Configure SCIM Provisioning With Okta

This guide provides the steps required for existing Okta and Udemy Business customers to configure automatic provisioning, deprovisioning, profile updates and group management of Udemy Business using System for Cross-domain Identity Management (SCIM 2.0).

Notes:

  • If you already have SSO sign on enabled from the previous Udemy Business app you do not need to reconfigure SSO again, just look for the Provisioning tab under Applications in Okta to set SCIM up. 
  • If you had SSO set up from a manual configuration by one of our team, you should add our new Udemy Business app into your Okta account. You will find this in Applications by searching for Udemy Business. Because this is a new version of our app in Okta, existing customers might be required to reconfigure Single Sign On (SSO) before enabling SCIM Provisioning. (step by step instructions below)
  • Users provisioned through Okta will not take up a license until they log into the Udemy Business application for the first time. 
  • SCIM provisioning changes can only be synced from Okta to Udemy Business, not the other way round. 
  • Users and Groups managed by SCIM in Okta cannot be changed within the Udemy Business app - SCIM is the single source of truth for user and group data.

Contents

  • Features
  • Requirements
  • Configuration Steps
  • Schema Discovery
  • Troubleshooting Tips

Features

The following provisioning features are supported:

  • Identity Provider (IdP) Initiated SSO
    • Users will be able to initiate the login process from their Okta dashboard
  • Service Provider (SP) Initiated SSO
    • Users will be able to access [your-subdomain.udemy.com] and initiate the login process their Udemy Business login page.
  • Just in Time (JIT) Provisioning
    • Users authenticated through SSO will be provisioned to Udemy Business on their first login.
    • All user attributes which are configured to be sent will be updated whenever the user logs in. This does not apply to SCIM users since they are only managed by SCIM.
  • Push Users with Ahead of Time Provisioning (SCIM)
    • New users associated with Udemy Business app on Okta will be created on Udemy Business.
  • Push Profile Updates (SCIM)
    • Updates made to the user's profile through Okta will be pushed to Udemy Business for users that are associated with the Udemy Business on Okta.
  • Push User Deactivation (SCIM)
    • Deactivating the user or disabling the user's access to the application through Okta will deactivate the user on Udemy Business and remove them from all groups.
    • Note: For Udemy Business, deactivating a user means removing access to login, but maintaining the user's information on Udemy Business as a deactivated user.
  • Reactivate Users
    • User accounts can be reactivated on Udemy Business by reassigning the app to that user through Okta.
  • Group Push (SCIM)
    • Groups and their memberships will be pushed to Udemy Business. Manage groups is limited to groups pushed originally from Okta as we do not send information of groups created on Udemy Business.

Configuration Steps

Note: 

  • If you already have SSO login enabled for the Udemy app through Okta you do not need to reconfigure SSO again; proceed to step 8. 
  • If you had SSO set up from a manual configuration by our team, you should reconfigure SSO with the Udemy Business app in Okta (steps 1-7).
    • You can avoid any SSO downtime by hiding the Udemy Business tile in your Okta dashboard until the new SSO and SCIM configuration is complete. 
    • Beside Application Visibility click ‘Do not display application icon to users’

1 - To get started, log into your Udemy Business account and go to the User Access page from Manage > Settings > Single Sign-On (SSO).

Click Start setup. Choose your Identity Provider and follow the instructions from there to enable SCIM, and generate your credentials for inputting into your Identity Provider, as part of the configuration process.

start_setup.png

2 - From your Okta,  access the Applications page from the sidebar.

3 - Click on Browse App Catalog, search for Udemy Business and click Add.

browse_app_catalog_add.png

4 - Adding the Udemy Business app will redirect you to the Application General Settings - Required page as shown below.  Choose a name for your Application label and click Done.

general_settings_required.png

5 - Next, click the Sign On tab, then Edit.

sign_on_tab.png

Scroll down to Advanced Sign-on Settings and add the Audience URI (SP Entity ID) value below into the corresponding field and click Save. 

d905a6ca-adf9-45e2-9b9d-0d6485f27206

 

advanced_settings_save.png

6 - On the same page, scroll down to SAML Signing Certificates.  Click on Actions then View IdP metadata.  Copy the metadata URL to your clipboard.  

(Alternatively, you can select Download certificate to download the metadata file to your computer).

view_idp_metadata.png

 

7 - Navigate back to your Udemy Business account and access the Single sign-on (SSO) settings. On the configuration page, choose the appropriate metadata configuration method, and follow the instructions to create the SSO connection with your Identity Provider and Udemy Business.

 

sso_okta_connection.png

8 - Now that SSO is enabled for Okta we can enable Provisioning (SCIM).  To start,click on the Provisioning tab then Configure API integration.

configure_api_integration.png

9 - Click on Enable API Integration and add your subdomain, CLIENT_ID as username, and SECRET_ID as password

[You can generate or view these credentials in your Udemy Business account by accessing the Provisioning (SCIM) page under Manage -> Settings.]

test_api_credentials.png

10 - Click on Test API Credentials and you should see a message indicating that you’ve successfully completed your SSO integration. If not, please send a message to the Udemy Business Support Team with the given error message.


11 - Click on Save and you will be redirected to the Application Provisioning configuration page.


provisioning_to_app_save.png

12 - On To App link click on Edit to enable individual features. To use all the capabilities we recommend to enable Create Users, Update User Attributes and Deactivate Users on this page.

provisioning_to_app_edit.png
13 - Click on Save

14 - Click on the Assignments tab to assign Udemy Business to single users or entire groups. Assigned users will be automatically provisioned after being added, automatically modified when changes are made to their profiles, and automatically deactivated when they are removed from assignments.

15 - Click on the Push Groups tab to send groups and their membership information to Udemy Business.

push_groups_to_ub.png
16- Click on + Push Groups and select the groups you want to push to Udemy Business.

You will be able to select each group, or you can create an automatic rule.

find_groups_ub.png
17 - Select the group search criteria and fill the requested information for the groups you would like to send information to Udemy Business.

push_groups_by_name.png

18 - After selecting the group, check Push group memberships immediately to send not only the group but the members within the group as soon as you select the group, and click on Save.

19 - Follow the previous steps for groups selection for all groups you would like to send to Udemy Business.

Note: After Okta sends User or Group information to Udemy Business, we will consider Okta as the source of truth, and will not allow changes to user profiles or groups on Udemy Business.

Related articles

Contact Us