Udemy Business supports user and group access and identity management with the System for Cross-domain Identity Management (SCIM) standard. SCIM is used by Single Sign-On (SSO) services and Identity Providers to manage people across a variety of apps and tools, including Udemy Business.
SCIM can be a great option for organizations looking to maximize scale and security, as well as minimize friction in user management for Udemy Business.
What you can do with SCIM:
- Automatically provision licenses and access to users and groups from your Identity Provider (provisioning).
- Automatically deactivate users and groups from your identity provider (deprovisioning).
- Reactivate users who were previously deprovisioned (provided the user’s personally identifiable information has not been anonymized).
- Update user details: name, email address.
- Create, remove, or edit groups.
- Manage group membership (users changing groups).
What you cannot do with SCIM:
- Delete User Personal Identifiable Information (PII) via SCIM on any Identity Provider.
- Sync data from Udemy Business back to the Identity Provider.
- Manage roles (admin, group admin, user).
- Assign Udemy Business Pro licenses
- Please note: SCIM-provisioned users will not receive an automatically-generated email invite to claim their Udemy Business license as they would if they were manually invited through the Udemy Business user management portal. We recommend your learning team send out a separate communication explaining how they can get access by logging in via their SSO provider. However, users who are reactivated via SCIM will receive an automatically-generated email from Udemy saying their account has been reactivated.
Once you take any of the above supported actions, the data or change will automatically update in Udemy Business.
Key points about SCIM Integration for your Udemy Business Account
- Your SCIM integration setup will vary depending on the identity provider you use.
- Udemy Business supports SCIM Provisioning for the key identity providers and SSO services that offer access and identity management.
- SCIM Provisioning is available to Enterprise Plan customers using Single Sign-on (SSO).
Users provisioned through SCIM in your SSO service will not take up a license until they join Udemy Business by signing in for the first time. When users are provisioned through SCIM but have not signed in for the first time, they will display on the All users page with a No License status.
- For customers who have purchased Udemy Business Pro licenses for all users, Pro licenses will be automatically assigned when invitations are accepted by users, or when they authenticate via SSO/SCIM.
- Note: When SCIM is enabled, Udemy uses the SCIM protocol for attribute mapping over SAML. Since groups and lmsUserID are not SCIM user attributes, those will not pass via SAML if you previously mapped them as part of a SAML only configuration.
SCIM-managed users have a gray SCIM flag next to their name and email. Users with the Status SCIM provisioned will not consume an active license until they login for the first time:
How to enable SCIM provisioning
To enable SCIM provisioning for your Udemy Business account, go to your Udemy Business account to Manage > Settings > Provisioning (SCIM).
Scroll to the SCIM Integration section. Next, follow the instructions to enable SCIM, choose your Identity Provider from the dropdown, and generate the credentials (Username and Password or Secret/Bearer token), which you then need to input into your Identity Provider as part of the configuration.
Depending on which Identity Provider you use, follow the instructions in the appropriate guide below to complete the SCIM setup.
For other IdPs or your own tools, please refer to the Udemy SCIM API Configuration Guide.
How to disable SCIM provisioning
To disable SCIM provisioning for your Udemy Business account (if you’re changing providers or no longer require SCIM) access Manage > Settings > Provisioning (SCIM).
Scroll to the SCIM Integration section and click on the Disable Integration link and follow the instructions to disable SCIM. This will disable the integration from the Udemy Business side, but your IT team will need to disable the integration from the Identity Provider side also.
You can continue to use Udemy Business as usual, but you will need to manually update user and group information within the platform from now on.
Deprovisioning users with SCIM
Note that Udemy Business users deprovisioned from your Identity Provider will be deactivated within Udemy Business. We first deploy this “soft delete” to enable you to preserve learner history, in the case of reactivating these users at a later point, and to prevent accidental, irreversible, anonymization of user data. If you wish to permanently delete a user and all their data, please follow the instructions below:
Deleting PII for SCIM-managed learners
If you wish to disconnect a learner from being managed by your IdP with SCIM, you can do so by first deprovisioning them in your SSO Active Directory, and then you can delete their PII in your Udemy Business account.
- Learn how to anonymize a learner in Udemy Business.
If you need to manage a learner directly from within your Udemy Business account and not via your SSO IdP, and further, or you do not wish to delete their PII, please reach out to our support team for further assistance.