How to configure SSO in Entra ID (Azure AD) for Udemy Business (standard experience)

This guide covers how to configure Single Sign-On (SSO) between Microsoft Entra ID (formerly Azure AD) and Udemy Business using either SAML 2.0 or OIDC.

Please note:

  • If you already have an instance of Entra configured with Udemy please review the Setting Up Additional Entra ID Instances for Udemy Business section of this article.
  • If you're using the Gallery app, it is not SCIM compatible. If you plan to use SCIM, create a Non-gallery application instead.
  • Single sign-on and provisioning are available to Udemy Business Enterprise Plan customers only.
  • Do not enable Login via SSO Provider Only until you have successfully tested your connection. If SSO is not properly configured, all users will be locked out of Udemy Business.

Note: On March 25, 2026, we introduced a new, streamlined way to configure SSO. This new experience became the standard setup experience for all net-new configurations after that date, and we're currently working to transition all existing connections from the legacy experience. You can read about the legacy experience here. Please reach out to the Udemy Business support team if you have any questions. 

Table of contents

Before you begin

  • You must have administrator access to both your Udemy Business account and your Microsoft Entra ID tenant.
  • Decide which protocol to use: SAML or OIDC. If you’re unsure, check with your IT team. Both are fully supported.

Configure Single Sign-On (SSO) with Entra ID

Option A: Configure using SAML

Step 1: Configure Udemy Business as an Enterprise Application in Entra ID

  1. Log in to your Entra portal and click Microsoft Entra ID.EntraID.png
  2. Select Enterprise applications.
    enterprise_application.png
  3. Click + New application in the top bar.
    new_application.png
  4. Select Create your own application
    create_your_own_application.png
  5. Enter a name for the new application and click Integrate any other application you don't find in the gallery (Non-gallery) at the end of the window.
    integrate_any_other_application_non-gallery.png
  6. Select Set up single sign on
    set_up_single_sign_on.png
  7. For Single Sign-on mode, select SAML based Sign-on.
    single_sign_on_mode_saml.png

You should now see the configuration screen below

Step 2: Navigate to SSO settings in Udemy Business

  1. Log in to your Udemy Business account as an admin.
  2. Go to Manage > Settings > Single sign-on (SSO)
  3. Click Start setup and select Azure as your identity provider.
  4. Name your SSO Connection. The name you choose will be displayed for the SSO sign in option in the login page
  5. Under Connection type select SAML, and copy the SP Entity ID.

 

Step 3: Basic SAML Configuration in Entra ID

  1. Go back to your Entra ID configuration portal and In the Basic SAML Configuration section, click Edit and enter the following:
  • Identifier (Entity ID): Obtained from the Udemy SSO configuration page in your Udemy Admin portal.
  • Reply URL (Assertion Consumer Service URL): https://sso.udemy.com/api/oauth/saml
  • Sign on URL: https://{{domain}}.udemy.com/

Step 4: User Attributes and Claims

Note: Udemy ignores the Unique User Identifier section in the required claims.

  1. Go back to the Single Sign-on tab in the sidebar and click Edit on the Attributes & Claims section.
  2. In the Additional Claims section, click on the user.mail value.
  • Update emailaddress to “email” (make sure it is all lowercase)
  • Delete the Namespace URI.
  • For source attribute, make sure to select the email value you want to transfer from Entra ID to Udemy (usually user.mail or user.userprincipalname.) This will be the main identifier for the user's account and should match the email value in Udemy.
    user.mail.png
  1. Add new claim or edit an existing claim and repeat the process.
  2. Click Save.
  3. To add further optional attributes, click Add new claim and repeat the process. Udemy Business supports the following SAML attributes. 

Please note: All attributes are space and case-sensitive. Copy and paste directly from the table below.

SAML Attribute Required? Description
email Yes The unique email address of the user
firstName Optional The first name of the user
middleName Optional The middle name (if any) of the user
lastName Optional The last name of the user
displayName Optional The fully formatted name of the user
groups Optional The list of groups the user belongs to. Note: If you do not plan to pass groups, do not include this attribute - it will override existing groups.
externalID Optional A unique user ID specified by the customer
lmsUserID Optional A unique user ID specified by the customer (an LMS integration must be configured for this value to pass through)
licenseTypes Optional Specifies the type of Udemy Business license assigned to a user. Values: Enterprise or Enterprise,Pro
licensePoolName Optional Identifies which license pool the user is associated with
  1. Once you’re done adding the attributes, click Save to complete the attribute configuration.

 Step 5: Give users permission to use the Udemy Application

  1. Go back to the Set up Single Sign-On with SAML settings screen and click on Users and Groups on the left hand panel
  2. Click on Add user/group.
  3. Under Users, click on None Selected and search for the user or group you want to give permission to access the application.
  5. When you selected the users or groups you wanted to add, click on Select in the bottom of the screen
  6. Click Assign. Only these selected users or groups have permission to log into Udemy with SSO.

Step 6: Upload Metadata file from Entra to Udemy

  1. Go back to the Set up Single Sign-On with SAML settings in Entra.
  2. Scroll down to SAML Certificates.
  3. Look for the App Federation Metadata URL and copy the link.
  4. Once you’ve copied the Metadata URL, go back to your Udemy Business SSO setup page in Manage > Settings > Single Sign-On (SSO)
  5. Under Configure using, select Metadata URL and paste in the Metadata URL you previously copied, then click Import metadata.
  6. You should now see the metadata data appearing, once you confirm this, scroll down to the bottom of the page and click Save.
  7. Your SSO connection is now enabled. You can verify the status on the Single sign-on (SSO) page, which will display the connection status, certificate expiration date, and options to edit or pause the connection.
  8. If you get the error message “Error while editing and enabling SSO connection”, this is likely caused by a duplicate IdP EntityID. Please follow the guide Setting Up Additional Entra ID Instances for Udemy Business to resolve this issue

Option B: Configure using OIDC

Step 1: Register Udemy Business as an app in Entra ID

For additional guidance, refer to Microsoft's official documentation on configuring OIDC SSO for custom applications and the OpenID Connect protocol on the Microsoft identity platform.

  1. Sign in to the Microsoft Entra admin centre and navigate to More Services, then search for App registrations.
  2. Click New registration and configure the following:
    • Name: Udemy Business (or a name of your choice)
    • Supported account types: Select the option appropriate for your organisation (typically Accounts in this organizational directory only)
    • Redirect URI: Select Web and enter “https://sso.udemy.com/api/oauth/oidc

  1. Click Register.
  2. On the app overview page, copy the Application (client) ID. You will need this in Udemy Business.

  1. Navigate to Certificates & secrets → Client secrets → New client secret.

  1. Add a description, set an expiry period, and click Add. Copy the secret Value immediately - it will not be shown again.

 

Step 2: Complete OIDC setup in Udemy Business

Return to the Udemy Business SSO configuration screen.

  1. In the Name field, enter a name for this connection.
  2. Select OIDC as the Connection type.
  3. Enter the following values:
    Client ID: Obtained the Application Overview in Entra labeled as “Application (client) ID”
    Client Secret: Obtained from the secret value you previously copied
    Well-known URL: 
    • Obtained by going to the overview screen and clicking on Endpoints. Copy the URL for “OpenID Connect metadata document”. Should look similar to : https://login.microsoftonline.com/[your-tenant-id]/v2.0/.well-known/openid-configuration
  4. Click Save.

Step 3: Assigning users and groups in Entra ID


Once the connection is saved, assign the relevant users or groups to the Udemy Business application in Entra ID.

  1. In the Entra admin centre, go to your Udemy Business enterprise application.
  2. Select Users and groups, then click Add user/group.
  3. Select the users or groups you wish to assign and click Assign.

Testing your SSO connection

Before rolling out SSO to your organization, we recommend testing the connection:

  1. Open a private/incognito browser window.
  2. Navigate to your Udemy Business login page.
  3. Select the SSO connection you created and sign in with a test user account.
  4. Confirm the user is authenticated and successfully redirected to Udemy Business.

Setting up additional Entra ID instances for Udemy Business

If you're configuring an additional Entra ID (Azure AD) instance to integrate with Udemy Business, follow the steps below to ensure a successful setup. Each SSO connection must use unique identifiers to avoid conflicts.

Obtain a Unique IdP Entity ID

To generate a unique IdP EntityID for each additional integration, you’ll need to enable the App ID URI in your Entra SAML settings.

Follow the instructions below to get a unique Entity ID from Azure AD (Entra ID) for each
separate Udemy Instance.

Step 1:  Enable App ID to Issuer (Customer)

  1. Navigate to your Udemy Application in Entra. In the SAML settings, go to Attributes and Claims
  2. Navigate to Advanced Settings.
  3. Click Edit on Advanced SAML Claim Options.
  4. Select the Append Application ID to Issuer flag and Save.

Append Application ID to Issuer.png

Step 2: Add App ID to Metadata File (Udemy)

1. Navigate back to your SAML Settings and go to SAML Certificates. Copy the App Federation Metadata URL.

metadata download.png

2. Paste the URL into your browser window and copy the App ID.

append metadata.png

3. Save the page as an XML File, or by going to the previous page and downloading the Federation Metadata XML.

Metadata download.png

4. Open the Metadata file in a text document and append the app ID next to the EntityID. You can use ctrl+f entityID to find the section.

5. For example, if the EntityID is: "https://sts.windows.net/728f03be-40cd-47a7-8ff3-58569e27d1c5/

Update it to:

"https://sts.windows.net/728f03be-40cd-47a7-8ff3-58569e27d1c5/44234257-31f0-4928-9762-5913dd59dd36

append complete.png

6. Save the updated Metadata file.

7. Once you’ve copied the Metadata URL, go back to your Udemy Business SSO setup page in Manage > Settings > Single Sign-On (SSO)

8. Under Configure using, select Metadata File and Select file. Look for the metadata file you edited then click Import metadata.

9. You should now see the metadata data appearing, once you confirm this, scroll down to the bottom of the page and click Save.

Your SSO connection is now enabled. You can verify the status on the Single sign-on (SSO) page, which will display the connection status, certificate expiration date, and options to edit or pause the connection.

Related articles

Contact Us