Once Single Sign-on (SSO) is set up you can then configure System for Cross-domain Identity Management (SCIM) provisioning in OneLogin with Udemy Business. This will allow you to provision, deprovision, create groups, manage group membership and change user profile details like name and email address in OneLogin, which automatically updates Udemy Business. You will no longer need to update both OneLogin and Udemy Business separately with these actions as it will all be synced from OneLogin.
This article outlines how you can configure SCIM provisioning with OneLogin.
How to enable SCIM Provisioning
To enable SCIM Provisioning for your Udemy Business account, first go to your Udemy Business account and access Manage > Settings > Provisioning (SCIM).
Click Start Setup and follow the instructions to enable SCIM and generate the Secret Token (Bearer token) which you then need to save in OneLogin.
Next, access your OneLogin account and go to your Udemy Business SSO app and follow the steps below to get set up.
Additional information regarding how to provision users is also available in One Login's support center.
1. In the admin panel click on the applications tab:
2. Navigate to the “Configuration” tab. Inside the “Configuration” tab, input the SCIM bearer token from your Udemy Business account that was generated above, and set to “Enabled”:
3. Next, navigate to the “Provisioning” tab, and check the “Enable provisioning” box:
Creating a rule to sync a user’s group with Udemy Business
OneLogin uses the concept of “rules” in order to sync a user with a particular group in your Udemy Business account. There are many ways to create rules based on your different requirements for syncing groups. The following is one specific example of how to create a rule to sync a user with a group called “Engineers”.
1. Navigate to the “Rules” tab and select “Add Rule”:
2. Prerequisite: Before moving to the next step, please contact our Support Team and request that they enable the feature flag that will allow SCIM groups to be pulled from Udemy Business. With this feature enabled you can pull the existing groups from Udemy Business and access them in OneLogin.
3. Inside of the “Edit Mapping” screen is where you can configure the logic for your rule. In this example, we create a rule where the logic is “If the Group of the user is Engineering Group then the action is set the user’s group in Udemy Business to Engineers”: In order to pull groups “From Existing” in Udemy Business - you will need to refresh entitlements.
4. Navigate to the “Parameters” tab:
To send over the externalId value from OneLogin to Udemy, please make sure to have the parameter urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:employeeNumber added.
Note: adding parameters might not take effect immediately as OneLogin does a parameter sync daily.
5. Click on the “Groups” field:
6. Check the “Include in User Provisioning” box and save:
7. Now, after adding a user in OneLogin and setting that user’s group to “Engineering Group”:
8. Once the user is added to the Udemy Business application and synced, based on the rule, this user will be added to the “Engineers” group in your Udemy Business account: