• How to use our SCIM API to Automate User & Group Management

    Overview

    SCIM System for Cross-Domain Identity Management is a standard API for automating user and group provisioning/deprovisioning, and updating user and group data from the customer’s Identity Provider (IdP) into the Udemy for Business account. SCIM is supported by a number of Identity Providers such as Okta, Azure AD, and OneLogin but you can also write your own tools to make use of the Udemy for Business SCIM API. 

    SCIM uses a standardized REST API with data formatted in JSON. Udemy for Business supports version 2.0 of the SCIM standard. The API is available for all customers that are on the Enterprise plan.

    Udemy for Business SCIM API supports the following features: 

    • Provisioning users
    • Deprovisioning users (deactivation/anonymization)
    • Changing email addresses
    • Changing user details
    • Provisioning groups
    • Adding/removing users to groups

    SCIM protocol description

    SCIM Protocol is an application-level REST protocol for provisioning and managing identity data on the web. The protocol is client-server where the client is the Identity Provider (IdP) and the server is Udemy for Business.

    The basic flow is:

    • When access to Udemy for Business is granted to the user in the IDP by the customer, the IdP sends us a request to check if the specific user exists in our database. They issue a User search request by an attribute like userName or email.
    • If the user does not exist, the IdP sends a request to create a user.
    • If the user exists, the IdP sends an update request for the user.
    • When access to Udemy for Business is revoked, the IdP sends us a request to deactivate/delete the user from our database.
    • IdP can also send requests to change user details.

    How to access the API?

    In order to obtain the authorization credentials to connect to the SCIM API, you will have to set up SCIM integration via Manage -> Settings -> Provisioning (SCIM) page in your Udemy for Business account. Note that only Admins have access to this page. 

    Click Start Setup.

    1.png
    In the next step, select Other from the Choose Provider dropdown.

    2.png

    3.png

    4.png

    Click Generate token.

    5.png
    On this screen, click Copy to copy the Bearer token to the clipboard.

    You will need to include Authorization HTTP header with the Bearer token in your requests, for example:

    GET /scim/v2/Users HTTP/1.1

     Host: myorganization.udemy.com

     Accept: application/scim+json

     Authorization: Bearer <enter you Bearer token here>

    Content-Type: application/scim+json

    Udemy for Business SCIM API uses the HTTP protocol and is only available over a secure HTTPS connection.

    The base URL for the API is https://<organization>.udemy.com/scim/v2/

    If you are developing an application to interact with the Udemy for Business SCIM API, it is recommended to refer to the SCIM RFCs included at the end of this document. Udemy for Business SCIM API implementation is compliant with the standard.

    SCIM API Endpoints

    Informational Endpoints

    These endpoints are information and serve to configure the clients. They do not require authentication, so you don’t need to include the Authorization header when accessing these endpoints.

    GET /ServiceProviderConfiguration

    Returns details about Udemy for Business SCIM implementation including which methods are supported.

    GET /Schemas

    Returns information about the schemas that our SCIM implementation supports. Supported schemas are Users and Groups.

    GET /Schemas/Users

    Returns all attributes that we support for User resources.

    GET /Schemas/Groups

    Returns all attributes that we support for Group resources.

    User Endpoints

    Using these endpoints you can list users, filter by attributes, add new users, update  users’ information, or deactivate/anonymize users. Bear in mind that you will only be able to access users that were created using the SCIM API, users created within Udemy for Business will not be available unless you reconcile them through SCIM. More details about reconciliation are given below.

    Supported Attributes

    SCIM attribute

    Required?

    Description

    userName

    Yes

    The userName from the IdP. Must be unique.

    name, { givenName, familyName }

    No

    Given name and family name of the user. Even though they are not required, we recommend always specifying those attributes since it’ll make it easier to identify users.

    emails[type=”work”]]['value’]

    Yes

    Email of the user, must be unique

    active

    Yes

    Flag to deactivate/reactivate users

    title

    No

    User’s job title, i.e. “Senior Engineer”

    externalId

    Yes

    The externalId of the user from IdP. Must be unique.

    Please note: If you specify any other attribute that is not on this list, it will be ignored.

    GET /Users

    Returns a paginated list of users, 12 users per page by default. You can pass in count and startIndex parameters to paginate through the result set. For example:

    GET /scim/v2/Users?startIndex=1&count=100 HTTP/1.1

     Host: myorganization.udemy.com

     Accept: application/scim+json

     Authorization: Bearer <enter you Bearer token here>

    • startIndex is the 1-based index of the first result in the current set of list results (offset)
    • count is the number of resources returned in a list response page (limit). You can retrieve no more than 1000 users in a single request. If this item is omitted it will default to 12.

    GET /Users?filter=

    This endpoint is used to filter users by specific attributes. For example, it is possible to search by userName attribute:

    GET /Users?filter=userName eq "gloria.graynor”

    Note: In the example above, you will need to urlencode the URL parameters so the URL becomes:
    GET /Users?filter=userName%20eq%20%22gloria.graynor%22

    This will return a list of user resources. If there are no results, an empty list will be returned.

    The supported filters are:

    • userName
    • externalID
    • emails[type eq=”work”]

    The supported operators are:

    • and
    • eq

    Response:

    • HTTP status code 200 with the list of entities on success
    • HTTP status code 501 if an unsupported filter is supplied

    POST /Users

    This endpoint is used to create (provision) new users in Udemy for Business. 

    The response will contain an id attribute which should be used when referring to this user in all subsequent requests.

    Note that:

    • New users created this way will not consume a license until that user signs in for the first time.
    • If there was an existing pending invitation for this user, it will get used at this point.
      The user will get added to groups, be assigned appropriate role/course assignments according to what is specified in the invitation.
    • An attempt to create a user that already exists in Udemy for Business will cause the user to become SCIM managed (displayed with a small link icon in Manage Users pages). Note that user’s status and license usage will not be changed. If the user was active it will remain active and if the user was deactivated it will remain deactivated.

    Response:

    • HTTP status code 201 and the user’s resource on success
    • HTTP status code 409 if the member with the same userName already exists in the Organization
    • HTTP status code 400 with the error details in the response body if the request did not pass validation

    GET /Users/<id>

    This endpoint is used to retrieve user details for a specified user. id parameter in the request above is a unique identifier that was returned when the user was created using SCIM or when listing all existing users.

    Response:

    • HTTP status code 200 with the user resource on success
    • HTTP status code 404 if the user has not been found

    PUT /Users/<id>

    This endpoint is used to replace (overwrite) user details in Udemy for Business. If specified, attribute active can be used to deactivate or reactivate the user.

    Response:

    • HTTP status code 200 and the updated user resource
    • HTTP status code 404 if the user doesn’t exist. 
    • HTTP status code 400 in case of an attempt to deactivate an organization owner.

    PATCH /Users/<id>

    This endpoint is used to make partial updates to the user details in our system, meaning that you can use it to change only some attributes of the user. This is in contrast to PUT which replaces the entire user. 

    It can contain attribute active which will cause the user to be deactivated or reactivated.

    • The body of each request MUST contain the "schemas" attribute with the URI value of "urn:ietf:params:scim:api:messages:2.0:PatchOp".
    • The body of an HTTP PATCH request MUST contain the attribute "Operations", whose value is an array of one or more PATCH operations.  Each PATCH operation object MUST have exactly one "op" member, whose value indicates the operation to perform and MAY be one of "add", "remove", or "replace".
    • The “path” attribute can be empty, in this case “value” should be a dictionary in the format of {“path”: “value”}.

    Response:

    • HTTP status code 200 with the updated user’s resource on success
    • HTTP status code 404 if the user was not found
    • HTTP status code 400 if attempting to deactivate an organization owner or in case of an invalid operation.

    DELETE /Users/<id>

    This endpoint is used to remove or to deprovision the user in Udemy for Business. The user will get anonymized when this request is received and all their data will be permanently removed. This is a dangerous operation and we recommend deactivating users instead using PUT or PATCH with active attribute set to false.

    Response:

    • HTTP status code 204 on success.
    • HTTP status code 404 if the user was not found.

    Group Endpoints

    Supported Attributes

    SCIM attribute

    Required?

    Description

    displayName

    Yes

    Group title. Must be unique among all Udemy for Business groups.

    externalId

    No

    The externalId of the group from the Identity Provider

    Note: If you specify any other attribute that is not on this list, it will be ignored.

    GET /Groups

    This endpoint is used to get a paginated list of all provisioned groups. Include startIndex and count query string parameters to paginate through the results. 

    Bear in mind that only groups created using SCIM will be returned. Groups created from Udemy for Business will not be returned.

    GET /Groups?filter=

    This endpoint is used to filter groups by specific attributes. For example, it is possible to search by displayName attribute:

    GET /Groups?filter=displayName eq "Marketing”

    This will return a list of group resources. If there are no results, an empty list will be returned.

    Note that you will need to url encode the parameters, so the request becomes:
    GET /Groups?filter=displayName%20eq%20%22Marketing%22

    The supported filters are:

    • displayName
    • externalId
    • Id
    • member.value

    The supported operators are:

    • and
    • eq

    Response:

    • HTTP status code 200 with the list of entities on success
    • HTTP status code 501 if the non-supported filter is used

    POST /Groups

    This endpoint is used to create (provision) new groups in Udemy for Business. 

    Response:

    • HTTP status code 409 If the provisioned group with the same name already exists in the org, we return 409 (Conflict) with a scimType error code of uniqueness.
    • When the group has been created successfully, we return the full representation of the group with HTTP status code 201 (Created) together with the Location header that contains the URL of the create group resource.

    GET /Groups/<id>

    This endpoint is used to fetch the group details from Udemy for Business. 

    Response:

    • HTTP status code 200 and a group resource
    • HTTP status code 404 if the group has not been found

    PUT /Groups/<id>

    This endpoint is used to replace the group details in Udemy for Business.

    Response:

    • HTTP status code 200 and the updated group resource 
    • HTTP status code 404 if the group doesn’t exist. 

    PATCH /Groups/<id>

    This endpoint is used to make partial updates to group details in Udemy for Business. 

    The PATCH endpoint is more tricky than others, as it supports different kinds of operations (and their combinations are possible):

    • replace operation changes the specified value. In our case it’s either group name or members.
    • remove operation removes a member from the group.
    • add operation adds members to the group.

    The rules are the following:

    • We never remove unprovisioned members from the group (in case of `replace` members operation, for example).
    • PATCH request, regardless of the number of operations, SHALL be treated as atomic.

    The input validations are the following:

    • The body of each request MUST contain the "schemas" attribute with the URI value of "urn:ietf:params:scim:api:messages:2.0:PatchOp".
    • The body of an HTTP PATCH request MUST contain the attribute "Operations", whose value is an array of one or more PATCH operations.  Each PATCH operation object MUST have exactly one "op" member, whose value indicates the operation to perform and MAY be one of "add", "remove", or "replace".
    • The “path” attribute can be empty, in this case “value” should be a dictionary in the format of {“path”: “value”}.
    • For “Remove” operation the “members” path is required.
    • For the “Add” operation either “members” or “externalId” “path” should be present.
    • For “Replace” operation “members” path may be present. If it’s not there it means that we are replacing the group details (like group name) but not members.

    Note:

    • Assigning/unassigning users to a group happens asynchronously, so the changes won’t be reflected immediately in Udemy for Business.
    • We do not support nested groups, so they will be ignored during this request.

    Response:

    • HTTP status code 204 if the operation was successful.
    • HTTP status code 404 if the group does not exist.
    • HTTP status code 404 with the error details if there is an attempt to assign a group to a user that’s not a member of the organization.
    • HTTP status code 400 with the error details in the response body if the request did not pass the validation

    DELETE /Groups/<id>

    This endpoint is used to remove or deprovision a group in Udemy for Business. 

    The rules are the following:

    • If the group contains non-provisioned members, remove provisioned users from the group, delete `OrganizationSCIMGroup` record.

    Response:

    • HTTP status code 204 if the operation was successful.
    • HTTP status code 404 if the group does not exist.

    Further Reading

    Read Article
  • Configure SCIM Provisioning With OneLogin

    Once Single Sign-on (SSO) is set up you can then configure SCIM provisioning in OneLogin with Udemy for Business. This will allow you to provision, deprovision, create groups, manage group membership and change user profile details like name and email address in OneLogin, which automatically updates Udemy for Business. You will no longer need to update both OneLogin and Udemy for Business separately with these actions as it will all be synced from OneLogin.

    To enable SCIM Provisioning for your Udemy for Business account, first go to your Udemy for Business account and access Manage > Settings > Provisioning (SCIM).

    Click Start Setup and follow the instructions to enable SCIM and generate the Secret Token (Bearer token) which you then need to put into OneLogin.

    1.png

    Next, access your OneLogin account and go to your Udemy for Business SSO app and follow the steps below to get set up. 

    More information about setting up User Provisioning with OneLogin is available here.

    In the admin panel click on the applications tab

    2.png
    Next, click on “Add App

    3.png

    Type “SCIM” in the search box and select SCIM Provisioner with SAML (SCIM v2 Core)

    4.png

    Type in the Display Name. You can also add an icon and a description (optional) 

    Click “Save

    5.png

    Go to “Configuration

    {

        "schemas": ["urn:scim:schemas:core:2.0"],

        "userName": "{$parameters.scimusername}",

        "name": {

            "familyName": "{$user.lastname}",

            "givenName": "{$user.firstname}"

        },

        "emails": [{

            "value": "{$user.email}",

            "type": "work",

            "primary": true

        }],

        "title": "{$parameters.title}",

        "locale": "{$user.locale_code}",

        "externalId": "{$user.external_id}",

        "active": "{$user.status}"

    }

    • In the “Custom Headers” type: Content-Type: application/scim+json
    • Paste in the Bearer token

    6.png

    Click “Enable” and then “Save

    Go to “Provisioning

    7.png

    Select “Enable provisioning

    Choose your desired behaviour for:

    • when a user is deleted in OneLogin, or the user’s app access is removed
    • When user accounts are suspended in OneLogin

    Click “Save

    Provisioning users manually

    Go to “Users” and select a user you wish to provision

    8.png

    Go to “Applications” and click the + button

    9.png

    Select the Application and click “Continue” and then “Save

    10.png

    Go back to the new SCIM application and select users, click on the “Pending” provisioning status and click “Approve”

    11.png

    The user is now provisioned

    To automatically provision users without admin approval go to your application provisioning page and uncheck “Create user”, “Delete user” and “Update user” from “Require admin approval before this action is performed” and click “Save”

    12.png

    Configuring SAML in your SCIM application

    Go to your application configurations page:

    https://sso.connect.pingidentity.com/sso/sp/ACS.saml2?saasid=<ipdid>

    Click Save

    13.png
    Go to Parameters and click the + button

    Add a parameter SCIM.email with value Email and select “Include in SAML assertion

    Click Save

    14.png

    You can also add these optional parameters:

    • SCIM.name.givenName the given (or first) name of the user
    • SCIM.name.familyName the family (or last) name of the user
    • externalID the user ID specified by customer

    Click Save

    Click “More Actions”, download SAML metadata and give it to Udemy support

    15.png

    Read Article
  • Configure and Customize Your Account Settings

    The Settings section of your Udemy for Business account is where you can customize the appearance of your account, enable access features and configure integrations such as Single Sign-On (SSO) and Slack sharing. To access the Settings area click Manage > Settings.

    What you can do in Settings:

    settings.png

    Read Article
  • How to Configure Automatic Provisioning (SCIM) in Okta for Existing Udemy for Business Customers

    This guide provides the steps required for existing Okta and Udemy for Business customers to configure automatic provisioning, deprovisioning, profile updates and group management of Udemy for Business using System for Cross-domain Identity Management (SCIM 2.0).

    Notes:

    • If you already have SSO sign on enabled from the previous Udemy for Business app you do not need to reconfigure SSO again, just look for the Provisioning tab under Applications in Okta to set SCIM up. 
    • If you had SSO set up from a manual configuration by one of our team, you should add our new Udemy for Business app into your Okta account. You will find this in Applications by searching for Udemy for Business. Because this is a new version of our app in Okta, existing customers might be required to reconfigure Single Sign On (SSO) before enabling SCIM Provisioning. (step by step instructions below)
    • Users provisioned through Okta will not take up a license until they log into the Udemy for Business application for the first time. 
    • SCIM provisioning changes can only be synced from Okta to Udemy for Business, not the other way round. 
    • Users and Groups managed by SCIM in Okta cannot be changed within the Udemy for Business app - SCIM is the single source of truth for user and group data.

    Contents

    • Features
    • Requirements
    • Configuration Steps
    • Schema Discovery
    • Troubleshooting Tips

    Features

    The following provisioning features are supported:

    • Identity Provider (IdP) Initiated SSO
      • Users will be able to initiate the login process from their Okta dashboard
    • Service Provider (SP) Initiated SSO
      • Users will be able to access [your-subdomain.udemy.com] and initiate the login process their Udemy for Business login page.
    • Just in Time (JIT) Provisioning
      • Users authenticated through SSO will be provisioned to Udemy for Business on their first login.
      • All user attributes which are configured to be sent will be updated whenever the user logs in. This does not apply to SCIM users since they are only managed by SCIM.
    • Push Users with Ahead of Time Provisioning (SCIM)
      • New users associated with Udemy for Business app on Okta will be created on Udemy for Business.
    • Push Profile Updates (SCIM)
      • Updates made to the user's profile through Okta will be pushed to Udemy for Business for users that are associated with the Udemy for Business on Okta.
    • Push User Deactivation (SCIM)
      • Deactivating the user or disabling the user's access to the application through Okta will deactivate the user on Udemy for Business and remove them from all groups.
      • Note: For Udemy for Business, deactivating a user means removing access to login, but maintaining the user's information on Udemy for Business as a deactivated user.
    • Reactivate Users
      • User accounts can be reactivated on Udemy for Business by reassigning the app to that user through Okta.
    • Group Push (SCIM)
      • Groups and their memberships will be pushed to Udemy for Business. Manage groups is limited to groups pushed originally from Okta as we do not send information of groups created on Udemy for Business.

    Configuration Steps

    1 - To get started, log into your Udemy for Business account and go to the User Access page from Manage > Settings > Single Sign-On (SSO).

    Click Start setup. Choose your Identity Provider and follow the instructions from there to enable SCIM, and generate your credentials for inputting into your Identity Provider, as part of the configuration process.

    start_scim_integration.png

    2 - From your Okta's Dashboard, use the top menu to access the Applications page.

    3 - Click on the button Add Application, search for Udemy for Business and click Add.

    1.png

    4 - Adding Udemy for Business app will redirect you to the Application General Settings - Required page as shown below.

    2.png

    5 - Add the Audience URI (SP Entity ID) value below into the corresponding field and click Done. 

    d905a6ca-adf9-45e2-9b9d-0d6485f27206

    Note: 

    • If you already have SSO login enabled from the previous Udemy for Business app you do not need to reconfigure SSO again, proceed to step 8. 
    • If you had SSO set up from a manual configuration by one of our team, you should reconfigure SSO with the new app.
      • You can avoid any SSO downtime by hiding the Udemy for Business tile in your Okta dashboard until the new SSO and SCIM configuration is complete. 
      • Beside Application Visibility click ‘Do not display application icon to users’

    6 - Click on Sign On tab to start the SSO configuration. 

    7 - Click on Identity Provider metadata, save the metadata file or copy the metadata URL with your organization's metadata. 

    Access the SSO section of your Udemy for Business account. On the configuration page, choose the appropriate metadata configuration method, and follow the instructions to create the SSO connection with your Identity Provider and Udemy for Business.

    SSO_settings.png

    8 - To enable automatic Provisioning (SCIM) click on the tab Provisioning and Configure API integration.

    3.png

    9 - Click on Enable API integration and add your subdomain, CLIENT_ID as username, and SECRET_ID as password

    [You can generate or view these credentials in your Udemy for Business account by accessing the Provisioning (SCIM) page under Settings.]

    4.png

    10 - Click on Test API Credentials and you should see a message like below. Otherwise, send a message to the Udemy for Business Support Team (ufbsupport@udemy.com) with the given error message.

    5.png
    11 - Click on Save and you will be redirected to the Application Provisioning configuration page.


    6.png

    12 - On To App link click on Edit to enable individual features. To use all the capabilities we recommend to enable Create Users, Update User Attributes and Deactivate Users on this page.

    7.png
    13 - Click on Save

    14 - Click on the Assignments tab to assign Udemy for Business to single users or entire groups. Assigned users will be automatically provisioned after being added, automatically modified when changes are made to their profiles, and automatically deactivated when they are removed from assignments.

    15 - Click on the Push Groups tab to send groups and their membership information to Udemy for Business.

    8.png
    16- Click on + Push Groups and select the groups you want to push to Udemy for Business.

    You will be able to select each group, or you can create an automatic rule.

    9.png
    17 - Select the group search criteria and fill the requested information for the groups you would like to send information to Udemy for Business.

     10.png18 - After selecting the group, check Push group memberships immediately to send not only the group but the members within the group as soon as you select the group, and click on Save.

    19 - Follow the previous steps for groups selection for all groups you would like to send to Udemy for Business.

    Note: After Okta sends User or Group information to Udemy for Business, we will consider Okta as the source of truth, and will not allow changes to user profiles or groups on Udemy for Business.

    Read Article
  • How to Automate User and Group Management With SCIM

    Udemy for Business supports user and group access and identity management with the System for Cross-domain Identity Management (SCIM) standard. SCIM is used by Single Sign-On (SSO) services and Identity Providers to manage people across a variety of apps and tools, including Udemy for Business.

    What you can do with SCIM:

    • Grant access to users and groups (provisioning)
    • Deactivate users and groups (deprovisioning) 
    • Change user details: name, email address 
    • Create, remove or edit groups
    • Manage group membership (users changing groups)

    What you cannot do with SCIM:

    • Delete User PII - this is dependent on the Identity Provider. 
      • In Okta you cannot Delete User PII with SCIM. You can, however, do this in the Udemy for Business platform once the user has been unassigned the Udemy for Business app, or deactivated in the Identity Provider. 
      • In Azure AD you can Delete User PII with SCIM by permanently deleting the user in Azure AD. 
    • Sync data from Udemy for Business back to the Identity Provider 

    Once you take any of the above actions, the data or change will automatically update in Udemy for Business.

    Your SCIM integration setup will vary depending on the identity provider you use. 

    Udemy for Business supports SCIM Provisioning for the key identity providers and SSO services that offer access and identity management. 

    SCIM Provisioning is available to Enterprise Plan customers using Single Sign-on (SSO). 

    Note: Users provisioned through SCIM in your SSO service will not take up a license until they join Udemy for Business by signing in for the first time. 

    If you wish to disconnect a learner from being managed by your IdP with SCIM, you can do so by deleting the learner's PII in your Udemy for Business account.

    If you need to manage a learner directly from within your Udemy for Business account and not via your SSO IdP, and further, you do not wish to delete their PII, please reach out to ufbsupport@udemy.com for further assistance.

    How to enable SCIM provisioning

    To enable SCIM provisioning for your Udemy for Business account, go to your Udemy for Business account to Manage > Settings > Provisioning (SCIM). 

    Scroll to the SCIM Integration section. Next, follow the instructions to enable SCIM, choose your Identity Provider from the dropdown and generate the credentials (Username and Password or Secret/Bearer token), which you then need to input into your Identity Provider as part of the configuration.

    SCIM_1.png

    Depending on which Identity Provider you use, follow the instructions in the appropriate guide below to complete the SCIM set up.

    Okta Configuration Guide 

    Azure AD Configuration Guide 

    OneLogin Configuration Guide

    How to disable SCIM provisioning

    To disable SCIM provisioning for your Udemy for Business account (if you’re changing providers or no longer require SCIM) access Manage > Settings > Provisioning (SCIM).

    Scroll to the SCIM Integration section and click on the Disable Integration link and follow the instructions to disable SCIM. This will disable the integration from the Udemy for Business side, but your IT team will need to disable the integration from the Identity Provider side also. 

    You can continue to use Udemy for Business as usual, but you will need to manually update user and group information within the platform from now on.

    SCIM_2.png

    Read Article
  • How to Configure Single Sign-On & Provisioning in Okta for Udemy for Business

    This guide provides the steps required to configure Single Sign-On using Security Assertion Markup Language (SAML 2.0) and Provisioning using System for Cross-domain Identity Management (SCIM 2.0)  for Udemy for Business.

    Existing Okta and Udemy for Business customers who wish to enable SCIM Provisioning in Okta should use this configuration guide.

    Notes:

    • Single sign-on and provisioning are available to Udemy for Business Enterprise Plan customers.
    • Users provisioned through Okta will not take up a license until they log into the Udemy for Business application for the first time. 
    • SCIM provisioning changes can only be synced from Okta to Udemy for Business, not the other way round. 
    • Users and Groups managed by SCIM in Okta cannot be changed within the Udemy for Business app - SCIM is the single source of truth for user and group data.

    Contents

    • Features
    • Requirements
    • Configuration Steps
    • Schema Discovery
    • Troubleshooting Tips

    Features

    The following provisioning features are supported:

    • Identity Provider (IdP) Initiated SSO
      • Users will be able to initiate the login process from their Okta dashboard
    • Service Provider (SP) Initiated SSO
      • Users will be able to access [your-subdomain.udemy.com] and initiate the login process their Udemy for Business login page.
    • Just in Time (JIT) Provisioning
      • Users authenticated through SSO will be provisioned to Udemy for Business on their first login.
      • All user attributes which are configured to be sent will be updated whenever the user logs in. This does not apply to SCIM users since they are only managed by SCIM.
    • Push Users with Ahead of Time Provisioning (SCIM)
      • New users associated with Udemy for Business app on Okta will be created on Udemy for Business.
    • Push Profile Updates (SCIM)
      • Updates made to the user's profile through Okta will be pushed to Udemy for Business for users that are associated with the Udemy for Business on Okta.
    • Push User Deactivation (SCIM)
      • Deactivating the user or disabling the user's access to the application through Okta will deactivate the user on Udemy for Business and remove them from all groups.
      • Note: For Udemy for Business, deactivating a user means removing access to login, but maintaining the user's information on Udemy for Business as a deactivated user.
    • Reactivate Users
      • User accounts can be reactivated on Udemy for Business.
    • Group Push (SCIM)
      • Groups and their memberships will be pushed to Udemy for Business. Manage groups is limited to groups pushed originally from Okta as we do not send information of groups created on Udemy for Business.

    Configuration Steps

    1a - To get started, log into your Udemy for Business account and go to Settings > Single Sign-On (SSO). Click Start setup, choose your Identity Provider from the list and follow the instructions to configure SSO and input your Identity Provider Metadata to automatically create the SSO connection with Udemy for Business.

    SS0_Settings.png

    1b - While still within your Udemy for Business account you can access the necessary details to set up SCIM Provisioning which automates user and group management. 

    Access the tab under SSO called Provisioning (SCIM). Click Start setup, choose your Identity Provider and follow the instructions from there to enable SCIM and generate your credentials for inputting into your Identity Provider as part of the configuration process.

    SCIM_Integration_Start.png

    2 - From your Okta's Dashboard, use the top menu to access the Applications page.

    3 - Click on the button Add Application, search for Udemy for Business and click Add.

    okta_verified.png

    4 - Adding Udemy for Business app will redirect you to the Application General Settings - Required page as shown below.

    add_udemy_for_business.png

    5 - Add the Audience URI (SP Entity ID) value below into the corresponding field and click Done.

    d905a6ca-adf9-45e2-9b9d-0d6485f27206

    6 - Click on Sign On tab to start the SSO configuration.

    7 - Click on Identity Provider metadata, save the metadata file or copy the metadata URL with your organization's metadata. 

    Access the SSO section of your Udemy for Business account again, and on the configuration page, choose the appropriate metadata configuration method and follow the instructions to create the SSO connection with your Identity Provider and Udemy for Business.

    sso_2.png

    8 - To enable Auto Provisioning (SCIM) click on the tab Provisioning and Configure API integration.

    provisioning.png

    9 - Click on Enable API integration and add your subdomain, CLIENT_ID as username, and SECRET_ID as password

    [You can generate or view these credentials in your Udemy for Business account by accessing the User Access page under Settings.]

    integration.png

    10 - Click on Test API Credentials and you should see a message like below. Otherwise, send a message to the Udemy for Business Support Team (ufbsupport@udemy.com) with the given error message.

    verified.png

    11 - Click on Save and you will be redirected to the Application Provisioning configuration page.

    to_app_okta.png

    12 - On To App link click on Edit to enable individual features. To use all the capabilities we recommend to enable Create Users, Update User Attributes and Deactivate Users on this page.

    to_app_save.png

    13 - Click on Save

    14 - Click on the Assignments tab to assign Udemy for Business to single users or entire groups. Assigned users will be automatically provisioned after added, modified when updated their profiles, and deactivated when they are removed from assignments.

    15 - Click on the Push Groups tab to send groups and their membership information to Udemy for Business.

    push_groups_.png

    16- Click on + Push Groups and select the groups you want to push to Udemy for Business.

    You will be able to select each group, or you can create an automatic rule.

    push_group_.png

    17 - Select the group search criteria and fill the requested information for the groups you would like to send information to Udemy for Business 

    push_group_by_name.png

    18 - After selecting the group, check Push group memberships immediately to send not only the group but the members within the group as soon as you select the group, and click on Save.

    19 - Follow the previous steps for groups selection for all groups you would like to send to Udemy for Business.

    Note: After Okta sends User or Group information to Udemy for Business, we will consider Okta as the source of truth, and not allow modifications to user profiles or groups on Udemy for Business.

    For SP-initiated SSO

    1- Go to https://[your-subdomain].udemy.com

    2- Click on Continue with SSO

    sso_ufb.png 

    Read Article
  • Team Plan Receipts

    Accessing Team Plan Receipts:

    Receipts are available to view, print, and download in your Udemy for Business Team Plan account. To view and access all your receipts, visit Manage > Billing. Your Payment History will be available at the bottom of the Billing page. Only account Admins will be able to see your company receipts.

    To Edit Receipt Information:
    You can now make a one time edit to the following information on your receipt:

    • Company Name
    • Company Address
    • Tax ID

    receipt_details.png

    To make these changes, visit Manage > Billing. Go to “Payment History” and view the receipt.

    team_plan_receipt.png

    Once you click into the receipt, you will be prompted to add a Company Name, Address, and Tax ID (optional). Note: This will only happen the first time you access receipts.

    If you would like to make any additional changes or add any additional information to your receipt please click on “Request Change” when you are viewing the receipt. Please specify what you would like to change on the receipt in the form. Our Support Team will make the changes and contact you when the new information has been updated. The update will be reflected in all receipts.

    Please note that the Udemy address on the receipt cannot be changed.

    Read Article
  • Nonprofit Plan FAQ

    The Udemy for Business Nonprofit Plan is a special, more affordable, pricing of our Udemy for Business Enterprise Plan. The Nonprofit Plan is available to all registered U.S. 501(c)(3) organizations. Your organization must have a valid Employer Identification Number (EIN) to qualify as a Nonprofit. The plan offers an annual subscription to over 4,000 of Udemy’s best courses to a minimum of 21 users. For specifics on what is included in the Nonprofit Plan, please click here.

    Below are answers to some of the most frequently asked questions we receive regarding the Udemy for Business Nonprofit Plan.

    What is the cost?

    Since nonprofit organizations around the U.S. come in all shapes and sizes, our sales team wants to work closely with you to figure out the price that works best for you. Please request a demo from our sales team here and we will help you make learning and development a priority at your organization.

    Can I pay monthly?

    At this time, there is only an annual subscription available.

    How can I pay for the Nonprofit Plan?

    All Udemy for Business Nonprofit customers are invoiced with Net 30 payment terms based on the completion of an agreement. Payments are accepted via check or ACH.

    I work at an international nonprofit. Can I qualify for the special discounted pricing?

    The Nonprofit Plan is currently only available to U.S. registered nonprofits. If you are interested in using Udemy for Business for your learning and development needs, please consider learning more about our Enterprise Plan or our Team Plan. Contact us here if you have any other questions.

    What currencies do you accept?

    We currently only accept payments in US Dollars.

    I do not need 21 licenses. Can I request less?

    Not at this time. In order to best support nonprofit organizations around the country, we ask for a minimum purchase of 21 licenses.

    Which courses are included in the Nonprofit Plan?

    Your nonprofit organization will have on-demand access to a content collection of more than 4,000 professional courses across 20+ business and technical topics. These top-rated courses have been curated from Udemy.com — our global marketplace powered by tens of thousands of instructors all over the world who teach over 50 million students. (Note that not all courses on udemy.com are available as part of the Udemy for Business Nonprofit Plan.)

    Our content team works hard to ensure that we only include the most highly rated and engaging courses from Udemy.com. You can view the full content collection here. We are also pleased to offer courses tailored to the specific needs of nonprofit organizations. You may browse through some of these sample courses here.

    What language are the courses in?

    Currently, all courses in the Nonprofit Plan are in English. A few courses will have English captions available.

    What is your refund policy?

    As stated in our Udemy for Business Agreement, under section 8, we do not accept refunds at this time. All purchases are final. All fees shall be paid in US dollars and are non-refundable.

    Can I add more users during my subscription?

    Certainly! Just contact us here and we would be happy to help!

    Does the administrator require a license?

    Yes. In order to access your learning account, you, as an account administrator, must occupy a license. This means if you purchase a Nonprofit Plan with the minimum 21 licenses required, you will occupy one seat, and you’ll be able to invite 20 additional team members to your account.

    Can I customize our team’s account with our organization’s logo or branding?

    Definitely! Your nonprofit's account administrator will be able to set up a custom logo or branding for your organization. Please review this support article to find out how to customize your account.

    What reporting and insights are available?

    Nonprofit subscribers get access to the same analytics and reporting that are included in the Udemy for Business Enterprise Plan. To learn more about the various reports and dashboards available, please see this article.

    I am an existing Udemy for Business customer. Can I get this discount retroactively?

    Since all of our deals are annual subscriptions, we will not be able to apply the discount to your account retroactively. We are happy to honor the discount at the time of your renewal for the following year.

    What if I have more questions about the Nonprofit Plan?

    You can learn more about the Nonprofit Plan here. If you have any additional questions regarding the Nonprofit Plan, please contact us at ufbsupport@udemy.com.

    Read Article
  • Team Plan Renewal FAQ

    Below are answers to frequently asked questions we receive regarding Team Plan renewals.

    Who can enable Team Plan Renewals?

    Anyone who is designated as an “Admin” in your account can renew your Team Plan contract, enable automatic renewals, or see and change their payment method. How to make a user an admin.

    How can admins enable automatic Team Plan renewals?

    Customers with Admin access can turn automatic renewals on by going to Manage > Settings > Billing and then toggling the renewal option.

     toggle_on_.png

    How can I opt out of automated renewals?

    Customers with Admin access can turn automatic renewals on or off at any time by going to Manage > Settings > Billing and then toggling the renewal option.

    What will happen if payment is declined on the automatic renewal date?

    We will notify you by email so you can update your account with a working debit or credit card. If your credit card on file has expired before the renewal date, we will also notify you via email.  

    How can admins manually renew the Team Plan subscription?

    Admins can manually renew the Team Plan subscription by navigating to Manage > Settings > Billing and entering the number of licenses required. Please note: your Team Plan subscription cannot be manually renewed until after it has expired. 

    For more information on adding more licenses to your subscription please click here.

    What forms of payment are accepted?

    Currently the following debit / credit cards are accepted by Udemy for Business: Visa, Mastercard, and AMEX.

    Please note that only one payment method can be associated with an account.

    payment_options.png

    Read Article
  • Webinar: New Admin Training

    Welcome to Udemy for Business! To help you get started with your new Udemy for Business account, we offer live webinars to get you and your team off to a successful start. This 45-minute webinar is hosted via GoToWebinar.

    Join us for an interactive webinar and walk away with:

    • A blueprint for launching Udemy for Business at your company
    • Strategies for developing a culture of learning at your organization
    • Specific tactics for driving ongoing adoption of Udemy for Business
    • A deep understanding of the Admin capabilities of the platform
    • Product knowledge to support your team

    To register for an upcoming webinar, click on one of the links below.

    Please invite everyone in your organization who will be an admin of your Udemy for Business account.

    If you have any questions, please click on the Contact Us icon. 

    Read Article
  • Team Plan FAQ

    Team Plan is a self-serve, subscription service for Udemy’s solution for businesses, Udemy for Business. Team Plan is designed for teams or organizations of 5-20 people, who are in need of on-demand learning and development at work. With a subscription to Team Plan, you and your team will get access to 4,000+ of Udemy’s most highly rated business and technical courses.

    Below are answers to some of the most frequently asked questions we receive regarding Team Plan. You can also learn more about Team Plan here.

    What is the cost?

    Team Plan is priced as an annual subscription of $360 (in USD) per person, per year, and payment is due in full, upfront. There is a minimum of 5 users required for purchase. This means that the minimum purchase will be $1800 US Dollars, plus applicable taxes. You can view more details here.

    Can I pay monthly?

    No. At this time, only an annual payment option is available.

    What currencies do you accept?

    We currently only accept payments in US Dollars.

    Can I buy this for 1,2,3 or 4 users?

    Not at this time. The Udemy for Business Team Plan is meant for groups of 5 or more people, up to 20 people in total.

    What is your refund policy?

    As stated in our Udemy for Business Agreement, under section 8, we do not accept refunds at this time. All purchases are final. All fees shall be paid in US dollars and are non-refundable.

    Which courses are included in the Team Plan subscription?

    You and your team will have on-demand access to a collection of more than 4,000 professional courses across 20+ business and technical topics. These top-rated courses on Udemy have been curated from Udemy.com; our global marketplace powered by over 50 million students, 57,000 instructors, and 150,000 courses. Our content team works hard to ensure that we only include the most engaging courses from Udemy.com. You can view the full content collection here or explore the courses by creating your free trial account here. All courses are currently in English.

    How can I renew my Team Plan subscription?

    Steps to manually renew your team plan subscription or set up automatic renewals can be viewed here.

    What language are the courses in?

    Currently, all courses on Udemy for Business are in English. A few courses will have English captions available.

    How is Team Plan different from Udemy.com?

    Team Plan is a product offered by Udemy for Business, Udemy’s business product offering. It has been designed to serve small teams and organizations of 5 to 20 people. Instead of purchasing courses one by one on udemy.com, Team Plan provides a team of people with unlimited access to over 4,000 of Udemy’s top-rated business and technical courses, in your own unique account. Your team can take these courses at any time, however many times they want, within the one-year plan. The plan is priced as an annual subscription at $360 (plus applicable taxes) per person per year.   

    How is Team Plan different from Enterprise Plan?

    Team Plan is designed for teams and organizations for  5-20 people. The Enterprise Plan is a product designed for larger departments and organizations of 21 or more people. Both plans offer the same course collection of high-quality professional content. The Enterprise Plan includes additional features such as SSO support, API integration, and advanced analytics. To view more differences between the two plans, please click here.

    Can I pay via check, sales order, or purchase order?

    Not at this time. All Team Plan payments must be made via a credit card online.

    Can I add more users during my subscription?

    Yes! For more information on adding more licenses to your subscription please click here.

    Does the administrator require a license?

    Yes. In order to access your Udemy for Business learning account, you, as an account admin, must occupy a license. This means if you purchase Team Plan for 5 users, you will occupy one seat, and you’ll be able to invite four additional team members to your account.

    What if I find a course on Udemy.com that I want added to Udemy for Business?

    It's best to try entering different keywords when searching for the course or topic you want to learn first. Further instructions on how to do this can be viewed here. If the course you want is not in the Udemy for Business collection, you can suggest that the course be added here. Our content team reviews these course suggestions on a monthly basis, and will do their best to honor all requests, but please know that not all suggestions will be honored.

    Can I customize our team’s account with our organization’s logo or branding?

    Yes! Team Plan accounts can be customized to include your organization’s name, logo or icon. In addition, you can also upload a background to reflect your organization’s brand. At the time of the account creation, you can also provide a unique URL that is directly related to your Team Plan Account. For example, if your company name is acme, your account URL could be acme.udemy.com.

    What reporting and insights are available?

    Team Plan subscribers have access to basic analytics through the User Adoption Dashboard, which helps you understand how many and which users have logged in to your Udemy for Business account and started using it. User Adoption information can also be exported via a CSV file.

    For more information regarding the User Adoption Dashboard, please click here.

    I have a sales tax exemption certificate. How do I provide it so that I’m not charged tax on my subscription?

    The Udemy for Business Master Services Agreement (MSA) outlines applicable transaction taxes as the responsibility of our customers. As such, Udemy invoices now include a transaction tax, such as VAT, GST, or sales tax, in addition to your Team Plan subscription total, as required by law based on where your licenses are being consumed.

    Customers who are exempt from these taxes can email us at ufbsupport@udemy.com and request for a refund on any taxes applied to their Team Plan purchase.

    I have paid for tax but I have a tax exemption certificate. Am I eligible for a refund? 

    Yes. Please email us your certificate at ufbsupport@udemy.com and we will process a refund for any taxes applied to your Team Plan purchase.  

    What if I have more questions about Team Plan?

    If you have any additional questions regarding Team Plan, please contact Udemy for Business Support.


    Read Article
  • How to Configure Single Sign-On and Provisioning in Azure AD for Udemy for Business

    This guide provides the steps required to configure Single Sign-On using Security Assertion Markup Language (SAML 2.0) and Provisioning using System for Cross-domain Identity Management (SCIM 2.0)  for Udemy for Business.

    If you have already configured SSO with SAML in Azure AD for Udemy for Business and just want to enable SCIM Provisioning, access your existing Udemy for Business SSO in Azure AD and follow the instructions from section 2 below (after SSO set up).

    Udemy for Business SAML Metadata for Azure AD is linked here.

    Notes:

    • Single sign-on and provisioning are available to Udemy for Business Enterprise Plan customers.
    • Users provisioned through Azure AD will not take up a license until they log into the Udemy for Business application for the first time. 
    • SCIM provisioning changes can only be synced from Azure AD to Udemy for Business, not the other way round. 
    • Users and Groups managed by SCIM in Azure AD cannot be changed within the Udemy for Business app - SCIM is the single source of truth for user and group data.
    • You can still create groups manually in Udemy for Business if you have users that you don’t need or want to push from Azure AD, eg. contractors or temporary staff.

    1. Configure Single Sign-On (SSO) with Azure

    Log in to your Azure portal and click Azure Active Directory.

    1.png

    Next, select Enterprise applications.

    2.png

     Now click + New application in the top bar.

    3.png

     Select Non-gallery application.

    4.png

    Enter a name for the new application and click Add at the end of the window.

    5.png

    Then select Set up single sign on. 6.png

    For Single Sign-on mode, select SAML based Sign-on.

    7.png

    Follow the 4 steps on the SSO with SAML screen. Azure AD has also provided a detailed configuration guide at the top of the page for further guidance.

    8.png

    For Step 1, Basic SAML Configuration:

    9.png

    For Step 2, User Attributes and Claims:

    In the User Identifier field, enter user.mail.

    Udemy for Business supports the following SAML attributes (all attributes are case-sensitive).

    Required attributes

    • SCIM.email
      the unique email of the user

    Optional attributes

    • SCIM.name.givenName
      the given (or first) name of the user
    • SCIM.name.middleName
      the middle name (if any) of the user
    • SCIM.name.familyName
      the family (or last) name of the user
    • SCIM.name.formatted
      the fully formatted name of the user
    • groups
      the list of groups to which the user belongs
    • externalID
      a unique user ID specified by the customer

    To change each attribute, click on the respective row.

    Enter the attribute name as specified in the table above, select the corresponding value and remove Namespace value (leave it blank) and click OK.

    To add more attributes to your SAML assertion, click Add attribute and repeat the process.

    10.png 

    Once you’re done adding the attributes, click Save to complete the configuration.

    For Step 3, in the SAML Signing Certificate section, copy the App Federation Metadata URL or click Download Federation Metadata XML, which will export the Metadata file.

    Access the Single Sign-On (SSO) tab of your Udemy for Business account. Click Start setup and choose your Identity Provider. On the configuration page, choose the appropriate metadata configuration method and follow the instructions to create the SSO connection with your Identity Provider and Udemy for Business.

    sso_providers.png

    Now you’re ready to give your users access to Udemy for Business.

    Click on Azure Active Directory.

    12.png

    Select Enterprise applications.

    13.png


    Select your newly created application from the list.

    Click Users and groups.

    14.png

    Click on Add User -> Users and Groups

    Select all users you want to add to the application and click Select.

    15.png 

    You have now completed configuring SSO for Udemy for Business with Azure AD.

    2. Configure SCIM Provisioning with Azure AD

    Once Single Sign-on (SSO) is set up you can then configure SCIM provisioning in Azure AD with Udemy for Business. This will allow you to provision, deprovision, create groups, manage group membership and change user profile details like name and email address which is then automatically updated in Udemy for Business. You will no longer need to update both Azure and Udemy for Business separately with these actions as it will all be synced from Azure.

    1a.png

    To enable SCIM Provisioning for Udemy for Business, first go to your Udemy for Business account and access Manage > Settings > Provisioning (SCIM).

    Click Start Setup, choose your Identity Provider and follow the instructions to generate the Secret Token (Bearer token) which you then need to input into Azure AD.

    Next, access your Azure AD account and go to your Udemy for Business SSO app and follow the steps below to get set up. You can also refer to Microsoft’s own configuration guide for SCIM Provisioning with Azure AD for further guidance.

    Go to the Provisioning tab in your Azure portal.   

    (Note: udemyazure is a test name we used in the screenshots below for the purpose of illustrating how to configure SCIM; you should locate the app that was named by your team when configuring SSO) 

    1b.png

    Choose Automatic as the Provisioning Mode.

    1c.png

    In the Admin Credentials section:

    Tenant URL is: https://yourdomain.udemy.com/scim/v2 (yourdomain is the url for your Udemy for Business account)

    Secret Token: This is a ‘Bearer’ token that you can generate or view inside your Udemy for Business account. (go to Manage > Settings > User Access to get the Secret Token)

    Click Test Connection to check that it’s working correctly. 

    Optional: You can enter an email address if you wish to receive alerts from Azure about errors.1d.png
    In Mappings

    Check the attribute mapping so that user's email is mapped to emails[type eq "work"].value 

    1e.png

    1f.png

    In Settings

    Toggle the Provisioning Status button to On.1h.png

    Choose the Scope of how you want to sync your users and groups.

    1i.png

    You can sync only users and groups who are assigned the Udemy for Business app if you need to restrict access to certain employees or departments. Or, you can sync all users and groups if every employee is going to have access.

    1j.png

    In order to provision more users and groups with Udemy for Business access:

    Click Users and groups

    1k.png

    Click on Add User (which will give you the option to add both Users and Groups)

    Select all users or the groups you want to add to the application and click Select.

    1l.png

    Troubleshooting

    In relation to Mappings:

    1m.png
    If you experience this error when provisioning:

    {"schemas":["urn:ietf:params:scim:api:messages:2.0:Error"],"status":400,"detail":"{'emails': ['This field is required.']}"}

    You should change the mapping of the User.

    1n.png
    emails[type eq "work"].value needs to be mapped to userPrincipalName that is, if userPrincipalName is where the email is.

    If you go to the user profile, you should be able to see which field contains the email there.1o.png

    Read Article
  • Configuring SSO With Your Identity Provider

    Udemy for Business supports SSO integrations for SAML 2.0 standard identity providers. The list below includes links to tutorials that outline how you can set up SSO integration for your identity provider.

    How to enable SSO in your Udemy for Business account

    You can enable SSO in your Udemy for Business account yourself, using our self-serve settings, by doing the following.

    1. Access Manage > Settings > Single Sign-On (SSO). 
    2. Click Start Setup
    3. Choose your Identity Provider and using our supporting documentation, configure your SSO integration and choose from a range of optional settings.

     sso_options.png

    How to pause or delete SSO in your Udemy for Business account

    You can pause or delete SSO in your Udemy for Business account using our self-serve settings, by doing the following.

    1. Access Manage > Settings > Single Sign-On (SSO). 
    2. Use the toggle to pause your connection or the Delete Connection link to remove the SSO connection completely. 

    Both actions will prevent your users logging into Udemy for Business through SSO. By pausing, however, all of the SSO connection details are maintained. If you delete the connection, you will need to configure SSO once again, if you wish to enable it in future.

    pause_sso.png

    How to replace your SSO Certificate

    You can replace your SSO Certificate in your Udemy for Business account by using our self-serve settings. 

    1. Access Manage > Settings > Single Sign-On (SSO). 
    2. Use the Replace Certificate link to upload a new SSO Certificate, which is provided by your Identity Provider.
    3. Replace the certificate in your Identity Provider once it’s been updated in Udemy for Business. 

    Note: Please update your SSO Certificate in Udemy for Business first before updating it in your Identity Provider to avoid a certificate mismatch from occurring which would prevent your team from being able to access your Udemy for Business account.

    replace_certificate.png

    Read Article
  • How to Configure SSO With ADFS

    In this tutorial we will configure ADFS with Udemy for Business using the metadata from ADFS.

    Udemy for Business SAML Metadata for ADFS is linked here.

    Configuring ADFS

    1. Launch the ADFS 2.0 console.

    1.png 

    2. Under Trust Relationships > Relying Party Trusts, add a new Relying Party Trust. This will launch the wizard shown below.

    2.png 

    3. Next, you will be prompted to import the Udemy for Business Metadata file.

    3.png

    4. Enter a name for the connection, for example Udemy for Business. 

    4.png

    5. On the Choose Issuance Authorization Rules step, select Permit all users to access this relying party.

    5.png

    6. Click Next to view the summary and complete the wizard.

    6.png

     7. Leave the “Open the Edit Claim Rules…” option checked and finish the wizard.

     image7.png

    8. This will launch the Edit Claim Rules configuration utility.

    8.png

    9. This example will only gather claims from Active Directory to present to Udemy for Business. 

    9.png

    10. Configure a basic claim set.

     Udemy for Business supports the following SAML attributes (all attributes are case sensitive).

     Required attributes

    • SCIM.email
      the unique email of the user
       

    Optional attributes 

    • SCIM.name.givenName
      the given name of the user
    • SCIM.name.middleName
      the middle name (if any) of the user
    • SCIM.name.familyName
      the family (or last) name of the user
    • SCIM.name.formatted
      the fully formatted name of the user
    • Name ID
    • groups
      the list of groups to which the user belongs
    • externalID
      A unique user ID specified by the customer

    10.png

    11. Once you’ve configured the claims, back on the ADFS 2.0 Relying Party Trusts window, right-click the newly created connection and view the properties for the connection. Navigate to the Encryption tab and Remove the encryption certificate.

    11.png

    12. That will complete the ADFS configuration. Next, you should download the metadata and input it into your Udemy for Business account to create the SSO connection. You can find the Metadata file at:

    https://<ADFS server name>/FederationMetadata/2007-06/FederationMetadata.xml

    Access the Single Sign-On (SSO) tab of your Udemy for Business account. Click Start setup and choose your Identity Provider. On the configuration page, choose the appropriate metadata configuration method and follow the instructions to create the SSO connection with your Identity Provider and Udemy for Business.

    sso_providers.png

    Read Article
  • How to Configure SSO With G Suite

    In this tutorial, we will configure G Suite (formerly known as Google Apps for Work). 

    Udemy for Business SAML Metadata for G Suite is linked here.

    Locating Your SaasID

    To configure G Suite you will need your SaasID. This value will be provided by Udemy and it is going to be the sub domain to access udemy, e.g. the yoursubdomain where Udemy For Business full address is yoursubdomain.udemy.com.

    In addition to your SaasID, you will also need the following parameters to configure G Suite.

    Creating a New SAML Application in G Suite

    The steps below outline how to create a new SAML application in G Suite.

    1. Log into G Suite for Work Admin Console.
    2. Navigate to Apps > SAML Apps.
    3. Click Add a service/App to your domain.
    4. Choose Setup My Own Custom App, and click Next.
    5. Enter the Application Name and Description, upload a logo if desired, and click Next.
    6. Enter the ACS URL and Entity ID fields with the information given above.
    7. Leave Start URL blank, unless required.
    8. The NameID will automatically be set to the Primary Email address so leave it at that. Click Next.
    9. If your application requires additional attributes, you can add them in this section. If not, click Finish.
    10. Click OK to complete the wizard.
    11. By default, new applications are OFF for all users. Click the menu icon and choose ON for Everyone.

    gsuite.png

    Once the SAML application is created, you will need to configure attributes that are going to be sent in the SAML assertion.

    Udemy for Business supports the following SAML attributes (all attributes are case sensitive).

    Required attributes

    • SCIM.email
      the unique email of the user

    Optional attributes

    • SCIM.name.givenName
      the given name of the user
    • SCIM.name.middleName
      the middle name (if any) of the user
    • SCIM.name.familyName
      the family (or last) name of the user
    • SCIM.name.formatted
      the fully formatted name of the user
    • groups
      the list of groups to which the user belongs
    • externalID
      A unique user ID specified by the customer

    Finally, you will need to generate a metadata file for the newly created SAML application and enter it into your Udemy for Business account to create the SSO connection. 

    Access the Single Sign-On (SSO) tab of your Udemy for Business account. Click Start setup, choose your Identity Provider and on the configuration page choose the appropriate metadata configuration method. Then follow the instructions to create the SSO connection with your Identity Provider and Udemy for Business.

    sso_providers.png

    Please note: when adding a new SAML application in G Suite, it might take up to 24 hours for the process to be completed.

    Read Article
  • How to Configure Udemy for Business and Onelogin

    When SSO is enabled, enterprise customers will be able to manage employee authorization and authentication to their Udemy for Business learning site from their corporate identity system. Udemy for Business (UFB) supports federated authentication via SAML 2.0-based Single Sign-On (SSO).
    In this tutorial, we will configure OneLogin using the metadata provided by the Udemy for Business team or the metadata downloaded from 
    here [linked].

    Udemy for Business SAML Metadata for Onelogin is linked here.

    This article will cover all the key steps to add and configure Udemy for Business SSO for Onelogin. You may, however, also want to refer to this Onelogin article for additional details.

    Steps to Configure Udemy for Business and Onelogin:

    1. Add an App in OneLogin
    2. Configure Application Details
    3. Set the Parameters for the App
    4. Assign Users and Groups to the application
    5. Download metadata (to input into your Udemy for Business account)

    Add an App

    Start by navigating to Apps > Add Apps in the OneLogin administrator dashboard. Next, search for SAML Test Connector (IdP w/attr) and select the first result from the search results.

    1.png

     Select Add App:

    2.png

    On the Find Applications page, search for SAML Test Connector (IdP w/ attr w/ sign response) and select theresult from the search results.

    3.png

    Then, set the Display Name, Icon and Save the application. Onelogin will take you to the application Info page, where you will navigate to the Configuration tab. You should be able to fill in all the values based on your metadata.

     Configure the Application Details

    image4.png

    Configure the Application Details (Continued)

    The following Application details should be pre-configured as long as you selected the SAML Test Connector (IdP w/ attr w/ sign response) in the previous step.

    5.png

    • RelayState 
      yoursubdomain.udemy.com
      [This is your vanity url]
    • Audience
      https://sso.connect.pingidentity.com/sso/sp/ACS.saml2
    • Recipient
      https://sso.connect.pingidentity.com/sso/sp/ACS.saml2
    • ACS (Consumer) URL Validator*
      ^https:\/\/sso\.connect\.pingidentity\.com\/sso\/sp\/ACS\.saml2$
    • ACS (Consumer) URL
      https://sso.connect.pingidentity.com/sso/sp/ACS.saml2

    Next, go to the Parameters tab. Here you can add/edit attributes that are sentin the SAML assertion. By clicking on 'Add parameter', you can add new parameters with a field name. When adding new parameters, don't forget to check the flag to include new fields in the SAML assertion. Once a new parameter is added, click on it and set the value for it.

    Udemy for Business SAML 2.0 supports the following attributes (please note: all attributes are case sensitive).

    Required attributes:

    • SCIM.email the unique email of the user

    Optional attributes:

    • SCIM.name.givenName the given (or rst) name of the user
    • SCIM.name.middleName the middle name (if any) of the user
    • SCIM.name.familyName the family (or last) name of the user
    • SCIM.name.formatted the fully formatted name of the user
    • groups the list of groups to which user belongs
    • externalID the user ID specified by customer

    Set the Parameters for the App

     6.png

    Configure User Access to the App

    In the Access tab and Users tab, configure the users’ access for the newly created app (either by adding Udemy for Business app to a role (recommended), or adding the app to a specific user).
    Please see this 
    Onelogin article for details.

    7.png

    Save the Application Metadata

    Save the application and in the More Actions dropdown options, click on SAML Metadata.

    8.png

    Next, download the metadata and access the Single Sign-On (SSO) tab of your Udemy for Business account. Click Start setup and  choose your Identity Provider. On the configuration page, choose the appropriate metadata configuration method and follow the instructions to create the SSO connection with your Identity Provider and Udemy for Business.

    SSO_start_setup.png

    You have now completed configuring SSO for Udemy for Business with OneLogin. 

    Additional information about OneLogin is available in their Knowledge Base.

    SSO is set up so you can also configure SCIM provisioning in OneLogin with Udemy for Business. This will allow you to provision, deprovision, create groups, manage group membership and change user profile details like name and email address in OneLogin, which automatically updates Udemy for Business.  

    You do not need to update both OneLogin and Udemy for Business separately with these actions as it will all be synced from OneLogin. Click here for more details and instructions on how to set this up.

    Read Article
  • Udemy for Business Help Center FAQ

    How do I access the Help Center?
    Login to your Udemy for Business account, click your user menu in the upper right-hand corner and select Help.

    Who has access to the Help Center and forms?
    All Udemy for Business users and admins have access.

    How do I report a technical issue with the Support model?
    All technical issues will now be tracked via Zendesk tickets.  If you have a technical issue, please submit a ticket through our help center or email ufbsupport@udemy.com.

    If you email your Customer Success Manager regarding a technical issue, they will forward your request to the Support team to create a case.

    How do I request a course be added to the Udemy for Business collection?
    Now, every user can request courses be added or topics enhanced. If you want to request a course be added to the Udemy for Business collection, fill out this form in our Help Center. We will review all course requests every couple of weeks and will let you know if we can add the course you request into the collection.

    What is the likelihood my course request is added to the Udemy for Business collection?
    We appreciate customer course suggestions. However, it is not guaranteed your course requests will be added to the collection. Courses that are added must be applicable to all of our customers and must meet our instructor and quality standards.

    I have a good idea for a product enhancement, how do I let you know?
    If you have a feature request that you think would make our product better, please fill out this form in our help center.

    Will my feature request make it into the product?
    We will review all feature requests and see how they align with our product vision and the needs of our customer base. We cannot guarantee any feature will be added to the product.

    Can I see a list of my support requests?
    If you want to see a list of your outstanding tickets, you can find them in the help center under your user menu in the upper right-hand corner.

    What is the difference between Customer Support and my Customer Success Manager?
    Customer Support is designed to help you triage technical issues. They are great at managing cases and partnering with our Product & Engineering teams to solve bugs.

    Your Customer Success Manager is a strategic partner to help with best practices, employee engagement, and driving value of Udemy for Business.

    Read Article
  • System Requirements

    You can access Udemy for Business from various devices and platforms, on both PC and Mac desktops / laptops, as well as Android and iOS mobile devices. Our system requirements for these follow below.

    Minimum System Requirements
    • The latest Chrome, Firefox, Safari, Edge, Opera or IE11 for desktop/laptop
    • A broadband connection with a minimum speed of 5Mbit or 800kbps
    • Please note that Flash Player is not required
    PC Specific Requirements
    • Platform: Windows 7 or higher with the latest updates installed
    • RAM: 4GB or more
    • Video: Graphics output capability
    • Sound: Sound output capability

    Mac Specific Requirements

    • Platform: Mac OS X 10.12 or higher with the latest updates installed
    • RAM: 4GB or more
    • Video: Graphics output capability
    • Sound: Sound output capability
    Mobile Requirements
    • iOS 11.0 and above
    • Android 6.0 and above

    Udemy for Business is available on mobile for both iOS and Android. To download the iOS app go here. To download the Android app, go here

    Please note that the Udemy for Business Android mobile app is not supported on Chromebooks or Chrome OS devices.

    Mobile browsers: Safari or Chrome on iOS and Chrome on Android.  

    What Browser am I Using?

    To find out more about your specific system, this site will tell you which browser and OS you're currently using. 

    To watch courses, we recommend using Google Chrome. You can download Chrome for free here.

    Read Article
  • Terms of Use

    To view the Udemy for Business Master Services Agreement, please visit: https://www.udemy.com/terms/ufb/ 

    To review the Udemy for Business Privacy Statement, please visit: https://www.udemy.com/terms/ufb-privacy/

    Please note: depending on how your company signed up for its Udemy for Business account, you may be subject to additional or different terms, as listed in the agreement your company has signed.

    Read Article
  • Getting Help

    For support and/or product related questions, we have helpful articles in our Help Center for frequently asked questions. If you have a technical issue or question that you cannot solve, please submit a support ticket and a member of our support team will respond within 24 hours. For strategic related questions on how to promote your Udemy For Business account, please click on the Contact Us icon. 

    The best and quickest way for your end-users to get assistance with technical issues is to file a ticket with Customer Support. A member of our support team can help them troubleshoot since it may be an issue specific to their individual set-up (browser, cache, etc.).

    Read Article
  • Customizing my Account

    To customize your account appearance, upload three images: a logo, a background image and your company icon. Go to Manage > Settings > Customize Appearance

    1. Logo: upload a logo in one of the following formats: jpg, .jpeg, .gif, .png, .bmp. The logo should be at least 400 x 70 pixels.
    2. Background image: upload a background image for your login page. It should be at least 1920 x 1080 pixels.
    3. Icon: upload an optional square logo to use as a browser icon.  It should be at least 32x32 pixels.
    Read Article
  • What is Udemy For Business?

    Udemy for Business is a next-gen learning solution that transforms the workplace learning experience through a consumer-first on-demand learning solution. Built for businesses striving to be at the forefront of innovation, Udemy for Business offers fresh, relevant learning anytime, anywhere. The 4,000+ high-quality courses taught by the world’s leading experts cover a wide range of topics from development and IT to design, leadership and stress management. In addition to its curated content collection, organizations can also securely host and distribute their own proprietary content.

    To read more about many of the companies that leverage Udemy for Business for their learning needs, please click here.

     

    Read Article