• Configuring SSO

    Udemy Business supports Single Sign-On (SSO) into any provider that supports SAML2.0.

    You can enable SSO in your Udemy Business account yourself, using our self-serve settings.

    • Note: SSO integration is only available with the Enterprise Plan and can only be configured by an admin.

    Where to Configure SSO

    Manage > Settings > Single sign-on (SSO)

    sso_settings.png

    How to enable SSO

    Optional SSO settings

    • Login via SSO Provider only:
      All users will be forced to log in via SSO. If this option is not selected, users will be able to login via SSO or their username and password.
      • Note: It is advised that all new configurations start with optional SSO to ensure any errors in the configuration does NOT impact the current user experience..
    • Custom redirect URL:
      insert the URL of the page you wish your users to land on, if an error occurs with your SSO connection.
    • Session timeout:
      set a time, after which, inactive users will be automatically logged out of Udemy Business.
    • Single logout:
      When a user logs out of Udemy Business, they will be logged out of all SSO applications.
    • Allow SSO auto-provisioning:
      New users logging in through SSO will be automatically provisioned with a license. Otherwise, only existing users and users that have been invited to the account will be allowed to log in and consume a license.
      • Use Case: This can be disabled when an admin wishes to manage user access directly.
    • Allow deactivated users to be reactivated via SSO:
      Users that have been deactivated will be automatically reactivated when they log in again through SSO (if these users are also still provisioned with access via SSO).

    How to pause or delete your  SSO connection

    1. Access: Manage > Settings > Single sign-on (SSO).
      *NOTE: Deleting a connection will remove all connection information, and cannot be recovered.
    Read article
  • How to Configure a Custom SSO Connection

    This article outlines how to configure single sign-on (SSO) with Udemy Business for any identity provider that supports SAML2.0 SSO.

    LMS SSO Setup

    Steps on how to integrate the learning management systems below, with Udemy Business, are also available in our Help Center.

    How to configure SSO

    Pre-requisites

    1. Download the Udemy Business SSO Metadata file.

    2. You are an Admin within your Udemy environment.

    Part 1 - Setting up Udemy Business as a Service Provider

    For specific instructions in establishing a SSO connection in your system we recommend consulting your documentation

    3. Use the provided UB metadata file to configure SSO within your Identity provider by saving the file or copying the URL. This process differs per identity provider so please refer to the particular Identity provider article for details.

    4. Confirm SAML configuration values:

      • Entity ID: PingConnect
      • ACS URL: https://sso.connect.pingidentity.com/sso/sp/ACS.saml2
      • Logon/Base URL: Your Udemy Environment URL.({company}.udemy.com)
      • X509 Certificate: Found in our file

    5. Confirm SAML attributes. Identity providers often provide these by default but you may wish to edit these attributes.

    Required attributes

    • email : the unique email of the user 

    Optional attributes

    • firstName : the first name of the user
    • middleName : the middle name (if any) of the user
    • lastName : the last name of the user
    • displayName : the fully formatted name of the user
    • Name ID : an identifier that can be used in cases where a name is duplicated
    • groups : the list of groups to which the user belongs
    • externalID : a unique user ID specified by the customer

    6. Download the Metadata file from your system

    Part 2 - Configuring Udemy

    1. Login to Udemy Business

    2. Manage > Settings > Single Sign-On (SSO) > Start setup, and select Custom.

    manage_sso.png

    3. Connection Name: This can be anything (e.g. CSOD SSO).

    4. Import the Metadata via URL or from the file you previously downloaded from your system.

    5. Confirm Configuration

      • Verify that all parameters are correct for your environment.

    select_file_sso.png

     

    6. Save. A banner will display in the lower right if the settings are successfully applied.

     

    sso_complete.png

    Your SSO Configuration is complete!

    Read article
  • How to Configure SSO in Azure AD for Udemy Business

    This guide provides the steps required to configure Single Sign-On (SSO) using Security Assertion Markup Language (SAML 2.0) for Udemy Business.

    Existing Azure AD and Udemy Business customers who wish to enable SCIM Provisioning in Azure AD should use this configuration guide.

    Udemy Business SAML Metadata for Azure AD is linked here.

    Notes:

    • Single sign-on and provisioning are available to Udemy Business Enterprise Plan customers.
    • Users provisioned through Azure AD will not take up a license until they log into the Udemy Business application for the first time. 
    • SCIM provisioning changes can only be synced from Azure AD to Udemy Business, not the other way round. 
    • Users and Groups managed by SCIM in Azure AD cannot be changed within the Udemy Business app - SCIM is the single source of truth for user and group data.
    • You can still create groups manually in Udemy Business if you have users that you don’t need or want to push from Azure AD, eg. contractors or temporary staff.

    1. Configure Single Sign-On (SSO) with Azure

    Log in to your Azure portal and click Azure Active Directory.

    1.png

    Next, select Enterprise applications.

    2.png

     Now click + New application in the top bar.

    3.png

     Select Non-gallery application.

    4.png

    Enter a name for the new application and click Add at the end of the window.

    5.png

    Then select Set up single sign on. 6.png

    For Single Sign-on mode, select SAML based Sign-on.

    7.png

    Follow the 4 steps on the SSO with SAML screen. Azure AD has also provided a detailed configuration guide at the top of the page for further guidance.

    saml_based_sign_on.png

    For Step 1, Basic SAML Configuration:

    9.png

    For Step 2, User Attributes and Claims:

    In the User Identifier field, enter user.mail.

    Udemy Business supports the following SAML attributes 

    Please note: all attributes are space and case sensitive and do not include the colon.

    Required attributes

    • email : the unique email of the user 

    Optional attributes 

    • firstName : the first name of the user
    • middleName : the middle name (if any) of the user
    • lastName : the last name of the user
    • displayName : the fully formatted name of the user
    • Name ID : an identifier that can be used in cases where a name is duplicated
    • groups : the list of groups to which the user belongs
    • externalID : a unique user ID specified by the customer
    •  

    To change each attribute, click on the respective row.

    Enter the attribute name as specified in the table above, select the corresponding value and remove Namespace value (leave it blank) and click OK.

    To add more attributes to your SAML assertion, click Add attribute and repeat the process.

    10.png 

    Once you’re done adding the attributes, click Save to complete the configuration.

    For Step 3, in the SAML Signing Certificate section, copy the App Federation Metadata URL or click Download Federation Metadata XML, which will export the Metadata file.

    Access the Single Sign-On (SSO) tab of your Udemy Business account. Click Start setup and choose your Identity Provider. On the configuration page, choose the appropriate metadata configuration method and follow the instructions to create the SSO connection with your Identity Provider and Udemy Business.

    sso_settinngs.png

    Click on Azure Active Directory.

    12.png

    Select Enterprise applications.

    13.png


    Select your newly created application from the list.

    Click Users and groups.

    14.png

    Click on Add User -> Users and Groups

    Select all users you want to add to the application and click Select.

    15.png 

    You have now completed configuring SSO for Udemy Business with Azure AD.

    Read article
  • How to Configure SSO in Okta for Udemy Business

    This guide provides the steps required to configure Single Sign-On using Security Assertion Markup Language (SAML 2.0) and Provisioning using System for Cross-domain Identity Management (SCIM 2.0) for Udemy Business.

    Notes:

    • Single sign-on and provisioning are available to Udemy Business Enterprise Plan customers.
    • Users provisioned through Okta will not take up a license until they log into the Udemy Business application for the first time. 
    • SCIM provisioning changes can only be synced from Okta to Udemy Business, not the other way round. 
    • Users and Groups managed by SCIM in Okta cannot be changed within the Udemy Business app - SCIM is the single source of truth for user and group data.

    Contents

    • Supported SAML attributes
    • Configuration Steps

    Features

    Learn more about the provisioning features that are supported through single sign-in (SSO) with Udemy Business. 

    Udemy Business supports the following SAML attributes 

    Please note: all attributes are space and case sensitive and do not include the colon.

    Required attributes

    • email : the unique email of the user 

    Optional attributes 

    • firstName : the first name of the user

    • middleName : the middle name (if any) of the user

    • lastName : the last name of the user

    • displayName : the fully formatted name of the user

    • Name ID : an identifier that can be used in cases where a name is duplicated

    • groups : the list of groups to which the user belongs

    • externalID : Okta automatically populates the externalID attribute field with the Okta User ID. If you wish to persist your own unique user IDs then you can complete this on Okta by following this article, Setup SSO, and mapping your udemy external ID attribute.

    Configuration Steps

    1 - To get started, log into your Udemy Business account and go to the User Access page from Manage > Settings > Single Sign-On (SSO).

    Click Start setup. Choose your Identity Provider and follow the instructions from there to enable SCIM, and generate your credentials for inputting into your Identity Provider, as part of the configuration process.

    start_setup.png

    2 - From your Okta,  access the Applications page from the sidebar.

    3 - Click on Browse App Catalog, search for Udemy Business and click Add.

    browse_app_catalog_add.png

    4 - Adding the Udemy Business app will redirect you to the Application General Settings - Required page as shown below.  Choose a name for your Application label and click Done.

    general_settings_required.png

    5 - Next, click the Sign On tab then Edit.

    sign_on_tab.png

    Scroll down to Advanced Sign-on Settings and add the Audience URI (SP Entity ID) value below into the corresponding field and click Save. 

    d905a6ca-adf9-45e2-9b9d-0d6485f27206

    advanced_settings_save.png

    6 - On the same page, scroll down to SAML Signing Certificates.  Click on Actions then View IdP metadata.  Copy the metadata URL to your clipboard.  

    (Alternatively, you can select Download certificate to download the metadata file to your computer).

    view_idp_metadata.png

    7 - Navigate back to your Udemy Business account and access the Single sign-on (SSO) settings. On the configuration page, choose the appropriate metadata configuration method, and follow the instructions to create the SSO connection with your Identity Provider and Udemy Business.

    Note:  If you are looking to enable Login via SSO provider only within Optional settings, please ensure your SSO is properly working by logging out and logging back in via SSO, before enabling this feature. Otherwise, you may be locked out of your Udemy Business account.

    sso_okta_connection.png

    8-Click Save. SSO setup is now complete!

    If you wish to continue and set up SCIM Provisioning in Okta please use this configuration guide.

    Read article
  • How to Configure SSO in OneLogin for Udemy Business

    Udemy Business supports federated authentication via SAML 2.0-based Single Sign-On (SSO). When SSO is enabled, Enterprise Plan customers will be able to manage employee authorization and authentication to their Udemy Business learning site from their corporate identity system. 

    This article will cover all the key steps to add and configure Udemy Business SSO for OneLogin. You may, however, also want to refer to this OneLogin article regarding configuring apps for additional details.

    Learn how to configure advanced SSO settings on an organizational level.

    Features

    Learn more about the provisioning features that are supported through single sign-in (SSO) with Udemy Business.

    Udemy Business supports the following SAML attributes

    Please note: all attributes are space and case sensitive and do not include the colon.

    Required attributes

    • email : the unique email of the user 

    Optional attributes 

    • firstName : the first name of the user
    • middleName : the middle name (if any) of the user
    • lastName : the last name of the user
    • displayName : the fully formatted name of the user
    • Name ID : an identifier that can be used in cases where a name is duplicated
    • groups : the list of groups to which the user belongs
    • externalID : a unique user ID specified by the customer

    Steps to Configure Udemy Business and Onelogin:

    1. Add Udemy Business app from the OneLogin app catalog
    2. Download SAML metadata (to upload into your Udemy Business account)
    3. Upload OneLogin SAML metadata to Udemy Business account
    4. Assign users to the Udemy Business application in OneLogin

    Step 1: Add Udemy Business app from the OneLogin app catalog

    Start by navigating to Applications > Add App in the OneLogin administrator dashboard. Next, search for “Udemy Business” in the App Catalog.

    one_1.png
    Select Add App:

    one_2.png

    Search for and click Udemy Business:

    applications.png
    Click on Save to add the application:

    save_application.png

    Navigate to the Configuration tab and enter in your Udemy Business subdomain and then save. For example, if your company name is Acme Co. and your Udemy Business domain is https://acmeco.udemy.com, you would enter acmeco into the text field:

    configuration_tab.png

    Step 2: Download SAML metadata (to input into your Udemy Business account)

    Still in the Udemy Business Application tab from the previous step, navigate to the More Actions button:

    one_6.png

    And click the SAML Metadata button to download the SAML Metadata file. Save the file for the next step:

    one_7.png

    Step 3: Upload OneLogin SAML metadata to Udemy Business account (Note: For this step you will need Udemy Business Admin access)

    In your Udemy Business account, navigate to Manage > Settings > Single Sign-On (SSO):

    settings.png

    Select the Single Sign-On tab from the left hand menu.

    Click the Start setup drop down and select OneLogin:

    one_login.png


    Add a Connection Name, select the OneLogin Metadata file from the last step, and click Save:

    connection_name.png

    Step 4: Assign users to the Udemy Business application in OneLogin

    Back in your OneLogin account, in the Access tab and Users tab, configure the users’ access for the newly created app, either by adding Udemy Business app to a role (recommended), or adding the app to a specific user. Please see OneLogin's article regarding how to assign users to applications

    user_provisioned.png

    You have now completed configuring SSO for Udemy Business with OneLogin.

    Users or roles which have been added to the Udemy Business account should now successfully be able to login and authenticate via OneLogin SSO!

    Additional information about OneLogin is available in the OneLogin Knowledge Base.

    SSO is set up so you can also configure SCIM provisioning in OneLogin with Udemy Business. This will allow you to provision, deprovision, create groups, manage group membership and change user profile details like name and email address in OneLogin. Any changes made within OneLogin will automatically update Udemy Business and other applications you have set up via this mechanism so you can manage your users in one place.  

    You do not need to update both OneLogin and Udemy Business separately with these actions as it will all be synced from OneLogin. Learn more about configuring SCIM provisioning with OneLogin.

    Read article
  • How to Configure SSO With ADFS

    In this tutorial, we will configure ADFS with Udemy Business using the metadata from ADFS.

    Features

    Learn more about the provisioning features that are supported through single sign-in (SSO) with Udemy Business.

    Configuring ADFS

    1. Launch the ADFS 2.0 console. 

    adfs_start.png

    2. Under Trust Relationships > Relying Party Trusts, add a new Relying Party Trust. This will launch the wizard shown below.

    2.png 

    3. Next, you will be prompted to import the Udemy Business Metadata file. Udemy Business SAML Metadata for ADFS is linked here.

    3.png

    4. Enter a name for the connection, for example Udemy Business. 

    4.png

    5. On the Choose Issuance Authorization Rules step, select Permit all users to access this relying party.

    5.png

    6. Click Next to view the summary and complete the wizard.

    6.png

     7. Leave the “Open the Edit Claim Rules…” option checked and finish the wizard.

    image7.png

    8. This will launch the Edit Claim Rules configuration utility.

    8.png

    9. This example will only gather claims from Active Directory to present to Udemy Business. 

    9.png

    10. Configure a basic claim set.

    Udemy Business supports the following SAML attributes (all attributes are space and case sensitive).

    Required attributes

    • email
      the unique email of the user 

    Optional attributes 

    • firstName
      the first name of the user
    • middleName
      the middle name (if any) of the user
    • lastName
      the last name of the user
    • displayName
      the fully formatted name of the user
    • Name ID
      an identifier that can be used in cases where a name is duplicated
    • groups
      the list of groups to which the user belongs
    • externalID
      a unique user ID specified by the customer

    10.png

    11. Once you’ve configured the claims, back on the ADFS 2.0 Relying Party Trusts window, right-click the newly created connection and view the properties for the connection. Navigate to the Encryption tab and Remove the encryption certificate.

    11.png

    12. That will complete the ADFS configuration. Next, you should download the metadata and input it into your Udemy Business account to create the SSO connection.

    You can find the Metadata file by inputting your server name and linking to the below:

    https://<ADFS server name>/FederationMetadata/2007-06/FederationMetadata.xml

    Access the Single Sign-On (SSO) tab of your Udemy Business account. Click Start setup and choose your Identity Provider. On the configuration page, choose the appropriate metadata configuration method and follow the instructions to create the SSO connection with your Identity Provider and Udemy Business.

    sso_settinngs.png

    Read article
  • How to Configure SSO With Google Workspace

    In this tutorial, we will configure Google Workspace (formerly known as G Suite and Google Apps for Work). 

    Features

    Learn more about the provisioning features that are supported through single sign-in (SSO) with Udemy Business.

    Locating Your SaasID

    To configure Google Workspace you will need your SaasID. This value will be provided by Udemy Business and it is going to be the sub domain to access udemy, e.g. the yoursubdomain where the Udemy Business full address is yoursubdomain.udemy.com.

    In addition to your SaasID, you will also need the following parameters to configure Google Workspace.

    Creating a New SAML Application in Google Workspace

    The steps below outline how to create a new SAML application in Google Workspace.

    • Log into Google Workspace Admin Console.
    • Navigate to Apps > Web and Mobile apps.

    web_and_mobile_apps.png

    • Click Add app > Add custom SAML app.

    add_custom_saml_app.png

    service_provider_details.png

    • Leave Start URL blank if users will only be accessing Udemy Business directly from the account URL (i.e., yoursubdomain.udemy.com). If your users will be accessing Udemy Business from Google Workspace, then you will need to apply the following value for the Start URL: https://pingone.com/1.0/d905a6ca-adf9-45e2-9b9d-0d6485f27206
    • Next, add the attributes exactly seen in the screenshot below.

    add_attributes.png

    • Click Finish to complete the wizard.
    • By default, new applications are OFF for all users. To turn this on, go back to Apps > Web and mobile apps and click User Access.

    user_access.png

    •  In Service status, change the toggle to ON for everyone and click Save.

    on_for_everyone.png

     

    • Finally, you will grab the metadata file created in Step 5 and enter it into your Udemy Business account to create the SSO connection.
      In Udemy Business, access the Single Sign-On (SSO) tab. Click Start setup and choose Google Workspace.

    sso_settinngs.png

    • On the configuration page, select Metadata file and Select file. Then upload the file received from Step 5.

    metadata_file_select_file.png

    Please note: when adding a new SAML application in Google Workspace, it might take up to 24 hours for the process to be completed.

    Once the SAML application is created, you will need to configure attributes that are going to be sent in the SAML assertion.

    Udemy Business supports the following SAML attributes

    Please note: all attributes are space and case sensitive and do not include the colon. Required attributes

    • email : the unique email of the user 

    Optional attributes 

    • firstName : the first name of the user
    • middleName : the middle name (if any) of the user
    • lastName : the last name of the user
    • displayName : the fully formatted name of the user
    • Name ID : an identifier that can be used in cases where a name is duplicated
    • groups : the list of groups to which the user belongs
    • externalID : a unique user ID specified by the customer
    Read article
  • How to Replace Your SAML Signing Certificate for SSO Configured Accounts

    This article explains how Admins can replace the Security Assertion Markup Language (SAML 2.0) Signing Certificate for Single Sign-on (SSO) configured, Udemy Business accounts. 

    How to update an SSO certificate in Udemy Business

    You can replace your SAML Signing Certificate in your Udemy Business account, by using our self-serve settings. 

    1. Access Manage > Settings > Single Sign-On (SSO). 
    2. Use the Replace Certificate link to upload a new SAML Signing Certificate, which is provided by your Identity Provider.
    3. Replace the certificate in your Identity Provider once it’s been updated in Udemy Business. 

    Note: please update your SAML Signing Certificate in Udemy Business first, before updating it in your Identity Provider. This will help ensure a certificate mismatch from occurring, which would prevent your team from being able to access your Udemy Business account.

    upload_certificate.png

    Read article
  • Udemy Business Single Sign-on (SSO) Provisioning Features

    This article outlines the provisioning features that are supported through single sign-on (SSO) with Udemy Business. 

    • Note: SSO integration is only available with the Enterprise Plan.

    The following provisioning features are supported through SSO:

    Identity Provider (IdP) Initiated SSO

    • Users will be able to initiate the login process from their OneLogin dashboard

    Service Provider (SP) Initiated SSO

    • Users will be able to access [your-subdomain.udemy.com] and initiate the login process on their Udemy Business login page.

    Just in Time (JIT) Provisioning

    • Users authenticated through SSO will be provisioned to Udemy Business on their first login.
    • All user attributes which are configured to be sent will be updated whenever the user logs in.

    Reactivate Users

    • User accounts can be reactivated on Udemy Business.
    Read article