a name for the new application and click Integrate any other application you don't find in the gallery (Non-gallery) at the end of the window.

Then select Set up single sign on. 

For Single Sign-on mode, select SAML based Sign-on.

Follow the 3 steps on the Set up Single Sign-On with SAML screen. Azure AD has also provided a detailed configuration guide at the top of the page for further guidance.

For Step 1, Basic SAML Configuration:

• In the Identifier (Entity ID) field, enter https://www.udemy.com/sso/saml.

Please note:  If you are already using PingConnect as an Entity ID for another SSO application, please contact Udemy Business to create a unique Entity ID and generate a custom metadata file.

• In Reply URL field, enter this value: https://sso.connect.pingidentity.com/sso/sp/ACS.saml2
• In Sign on URL field, enter your Udemy Business account URL: https://{yoursubdomain}.udemy.com
• Logout URL (Optional): If you decide to configure Single Logout, enter the following: https://sso.connect.pingidentity.com/sso/SLO.saml2

For Step 2, User Attributes and Claims:

Click Unique User Identifier field, then enter user.mail.

Please note: While email is the only attribute required for SSO to work, Udemy Business also supports the following optional attributes:

Required attributes

• email : the unique email of the user

Optional attributes 

• firstName : the first name of the user
• middleName : the middle name (if any) of the user
• lastName : the last name of the user
• displayName : the fully formatted name of the user
• Name ID : an identifier that can be used in cases where a name is duplicated
• groups : the list of groups to which the user belongs
• externalID : a unique user ID specified by the customer
• lmsUserID : a unique user ID specified by the customer

You can configure additional optional attributes (Additional claims) by clicking on the respective row.

To add more optional attributes (Additional claims) to your SAML assertion, click Add new claim and repeat the process:

Enter the attribute name as specified in the table above, select the corresponding value and remove Namespace value (leave it blank), and click OK.

Once you’re done adding the attributes, click Save to complete the attribute configuration.

For Step 3, in the SAML Signing Certificate section, click Download next to Federation Metadata XML, which will export the Metadata file.

Once you have downloaded the Metadata file, go to the Udemy Business SSO setup in Manage > Settings > Single Sign-On (SSO). Click Start setup and choose your Identity Provider (Azure in this case).

On the Udemy Business account SSO configuration page, name your connection, upload the metadata XML file you downloaded from Azure, and configure any desired Optional SSO Settings.

For additional details on the optional SSO settings, you can review our article on Configuring SSO with your Identity provider page:

Please note:  Do not enable Login via SSO Provider Only until you’ve tested your connection successfully.  If SSO is not properly configured, all users will be locked out of Udemy Business.

Click Save.

Your SSO connection is now enabled.

• You can now configure your user and group management for Udemy Business directly within your Azure tenant.  For a high-level overview, please reference the steps below in Adding Users and Groups to Udemy Business in Azure.
• Learn how to configure SCIM Provisioning With Azure Active Directory (AD).

Adding Users and Groups to Udemy Business in Azure

Click on Azure Active Directory.

Select Enterprise applications.

Select your newly created application from the list.

Click Users and groups.

Click on Add User -> Users and Groups

Select all users you want to add to the application. Then, click Select.

You have now completed configuring SSO for Udemy Business with Azure AD.

Please note:

• Single sign-on and provisioning are available to Udemy Business Enterprise Plan customers.
• Users provisioned through Azure AD will not take up a license until they log into the Udemy Business application for the first time. 
• SCIM provisioning changes can only be synced from Azure AD to Udemy Business, not the other way round. 
• Users and Groups managed by SCIM in Azure AD cannot be changed within the Udemy Business app - SCIM is the single source of truth for user and group data.
• You can still create groups manually in Udemy Business if you have users that you don’t need or want to push from Azure AD, eg. contractors or temporary staff.