• Allowlisting Udemy Business Features

    If your users access their Udemy Business accounts through your company’s network, your organization’s IT may need to allowlist several domains and subdomains to ensure some features operate correctly. 

    This article outlines which domains and subdomains may need to be allowlisted for certain, Udemy Business features.

    Allowlisting content (video streaming)

    If your users experience significantly degraded performance (i.e., playback delays) while streaming videos and viewing content through your company’s network, the video streaming domain Udemy Business utilizes should be allowlisted.

    To ensure your users can view Udemy Business content without any issues, please have your organizations’ IT allowlist the following video streaming domain on your network firewalls/gateways: *.udemycdn.com.

    Still encountering streaming issues? If the problem persists after your organization’s IT has allowlisted this domain, please advise your users still encountering the issue to reach out to Udemy Business Support and have them provide our team a HAR file. The information in the HAR file will help our engineers in determining what the issue is so they can start working on a resolution.

    Allowlisting emails

    If your company's firewalls are generally restrictive (certain commonly used sites are blocked), you will need to allowlist the following email sending domains and all of their subdomains from Udemy for Business to ensure the delivery of invitation, password reset, and other important emails.

    • a) *.udemy.com 
    • b) *.udemymail.com

    Important: please be sure to verify with your email service provider what the correct method is for allowlisting all subdomains on a given domain, as this can vary by provider. If the subdomains aren’t allowlisted properly, then the delivery of emails from Udemy Business from these domains may be blocked.

    Allowlisting Labs and Workspaces (Udemy Business Pro users)

    Udemy Business Pro users who access Udemy Business from inside their company's network, will need their organization's IT to allowlist the following domains to ensure Workspaces and Labs work correctly.

    • *.udemy.com
    • *.udemycdn.com
    • *.udemylabs.com
    • *.vocareum.com
    • *.amazon.com
    Read article
  • Troubleshooting Admin Issues in Your Udemy Business Account

    This article includes troubleshooting steps admins can take if they’re encountering issues while performing administrative tasks within a Udemy Business account. 

    For example, a page may fail to load correctly, or errors might occur when taking actions in the account (i.e., inviting a user or exporting a data report). The issue could be related to the browser, operating system, or network.

    Troubleshooting steps for admin issues

    If you’re an admin for your Udemy Business account, and you’re encountering issues while trying to do administrative tasks in it, please try the troubleshooting steps below. We recommend searching online for instructions on how to complete these steps for your specific device and browser.

    1. Check that your device’s browser and operating system meet the Udemy Business System Requirements.
    2. Access your account in a different browser. If the problem doesn’t occur, the issue is likely isolated to the first browser. If you contact us, let us know which browsers you tried.
    3. Login to your account from a private or incognito window. An incognito window will turn off extensions and add-ons that may interfere with Udemy Business. If private browsing fixes the problem, continue following the steps below to resolve the issue for your browser.
    4. Try to clear your cache and cookies. Be sure to restart your browser before trying again.
    5. Disable browser extensions that might be interfering with your site.
    6. If you have other devices or connections available, such as another computer or wireless network, try logging in to your Udemy Business account from that device or network if permitted by your company. If you don't have the same problem, the issue may be related to the first device or network.

    If you’ve tried all of the steps above and you’re still having trouble, please contact us

    Please be sure to provide a screenshot or screencast of the issue, and let us know which steps above you’ve tried, as doing so could help our team find a resolution for you quicker. 

    Read article
  • Udemy’s Response to the Log4J Vulnerability

    Recently, security researchers identified a remote code execution (RCE) vulnerability (CVE-2021-44228) affecting Apache’s Log4J tool, a Java-based logging utility used by a wide variety of software providers.

    Since this issue was first discovered, Udemy’s Security team has been working diligently to review and protect Udemy’s systems. At this point, there are no indicators that this vulnerability has negatively affected any company or personal data. We continue to investigate the impact of this vulnerability across our infrastructure and applications. 

    For high-risk, high-impact vulnerabilities such as this, our teams take a number of immediate steps, including testing to confirm levels of vulnerability, restricting network connections, and applying software or system updates or workarounds where necessary. Our Security and Engineering teams will monitor our environment, critical sub-processors, and vendors for instances of this vulnerability, attempted attacks, and notices from our contracted third parties.

    As we obtain additional information, we will provide updates through this page. Our Security team is working diligently to ensure our systems are safeguarded as security researchers’ recommendations evolve, so we’re currently unable to provide custom responses. For detailed information on our response approach, please refer to the frequently asked questions below. 

    Have you updated to a safer version of Log4J (2.0-2.14.1) ?

    In each case where vulnerable versions of Log4J were previously in use, we have undertaken careful remediation efforts, such as upgrading to a recommended newer version or implementing recommended workarounds. We have also adjusted our layered defenses (e.g., adding additional restrictions on inbound and outbound network connections) to protect our systems more globally.

    When will the remediation be complete?

    Udemy’s Security team is monitoring recommendations from security experts and vendors as the Log4J vulnerability attack patterns evolve, and our remediation and mitigation efforts will continue as these recommendations are shared.  

    Has customer data been compromised?

    At this point, there are no indicators that this vulnerability has negatively affected any company or personal data. 

    Are you asking third-party vendors used in your environment about the impact of Log4J on them?

    Udemy has reached out to vendors, and has applied updates to tooling as our vendors release them. We are also monitoring aggregated lists from security experts to ensure we respond to other recommended security mitigations on a tool-by-tool basis. 

    Read article