This guide provides the steps required to configure Single Sign-On using Security Assertion Markup Language (SAML 2.0) and Provisioning using System for Cross-domain Identity Management (SCIM 2.0) for Udemy Business.
- Existing Okta and Udemy Business customers who wish to enable SCIM Provisioning in Okta should use this configuration guide.
- Learn how to configure advanced SSO settings on an organizational level.
- Cohort learning: Review how to configure SSO for our cohort learning platform, Corp U.
Please note:
- Single sign-on and provisioning are available to Udemy Business Enterprise Plan customers.
- Users provisioned through Okta will not take up a license until they log into the Udemy Business application for the first time.
- SCIM provisioning changes can only be synced from Okta to Udemy Business, not the other way round.
- Users and Groups managed by SCIM in Okta cannot be changed within the Udemy Business app - SCIM is the single source of truth for user and group data.
Contents
- Supported SAML attributes
- Configuration Steps
Features
Udemy Business supports the following SAML attributes
Please note: all attributes are space and case sensitive and do not include the colon.
Required attributes
-
email : the unique email of the user
Optional attributes
-
firstName : the first name of the user
-
middleName : the middle name (if any) of the user
-
lastName : the last name of the user
-
displayName : the fully formatted name of the user
-
Name ID : an identifier that can be used in cases where a name is duplicated
-
groups : the list of groups to which the user belongs
-
externalID : Okta automatically populates the externalID attribute field with the Okta User ID. If you wish to persist your own unique user IDs then you can complete this on Okta by following this article, Setup SSO, and mapping your udemy external ID attribute.
- lmsUserID : a unique user ID specified by the customer
Configuration Steps
1. To get started, log into your Udemy Business account and go to the User Access page from Manage > Settings > Single Sign-On (SSO).
Click Start setup. Choose your Identity Provider and follow the instructions from there to enable SCIM, and generate your credentials for inputting into your Identity Provider, as part of the configuration process.
2. From your Okta, access the Applications page from the sidebar.
3. Click on Browse App Catalog, search for Udemy Business and click Add.
4. Adding the Udemy Business app will redirect you to the Application General Settings - Required page as shown below. Choose a name for your Application label and click Done.
5. Next, click the Sign On tab then Edit.
Scroll down to Default Relay State and add
https://pingone.com/1.0/d905a6ca-adf9-45e2-9b9d-0d6485f27206
Scroll down to Advanced Sign-on Settings and add the Audience URI (SP Entity ID) value below into the corresponding field and click Save.
PingConnect
6. On the same page, scroll down to SAML Signing Certificates. Click on Actions then View IdP metadata. Copy the metadata URL to your clipboard.
(Alternatively, you can select Download certificate to download the metadata file to your computer).
7. Navigate back to your Udemy Business account and access the Single sign-on (SSO) settings. On the configuration page, choose the appropriate metadata configuration method, and follow the instructions to create the SSO connection with your Identity Provider and Udemy Business.
Please note: If you are looking to enable Login via SSO provider only within Optional settings, please ensure your SSO is properly working by logging out and logging back in via SSO, before enabling this feature. Otherwise, you may be locked out of your Udemy Business account.
8. Click Save. SSO setup is now complete!
If you wish to continue and set up SCIM Provisioning in Okta please use this configuration guide.