To manually configure Okta using the SAML 2.0 application, please follow the steps outlined below.
If you don't have the metadata from the Udemy for Business team, or you're not sure how to download it, please refer to this article.
Steps to Configure
Log into your Okta organization as a user with administrative privileges and click on the Admin button. On the right, click on Add Applications shortcut.
Then click on Create New App button and select SAML 2.0.
In General settings, enter your App name, logo and set the visibility. After clicking on next, you will be directed to the Configure SAML step. To configure SAML, you will need the Single sign on URL and your SP entity ID.
- Single SIgn on URL - https://sso.connect.pingidentity.com/sso/sp/ACS.saml2
- Audience URI (SP Entity ID) - This value can be found in your metadata. If you set up your integration with PingOne through Manual Connection, then you Entity ID can be found in the metadata provided by the Udemy for Business team. If you set up your integration with PingOne through Email Invitation, then your Entity ID will be displayed in PingOne, under the application name on the My Applications page.
- Name ID format - EmailAddress
- Application username - Email
Next, you will need to configure the Attribute Statements. The Udemy for Business instance of PingOne supports the following attributes (all attributes are case sensitive):
- SCIM.email the unique email of the user
- SCIM.name.givenName the given (or first) name of the user
- SCIM.name.middleName the middle name (if any) of the user
- SCIM.name.familyName the family (or last) name of the user
- SCIM.name.formatted the fully formatted name of the user
- groups the list of groups to which user belongs
- externalID the user ID specified by customer
After you have saved and published the application, you should be able to generate a metadata file for the new SAML application. Once you have the metadata, you can import it to PingOne or send it to the Udemy for Business team.
Below are links to additional Okta and PingOne integration documentation: