This guide provides the steps required for existing Okta and Udemy Business customers to configure automatic provisioning, deprovisioning, profile updates and group management of Udemy Business users and groups using System for Cross-domain Identity Management (SCIM 2.0).
Notes:
- If you already have SSO sign on enabled for Udemy Business in Okta, you do not need to reconfigure SSO again. Just look for the Provisioning tab under Applications in Okta to set SCIM up.
- If you had SSO set up from a manual configuration by one of our team, you should add our new Udemy Business app into your Okta account. You will find this in Applications by searching for Udemy Business. Because this is a new version of our app in Okta, existing customers might be required to reconfigure Single Sign On (SSO) before enabling SCIM Provisioning. (step by step instructions below)
- Users provisioned through Okta will not consume an active license until they log into the Udemy Business application for the first time.
- SCIM-managed users and groups can only be changed in Okta.
- When SCIM is enabled, Udemy uses the SCIM protocol for attribute mapping over SAML. Since groups is not a SCIM user attribute, groups will not pass via SAML if you previously mapped the attribute as part of a SAML only configuration.
Contents
- Features
- Requirements
- Configuration Steps
- Schema Discovery
- Troubleshooting Tips
Features
The following SCIM provisioning features are supported:
- Provision Users from Okta
- Users assigned the Udemy Business app in Okta will be provisioned in Udemy Business.
- Note that users will not receive an automatically-generated invite email if they are SCIM provisioned from Okta.
- Push Profile Updates
- Updates made to the user's profile through Okta will be pushed to Udemy Business for users who are associated with Udemy Business in Okta.
- Push User Deactivation
- Deactivating the user or disabling the user's access to the application through Okta will deactivate the user on Udemy Business and remove them from all groups.
- Note: Deactivated users will retain their learning data for reporting purposes or future reactivation. To permanently delete a SCIM-managed deactivated user you will first need to break the SCIM connection for that user, which Udemy Business support can assist with.
- Reactivate Users
- Users can be reactivated in Udemy Business by reassigning the app to that user through Okta.
- Note that reactivated users will receive an automatically-generated email from Udemy saying they’ve been reactivated.
- Group Push
- Groups and their memberships will be pushed to Udemy Business. Manage groups is limited to groups pushed originally from Okta as we do not send information of groups created on Udemy Business.
SCIM-managed users have a gray SCIM flag next to their name and email. Users with the Status SCIM provisioned will not consume an active license until they login for the first time:
Configuration Steps
If you have not enabled SSO for Okta or if you had SSO set up from a manual configuration by our team, please complete the Okta SSO configuration steps here first.
- You can avoid any SSO downtime by hiding the Udemy Business tile in your Okta dashboard until the new SSO and SCIM configuration is complete.
- Beside Application Visibility click ‘Do not display application icon to users’
1. To start, click on the Provisioning tab then Configure API integration.
2. Click on Enable API Integration and add your subdomain, CLIENT_ID as username, and SECRET_ID as password.
[You can generate or view these credentials in your Udemy Business account by accessing the Provisioning (SCIM) page under Manage -> Settings.]
3. Click on Test API Credentials and you should see a message indicating that you’ve successfully completed your SSO integration. If not, please send a message to the Udemy Business Support Team with the given error message.
4. Click on Save and you will be redirected to the Application Provisioning configuration page.
5. On To App link click on Edit to enable individual features. To use all the capabilities we recommend to enable Create Users, Update User Attributes and Deactivate Users on this page.
6. Click on Save
7. Click on the Assignments tab to assign Udemy Business to single users or entire groups. Assigned users will be automatically provisioned after being added, automatically modified when changes are made to their profiles, and automatically deactivated when they are removed from assignments.
8. Click on the Push Groups tab to send groups and their membership information to Udemy Business.
9. Click on + Push Groups and select the groups you want to push to Udemy Business.
You will be able to select each group, or you can create an automatic rule.
10. Select the group search criteria and fill the requested information for the groups you would like to send information to Udemy Business.
11. After selecting the group, check Push group memberships immediately to send not only the group but the members within the group as soon as you select the group, and click on Save.
12. Follow the previous steps for groups selection for all groups you would like to send to Udemy Business.
Note: Udemy Business will not allow changes to SCIM-managed users or groups after setup.