Once Single Sign-on (SSO) is set up you can then configure SCIM provisioning in OneLogin with Udemy for Business. This will allow you to provision, deprovision, create groups, manage group membership and change user profile details like name and email address in OneLogin, which automatically updates Udemy for Business. You will no longer need to update both OneLogin and Udemy for Business separately with these actions as it will all be synced from OneLogin.
To enable SCIM Provisioning for your Udemy for Business account, first go to your Udemy for Business account and access Manage > Settings > Provisioning (SCIM).
Click Start Setup and follow the instructions to enable SCIM and generate the Secret Token (Bearer token) which you then need to put into OneLogin.
Next, access your OneLogin account and go to your Udemy for Business SSO app and follow the steps below to get set up.
More information about setting up User Provisioning with OneLogin is available here.
In the admin panel click on the applications tab
Next, click on “Add App”
Type “SCIM” in the search box and select “SCIM Provisioner with SAML (SCIM v2 Core)”
Type in the Display Name. You can also add an icon and a description (optional)
Click “Save”
Go to “Configuration”
- In “SCIM Base URL” type https://{yoursubdomain}.udemy.com/scim/v2
- In “SCIM JSON Template” paste the following JSON:
{
"schemas": ["urn:scim:schemas:core:2.0"],
"userName": "{$parameters.scimusername}",
"name": {
"familyName": "{$user.lastname}",
"givenName": "{$user.firstname}"
},
"emails": [{
"value": "{$user.email}",
"type": "work",
"primary": true
}],
"title": "{$parameters.title}",
"locale": "{$user.locale_code}",
"externalId": "{$user.external_id}",
"active": "{$user.status}"
}
- In the “Custom Headers” type: Content-Type: application/scim+json
- Paste in the Bearer token
Click “Enable” and then “Save”
Go to “Provisioning”
Select “Enable provisioning”
Choose your desired behaviour for:
- when a user is deleted in OneLogin, or the user’s app access is removed
- When user accounts are suspended in OneLogin
Click “Save”
Provisioning users manually
Go to “Users” and select a user you wish to provision
Go to “Applications” and click the + button
Select the Application and click “Continue” and then “Save”
Go back to the new SCIM application and select users, click on the “Pending” provisioning status and click “Approve”
The user is now provisioned
To automatically provision users without admin approval go to your application provisioning page and uncheck “Create user”, “Delete user” and “Update user” from “Require admin approval before this action is performed” and click “Save”
Configuring SAML in your SCIM application
Go to your application configurations page:
- In SAML Audience URL type: https://sso.connect.pingidentity.com/sso/sp/ACS.saml2?saasid=<idpid>
- In SAML Consumer URL type:
https://sso.connect.pingidentity.com/sso/sp/ACS.saml2?saasid=<idpid>
Click Save
Go to Parameters and click the + button
Add a parameter SCIM.email with value Email and select “Include in SAML assertion”
Click Save
You can also add these optional parameters:
- SCIM.name.givenName the given (or first) name of the user
- SCIM.name.familyName the family (or last) name of the user
- externalID the user ID specified by customer
Click Save
Next, download the metadata and access the Single Sign-On (SSO) tab of your Udemy for Business account.
Click Start setup and choose your Identity Provider.
On the configuration page, choose the appropriate metadata configuration method and follow the instructions to create the SSO connection with your Identity Provider and Udemy for Business.
You have now completed configuring SSO for Udemy for Business with OneLogin.
Additional information about OneLogin is available in their Knowledge Base.