This guide provides the steps required to configure Single Sign-On using Security Assertion Markup Language (SAML 2.0) and Provisioning using System for Cross-domain Identity Management (SCIM 2.0) for Udemy Business.
- Existing Okta and Udemy Business customers who wish to enable SCIM Provisioning in Okta should use this configuration guide.
- Learn how to configure advanced SSO settings on an organizational level.
- Cohort learning: Review how to configure SSO for our cohort learning platform, Corp U.
Please note:
- Single sign-on and provisioning are available to Udemy Business Enterprise Plan customers.
- Users provisioned through Okta will not take up a license until they log into the Udemy Business application for the first time.
- SCIM provisioning changes can only be synced from Okta to Udemy Business, not the other way round.
- Users and Groups managed by SCIM in Okta cannot be changed within the Udemy Business app - SCIM is the single source of truth for user and group data.
Contents
- Supported SAML attributes
- Configuration Steps
Features
Udemy Business supports the following SAML attributes
Please note: all attributes are space and case-sensitive and do not include the colon. Please copy paste directly from the list below to ensure proper formatting:
-
email : the unique email of the user
Optional attributes
-
firstName : the first name of the user
-
middleName : the middle name (if any) of the user
-
lastName : the last name of the user
-
displayName : the fully formatted name of the user
-
Name ID : an identifier that can be used in cases where a name is duplicated
-
groups : the list of groups to which the user belongs
-
externalID : Okta automatically populates the externalID attribute field with the Okta User ID. If you wish to persist your own unique user IDs then you can complete this on Okta by following this article, Setup SSO, and mapping your udemy external ID attribute.
- lmsUserID : a unique user ID specified by the customer
Configuration Steps
1. To get started, log into your Udemy Business account and go to the User Access page from Manage > Settings > Single Sign-On (SSO).
Click Start setup. Choose your Identity Provider and follow the instructions from there to enable SCIM, and generate your credentials for inputting into your Identity Provider, as part of the configuration process.
2. From your Okta, access the Applications page from the sidebar.
3. Click on Browse App Catalog, search for Udemy Business and click Add.
4. Adding the Udemy Business app will redirect you to the Application General Settings - Required page as shown below. Choose a name for your Application label and click Done.
5. Next, click the Sign On tab then Edit.
Scroll down to Default Relay State and add
https://pingone.com/1.0/d905a6ca-adf9-45e2-9b9d-0d6485f27206
Scroll down to Advanced Sign-on Settings and add the Audience URI (SP Entity ID) value below into the corresponding field and click Save.
PingConnect
6. On the same page, scroll down to SAML Signing Certificates. Click on Actions then View IdP metadata. Copy the metadata URL to your clipboard.
(Alternatively, you can select Download certificate to download the metadata file to your computer).
Optional Step: You can follow these optional instructions to add specific attributes for more customization of your Udemy for Business app integration with Okta. If you prefer to skip this, please proceed to the next step.
Here is an example describing how to add and use the additional licensePoolName attribute:
- Learn more about license pools and how admins can set them up.
In Okta, navigate to Directory > Profile Editor.
Search for the Udemy for Business app, then click Profile:
Click Add Attribute, then enter the following:
- Display Name: Enter a preferred attribute name. In our example, we used License Pool Name.
-
Variable Name: Enter licensePoolName.
Important: In our example, we are adding the licensePoolName attribute. - Click either Add Attribute or Save and Add Another.
Note: Attribute type (optional):
- If you select Personal, the current attribute will be available once you assign the user to the Udemy for Business application and will not be available once you assign the group to the app.
- If you select Group, then the licensePoolName attribute would be available for you to assign to all the members in the group to the app.
Click Mappings:
Select the Okta to Udemy for Business tab.
Start typing the required attribute from the Okta Base User profile (or use the dropdown list), then select the attributes you want to map.
In our example we selected the licensePoolName attribute, and then use the green arrows (Apply mapping on user create and update).
Click Save Mappings now:
Okta will now pass the licensePoolName attribute with the value of the licensePoolName field from the Okta Base User Profile to Udemy for Business.
7. Navigate back to your Udemy Business account and access the Single sign-on (SSO) settings. On the configuration page, choose the appropriate metadata configuration method, and follow the instructions to create the SSO connection with your Identity Provider and Udemy Business.
Please note: If you are looking to enable Login via SSO provider only within Optional settings, please ensure your SSO is properly working by logging out and logging back in via SSO, before enabling this feature. Otherwise, you may be locked out of your Udemy Business account.
8. Click Save. SSO setup is now complete!
If you wish to continue and set up SCIM Provisioning in Okta please use this configuration guide.