How to Configure SSO in Entra ID (Azure AD) for Udemy Business

This guide provides the steps required to configure Single Sign-On (SSO) using Security Assertion Markup Language (SAML 2.0) for Udemy Business.

Please note

  • If you are using the Gallery app, please keep in mind that it is not SCIM compatible. If you are planning to use SCIM, please create a Non-gallery application.
  • If you already have an instance of Entra configured with Udemy please review the Setting Up Additional Entra ID Instances for Udemy Business section of this article

Configure Single Sign-On (SSO) with Azure

Log in to your Azure portal and click Microsoft Entra ID.EntraID.png

Next, select Enterprise applications.

enterprise_application.png

 Now click + New application in the top bar.

new_application.png

 Select Create your own application.

create_your_own_application.png

Enter a name for the new application and click Integrate any other application you don't find in the gallery (Non-gallery) at the end of the window.

integrate_any_other_application_non-gallery.png

Then select Set up single sign on. 

set_up_single_sign_on.png

For Single Sign-on mode, select SAML based Sign-on.

single_sign_on_mode_saml.png

Follow the 3 steps on the Set up Single Sign-On with SAML screen. Azure AD has also provided a detailed configuration guide at the top of the page for further guidance.

Azure sandbox sso saml set up.png

For Step 1, Basic SAML Configuration:

Please note: If the Entity ID is being used by another SSO application, please contact Udemy Business to create a unique Entity ID and generate a custom metadata file.

Once all these fields are added, click Save.

For Step 2, User Attributes and Claims:

Go back to the Single Sign-on tab in the sidebar and click “Edit” on the Attributes & Claims” section.

In the Additional Claims section, click on the user.mail value.

  • Update emailaddress to “email” (make sure it is all lowercase)
  • Delete the Namespace URI
  • For source attribute, make sure to select the email value you want to transfer from Azure AD to Udemy. This will be the main identifier for the users account.

user.mail.png

To add more optional attributes (Additional claims) to your SAML assertion, click Add new claim or edit an existing claim and repeat the process:

Once you’re done adding the attributes, click Save to complete the attribute configuration.

 

attributes and claims.png

Udemy Business supports the following SAML attributes

Please note: all attributes are space and case-sensitive and do not include the colon.  Please copy paste directly from the list below to ensure proper formatting:

Required attributes

  • email : the unique email of the user

Optional attributes

  • firstName : the first name of the user
  • middleName : the middle name (if any) of the user
  • lastName : the last name of the user
  • displayName : the fully formatted name of the user
  • Name ID : an identifier that can be used in cases where a name is duplicated
  • groups : the list of groups to which the user belongs. Note: If you do not plan to pass over groups do not send this attribute, as it will override existing groups.
  • externalID : a unique user ID specified by the customer
  • lmsUserID : a unique user ID specified by the customer

For Step 3, in the SAML Signing Certificate section, click Download next to Federation Metadata XML, which will export the Metadata file.

federation_metadata.png

Once you have downloaded the Metadata file, go to the Udemy Business SSO setup in Manage > Settings > Single Sign-On (SSO). Click Start setup and choose your Identity Provider (Azure in this case).

SSo_Azure.jpg

On the Udemy Business account SSO configuration page, name your connection, upload the metadata XML file you downloaded from Azure, and configure any desired Optional SSO Settings.

For additional details on the optional SSO settings, you can review our article on Configuring SSO with your Identity provider page:

Please note:  Do not enable Login via SSO Provider Only until you’ve tested your connection successfully.  If SSO is not properly configured, all users will be locked out of Udemy Business.

Single_Sign_in_Azure_connection.jpg

Click Save.

Single_Sign_on_connection_enabled.jpg

Your SSO connection is now enabled.

  • You can now configure your user and group management for Udemy Business directly within your Azure tenant.  For a high-level overview, please reference the steps below in Adding Users and Groups to Udemy Business in Azure.
  • Learn how to configure SCIM Provisioning With Azure Active Directory (AD).

Adding Users and Groups to Udemy Business in Azure

Click on Azure Active Directory.

12.png

Select Enterprise applications.

13.png


Select your newly created application from the list.

Click Users and groups.

14.png

Click on Add User -> Users and Groups

Select all users you want to add to the application. Then, click Select.

15.png 

You have now completed configuring SSO for Udemy Business with Azure AD.

Setting up additional Entra ID instances for Udemy Business

If you're configuring an additional Entra ID (Azure AD) instance to integrate with Udemy Business, please follow the steps below to ensure a successful setup. Each SSO connection must use unique identifiers to avoid conflicts.

1. Obtain a Unique IdP Entity ID

To generate a unique IdP EntityID for each additional integration, you’ll need to enable the App ID URI in your Entra SAML settings.

Follow the instructions below to get a unique Entity ID from Azure AD (Entra ID) for each
separate Udemy Instance.

Step 1 - Enable App ID to Issuer (Customer)

  1. Navigate to your Udemy Application in Entra. In the SAML settings go to Attributes and Claims. 
  2. Navigate to Advanced Settings.
  3. Edit Advanced SAML Claim Options.
  4. Tick “Append Application ID to Issuer” flag and Save.

Append Application ID to Issuer.png

Step 2 - Add App ID to Metadata File (Udemy)

1. Navigate back to your SAML Settings and go to SAML Certificates. Next, copy the App Federation Metadata URL.

metadata download.png

2. Paste the URL into your browser window and copy the App ID.

append metadata.png

3. Save the page as an XML File, or by going to the previous page and downloading the Federation Metadata XML.

Metadata download.png

4. Open the Metadata file in a text document and append the app ID next to the EntityID. You can use ctrl+f entityID to find the proper section.

5. For example, if the EntityID is: "https://sts.windows.net/728f03be-40cd-47a7-8ff3-58569e27d1c5/

Update it to:

"https://sts.windows.net/728f03be-40cd-47a7-8ff3-58569e27d1c5/44234257-31f0-4928-9762-5913dd59dd36

append complete.png

6. Save the updated Metadata file.

2. Obtain a Unique SP Entity ID

Each Entra ID (Azure AD) integration with Udemy must have its own unique SP EntityID.

  • After creating the new IdP EntityID with the App ID appended to the metadata file, please share the updated metadata file with Udemy Support. Additionally, be sure to include a comprehensive list of all Udemy/Entra SP EntityIDs currently configured for your other environments. This will help us ensure consistency and avoid configuration conflicts across environments.
  • The Udemy team will then upload your Metadata file and create the SSO connection. Then we will provide you with the unique SP EntityID.

Please note:

  • Single sign-on and provisioning are available to Udemy Business Enterprise Plan customers.
  • Users provisioned through Azure AD will not take up a license until they log into the Udemy Business application for the first time. 
  • SCIM provisioning changes can only be synced from Azure AD to Udemy Business, not the other way round. 
  • Users and Groups managed by SCIM in Azure AD cannot be changed within the Udemy Business app - SCIM is the single source of truth for user and group data.
  • You can still create groups manually in Udemy Business if you have users that you don’t need or want to push from Azure AD, eg. contractors or temporary staff.

Related articles

Contact Us