In this article we'll explain the process of exchanging the metadata files in order to set up SSO for your Udemy for Business account.
The process is comprised of the following steps:
- Generate a Metadata file in your Identity Provider (IdP) and send it to us. This can also be a URL to your Metadata.
In case you don’t have the metadata file, you will need to send us the SSO parameters (see section Required SSO parameters if you don’t have a Metadata file).
- We will create a connection and enable SSO for your Udemy for Business account.
- We will send you a Metadata file for Udemy for Business which you need to use to configure the connection in your Identity Provider.
For all Identity Providers (except Azure), you can retrieve Udemy for Business metadata here.
For Azure AD IdP, you can retrieve Udemy for Business metadata here.
Required SSO parameters if you don’t have a Metadata file
If you already have a metadata file from your identity provider you can skip this section.
If you are not able to provide a metadata file, you will need to send us the SSO information given below so that we can manually configure the connection. This is the same information which is normally specified in the metadata file:
- Entity ID
Required. Uniquely identifies your identity bridge.
- SSO Endpoint
Required. This is the endpoint to which we will send AuthnRequest.
- Verification Certificate
Required. The public verification certificate for your identity bridge. We will use this certificate to sign SAML assertions.
- Sign the AuthnRequest.
Not Required. Specify if you would like AuthnRequests sent from us to be signed or not. Defaults to disabled.
Optionally, specify these additional parameters:
- Single Logout Endpoint
Optional. The endpoint (URL) to which the user is sent when they log out of Udemy for Business.
- Single Logout Response Endpoint
Optional. The endpoint (URL) to which the application sends its logout response.
- Single Logout Binding Type
Optional. Specifies how SAML will use HTTP to transport messages. It can be either Redirect or Post.
We will use this information to create a connection and enable SSO for your account.