When SSO is enabled, enterprise customers will be able to manage employee authorization and authentication to their Udemy for Business learning site from their corporate identity system. Udemy for Business (UFB) supports federated authentication via SAML 2.0-based Single Sign-On (SSO).
In this tutorial, we will configure OneLogin using the metadata provided by the Udemy for Business team or the metadata downloaded from here.
Udemy for Business SAML Metadata for Onelogin is linked here.
This article will cover all the key steps to add and configure Udemy for Business SSO for Onelogin. You may, however, also want to refer to this Onelogin article for additional details.
Steps to Configure Udemy for Business and Onelogin:
- Add an App in OneLogin
- Configure Application Details
- Set the Parameters for the App
- Assign Users and Groups to the application
- Download metadata (to input into your Udemy for Business account)
Add an App
Start by navigating to Apps > Add Apps in the OneLogin administrator dashboard. Next, search for SAML Test Connector (IdP w/attr) and select the first result from the search results.
Select Add App:
On the Find Applications page, search for SAML Test Connector (IdP w/ attr w/ sign response) and select theresult from the search results.
Then, set the Display Name, Icon and Save the application. Onelogin will take you to the application Info page, where you will navigate to the Configuration tab. You should be able to fill in all the values based on your metadata.
Configure the Application Details
Configure the Application Details (Continued)
The following Application details should be pre-configured as long as you selected the SAML Test Connector (IdP w/ attr w/ sign response) in the previous step.
[This is your vanity url]
- ACS (Consumer) URL Validator*
- ACS (Consumer) URL
Next, go to the Parameters tab. Here you can add/edit attributes that are sentin the SAML assertion. By clicking on 'Add parameter', you can add new parameters with a field name. When adding new parameters, don't forget to check the flag to include new fields in the SAML assertion. Once a new parameter is added, click on it and set the value for it.
Udemy for Business SAML 2.0 supports the following attributes (please note: all attributes are case sensitive).
- SCIM.email the unique email of the user
- SCIM.name.givenName the given (or rst) name of the user
- SCIM.name.middleName the middle name (if any) of the user
- SCIM.name.familyName the family (or last) name of the user
- SCIM.name.formatted the fully formatted name of the user
- groups the list of groups to which user belongs
- externalID the user ID specified by customer
Set the Parameters for the App
Configure User Access to the App
In the Access tab and Users tab, configure the users’ access for the newly created app (either by adding Udemy for Business app to a role (recommended), or adding the app to a specific user).
Please see this Onelogin article for details.
Save the Application Metadata
Save the application and in the More Actions dropdown options, click on SAML Metadata.
Next, download the metadata and access the Single Sign-On (SSO) tab of your Udemy for Business account. Click Start setup and choose your Identity Provider. On the configuration page, choose the appropriate metadata configuration method and follow the instructions to create the SSO connection with your Identity Provider and Udemy for Business.
You have now completed configuring SSO for Udemy for Business with OneLogin.
Additional information about OneLogin is available in their Knowledge Base.
SSO is set up so you can also configure SCIM provisioning in OneLogin with Udemy for Business. This will allow you to provision, deprovision, create groups, manage group membership and change user profile details like name and email address in OneLogin, which automatically updates Udemy for Business.
You do not need to update both OneLogin and Udemy for Business separately with these actions as it will all be synced from OneLogin. Click here for more details and instructions on how to set this up.