This guide provides the steps required to configure Single Sign-On (SSO) using Security Assertion Markup Language (SAML 2.0) for Udemy Business.
- Access Udemy Business SAML Metadata for Azure AD.
- Cohort learning: Review how to configure SSO for our cohort learning platform, Corp U.
Please note: If you are using the Gallery app, please keep in mind that it is not SCIM compatible. If you are planning to use SCIM, please create a Non-gallery application.
Configure Single Sign-On (SSO) with Azure
Log in to your Azure portal and click Microsoft Entra ID.
Next, select Enterprise applications.
Now click + New application in the top bar.
Select Create your own application.
Enter a name for the new application and click Integrate any other application you don't find in the gallery (Non-gallery) at the end of the window.
Then select Set up single sign on.
For Single Sign-on mode, select SAML based Sign-on.
Follow the 3 steps on the Set up Single Sign-On with SAML screen. Azure AD has also provided a detailed configuration guide at the top of the page for further guidance.
For Step 1, Basic SAML Configuration:
- In the Identifier (Entity ID) field, enter https://www.udemy.com/sso/saml.
Please note: If the Entity ID is being used by another SSO application, please contact Udemy Business to create a unique Entity ID and generate a custom metadata file.
- In Reply URL field, enter this value: https://sso.connect.pingidentity.com/sso/sp/ACS.saml2
- In Sign on URL field, enter your Udemy Business account URL: https://{yoursubdomain}.udemy.com
- Relay State (Optional): https://pingone.com/1.0/d905a6ca-adf9-45e2-9b9d-0d6485f27206
- Logout URL (Optional): If you decide to configure Single Logout, enter the following: https://sso.connect.pingidentity.com/sso/SLO.saml2
Once all these fields are added, click Save.
For Step 2, User Attributes and Claims:
Go back to the Single Sign-on tab in the sidebar and click “Edit” on the Attributes & Claims” section.
In the Additional Claims section, click on the user.mail value.
- Update emailaddress to “email” (make sure it is all lowercase)
- Delete the Namespace URI
- For source attribute, make sure to select the email value you want to transfer from Azure AD to Udemy. This will be the main identifier for the users account.
To add more optional attributes (Additional claims) to your SAML assertion, click Add new claim or edit an existing claim and repeat the process:
Once you’re done adding the attributes, click Save to complete the attribute configuration.
Udemy Business supports the following SAML attributes
Please note: all attributes are space and case-sensitive and do not include the colon. Please copy paste directly from the list below to ensure proper formatting:
Required attributes
- email : the unique email of the user
Optional attributes
- firstName : the first name of the user
- middleName : the middle name (if any) of the user
- lastName : the last name of the user
- displayName : the fully formatted name of the user
- Name ID : an identifier that can be used in cases where a name is duplicated
- groups : the list of groups to which the user belongs
- externalID : a unique user ID specified by the customer
- lmsUserID : a unique user ID specified by the customer
For Step 3, in the SAML Signing Certificate section, click Download next to Federation Metadata XML, which will export the Metadata file.
Once you have downloaded the Metadata file, go to the Udemy Business SSO setup in Manage > Settings > Single Sign-On (SSO). Click Start setup and choose your Identity Provider (Azure in this case).
On the Udemy Business account SSO configuration page, name your connection, upload the metadata XML file you downloaded from Azure, and configure any desired Optional SSO Settings.
For additional details on the optional SSO settings, you can review our article on Configuring SSO with your Identity provider page:
Please note: Do not enable Login via SSO Provider Only until you’ve tested your connection successfully. If SSO is not properly configured, all users will be locked out of Udemy Business.
Click Save.
Your SSO connection is now enabled.
- You can now configure your user and group management for Udemy Business directly within your Azure tenant. For a high-level overview, please reference the steps below in Adding Users and Groups to Udemy Business in Azure.
- Learn how to configure SCIM Provisioning With Azure Active Directory (AD).
Adding Users and Groups to Udemy Business in Azure
Click on Azure Active Directory.
Select Enterprise applications.
Select your newly created application from the list.
Click Users and groups.
Click on Add User -> Users and Groups
Select all users you want to add to the application. Then, click Select.
You have now completed configuring SSO for Udemy Business with Azure AD.
Please note:
- Single sign-on and provisioning are available to Udemy Business Enterprise Plan customers.
- Users provisioned through Azure AD will not take up a license until they log into the Udemy Business application for the first time.
- SCIM provisioning changes can only be synced from Azure AD to Udemy Business, not the other way round.
- Users and Groups managed by SCIM in Azure AD cannot be changed within the Udemy Business app - SCIM is the single source of truth for user and group data.
- You can still create groups manually in Udemy Business if you have users that you don’t need or want to push from Azure AD, eg. contractors or temporary staff.