• How to Configure PingOne and Azure AD

    In this tutorial we will configure Azure AD using the metadata provided by the Udemy for Business team, or the metadata downloaded from PingOne.

    If you don't have the metadata from the Udemy for Business team, or you're not sure how to download it, please refer to this article.

    Create a New Application in Azure

    1. Login to the classic Azure portal and select Active Directory.

    AZURE.png

    2. Next, click on Applications and then click Add new one from the bottom.

    add_azure.png

    3. Select Add an application from the gallery.

    gallery.png

    4. Select custom and set the name for the application.

    set_the_name.png

    5. Click on Configure single sign-on.

    enable_sso.png

    6. Select Microsoft Azure AD Single Sign-on.

    microsoft_sso.png

    7. In configuration, first click on Show advanced settings, and also check Configure the certificate used for federated single sign-on. As an Identifier use value “PingConnect”. As a Sign On URL, use value https://sso.connect.pingidentity.com/sso/sp/initsso?saasid=<SaasID>”, where you need to replace <SaasID> with entityID from the PingOne metadata. As a Reply URL, use Assertion Consumer Service URL from the PingOne metadata.

    configure_app.png

    8. Configure the Federated SSO certificate.

    federated_sso_certificate.png

    9. Then you should see your finished SSO configuration in Azure. Don't forget to download XML metadata; you will need it to configure the customer connection in PingOne. You can check that you set up SSO and continue.

    configure_sso_pingone.png

    10. In the Users and Groups section, please select the users that you want to have access to the new application. Only added users will be able to use SSO. 

    pingone_idp.png

    11. In the Attributes section configure the attributes that are sent in SAML assertion. By clicking on Add user Attribute, you can add the attributes below. The Udemy for Business instance of PingOne supports the following attributes.

    Required attributes:

    SCIM.email: the unique email of the user

    Optional attributes:

    SCIM.name.givenName: the given (or first) name of the user

    SCIM.name.middleName: the middle name (if any) of the user

    SCIM.name.familyName: the family (or last) name of the user

    SCIM.name.formatted: the fully formatted name of the user

    groups: the list of groups to which user belongs

    externalID: the user ID specified by customer

    add_user_attribute.png

    Read Article
  • SSO System Integrations

    Udemy for Business offers several different system integrations. The list below includes links to tutorials that outline how you can set up each respective system integration.

    Read Article
  • How to Configure PingOne and ADFS

    In this tutorial we will configure ADFS using the metadata provided by the Udemy for Business team, or the metadata downloaded from PingOne.

    If you don't have the metadata from the Udemy for Business team, or you're not sure how to download them, please refer to this article.

    Configuring ADFS

    You can configure ADFS by following the steps outlined below:

    1. The first step to configure the ADFS IDP side, is to launch the ADFS 2.0 console.

    ADFS-As-IDP-ToPingOne-3.png 

    2. Under “Trust Relationships > Relying Party Trusts”, add a new Relying Party Trust. This will launch a wizard. 

    ADFS-As-IDP-ToPingOne-4.png 

    3. Next, you will be prompted to import the PingOne metadata file that was downloaded (see above).
     
    ADFS-As-IDP-ToPingOne-5.png
     
    Give the connection a name (ie: PingOne).
     
    ADFS-As-IDP-ToPingOne-6.png
     
    4. Choose the issuance rules (ie: permit all).
     
    ADFS-As-IDP-ToPingOne-7.png
     
    5. Click “Next” to view the summary and complete the wizard.
     
    ADFS-As-IDP-ToPingOne-8.png
     
    6. Leave the “Open the Edit Claim Rules…” option selected and finish the wizard.
     
    ADFS-As-IDP-ToPingOne-9.png
     
    7. This will launch the “Edit Claim Rules” configuration utility.
     
    ADFS-As-IDP-ToPingOne-10.png
     
    8. This example will only gather claims from Active Directory to present to PingOne.
     
    ADFS-As-IDP-ToPingOne-11.png
     
    9. Configure a basic claim set.
     
    The Udemy for Business instance of PingOne supports the following attributes.

    Required attributes:

    • SCIM.email the unique email of the user

    Optional attributes:

    • SCIM.name.givenName the given (or rst) name of the user
    • SCIM.name.middleName the middle name (if any) of the user
    • SCIM.name.familyName the family (or last) name of the user
    • SCIM.name.formatted the fully formatted name of the user
    • groups the list of groups to which user belongs
    • externalID the user ID specified by customer
    ADFS-As-IDP-ToPingOne-12_modified.png
     
    10. After configuring the claims, back on the ADFS 2.0 Relying Party Trusts window, right-click the PingOne connection and view the properties for the connection. Navigate to the Encryption tab and “Remove” the encryption certificate.
     
    ADFS-As-IDP-ToPingOne-13.png
     
    11. That will complete the ADFS configuration. Next, you should download the metadata and send it to the Udemy for Business team.
     
    The Federation Metadata can be found at:
    https://<ADFS server name>/FederationMetadata/2007-06/FederationMetadata.xml 
     
    Below are links to additional information regarding Ping Identity documentation and ADFS:
    Read Article
  • How to Configure PingOne and Google Apps for Work

    In this tutorial, we will configure Google Apps for Work using the metadata provided by the Udemy for Business team, or the metadata that's been downloaded from PingOne.

    If you don't have the metadata from the Udemy for Business team, or you're not sure how to download it, please refer to this article.

    Locating Your SaasID

    To configure the Google Apps you will need your SaasID. There are couple of ways to locate this. 

    If you set up your integration with PingOne through an Email Invitation, then your SaasID will be displayed in PingOne, under the application name on My Applications page.

    PingOne_-_My_Applications_saasid.png

    If you set up your integration with PingOne through a Manual Connection, however, then your SaasID can be found in the metadata provided by the Udemy for Business team. The name of the attribute in the metadata file is entityID.

    Once you have your SaasID, you will use following information to configure Google Apps for Work.

    • ACS URL: https://sso.connect.pingidentity.com/sso/sp/ACS.saml2?saasid=${saasid}
      • In the url above, you will replace ${saasid} with the saasid for your application (this will be displayed under the application name on the My Applications page)
    • EntityID: PingConnect

    Creating a New SAML Application in Google Apps for Work

    The steps below indicate how you can create a new SAML application in Google Apps for Work.

    1. Log into the Google Apps for Work CPanel.
    2. Navigate to Apps>SAML Apps.
    3. Click Add a service/App to your domain.
    4. Choose Setup My own Custom App, and click Next.
    5. Enter the Application Name and Description, upload a logo if desired, and click Next.
    6. Populate the ACS URL and Entity ID fields with the information from PingOne.
    7. Leave Start URL blank, unless required.
    8. The NameID will automatically be set to the Primary Email address. Click Next.
    9. If your application requires additional attributes, you have the chance to add them here. If not, click Finish.
    10. Click OK on the final step of the wizard.
    11. By default, new applications are "OFF for all users". You can click the menu icon and choose ON for Everyone.

    When the SAML application is created, you will also need to set the attributes that are sent in the SAML assertion, and map them to your user attributes.

    The Udemy for Business instance of PingOne supports the following attributes.

    Required attributes:

    • SCIM.email the unique email of the user

    Optional attributes:

    • SCIM.name.givenName the given (or first) name of the user
    • SCIM.name.middleName the middle name (if any) of the user
    • SCIM.name.familyName the family (or last) name of the user
    • SCIM.name.formatted the fully formatted name of the user
    • groups the list of groups to which user belongs
    • externalID the user ID specified by customer

    As a last step, you should be able to generate a metadata file for that SAML application. Once you have the metadata, you can import it to PingOne or send it to the Udemy for Business team.

    Please note: when adding a new SAML application in Google Apps for Work, it might take up to 24 hours for configuration to take place and function correctly.

    Here is some additional information regarding Google Apps for Work and PingOne integration documentation:

    Read Article
  • How to Configure PingOne and Onelogin

    In this tutorial, we will configure Onelogin using the metadata provided by the Udemy for Business team, or the metadata that is downloaded from PingOne.

    If you don't have the metadata from the Udemy for Business team, or you're not sure how to download it, please refer to this article.

    Steps to Configure 

    Start by navigating to Apps > Add Apps in the OneLogin administrator dashboard. Next, search for SAML Test Connector (IdP w/attr) and select the first result from the search results. 

    Screen_Shot_2017-05-30_at_15.23.17.png

    Then, set the Display Name, Icon and Save the application. Onelogin will take you to the application Info page, where you will navigate to the Configuration tab. You should be able to fill in all the values based on your metadata. 

    • RelayState (This value of {saasid} should be the same as saasID(entityID) in your metadata)
      https://pingone.com/1.0/{saasid}
    • Audience
      https://sso.connect.pingidentity.com/sso/sp/ACS.saml2
    • Recipient
      https://sso.connect.pingidentity.com/sso/sp/ACS.saml2
    • ACS (Consumer) URL Validator*
      ^https:\/\/sso\.connect\.pingidentity\.com\/sso\/sp\/ACS\.saml2$
    • ACS (Consumer) URL
      https://sso.connect.pingidentity.com/sso/sp/ACS.saml2 

    Next, go to the Parameters tab. Here you can add/edit attributes that are send in SAML assertion. By clicking on 'Add parameter', you can add new parameters with a field name. When adding new parameters, don't forget to check the flag to include new fields in the SAML assertion. Once a new parameter is added, click on it and set the value for it.

    The Udemy for Business instance of PingOne supports the following attributes.
     
    Required attributes:
    • SCIM.email the unique email of the user

    Optional attributes:

    • SCIM.name.givenName the given (or rst) name of the user
    • SCIM.name.middleName the middle name (if any) of the user
    • SCIM.name.familyName the family (or last) name of the user
    • SCIM.name.formatted the fully formatted name of the user
    • groups the list of groups to which user belongs
    • externalID the user ID specified by customer

    OneLogin_params.png

    In the Access tab and Users tab, configure the user's access for the newly created app.

    Save the application and in the More Actions dropdown options, click on SAML Metadata.

    Screen_Shot_2017-05-30_at_15.45.55.png

    Next, download the metadata and send it to the Udemy for Business team.
     
    Here are some additional resources regarding OneLogin documentation:
    Read Article
  • How to Retrieve PingOne Metadata

    In this article we'll explain how to retrieve SAML metadata from PingOne. You can also ask the Udemy for Business team to provide you with the metadata.

    There are a couple of ways to get the metadata and to integrate it with PingOne.

    • Email Invitation
    • Manual Connection 

    Email Invitation

    Creating an integration through email invitation gives you full access to PingOne configuration. You'll be able to manage certificates and download the SSO metadata, which are necessary in order to integrate with the Identity Provider.

    If you'd like to configure the PingOne connection, please give your email to the Udemy for Business team. We will send you invitation to PingOne. Once you're logged into PingOne you can configure the connection to your Identity repository, and download all the necessary metadata.

    For more details, please review the SSO documentation that was provided by the Udemy for Business team.

    Manual Connection

    To create a manual connection in PingOne, we need metadata generated from your Identity provider or the following information:

    PingOne_-_Manual_Connection.png 

    In order to create a customer connection in your Identity provider, we will send you the metadata and SSO documentation. Once you have successfully created a connection, please generate the metadata and send it to the Udemy for Business team.

    We will use the metadata to create a new Customer connection in PingOne, and enable the SSO for your account.

    Read Article
  • How to Configure PingOne and Okta

    In this tutorial we will configure Okta using the metadata provided by Udemy for Business team, or the metadata that's been downloaded from PingOne.

    If you don't have the metadata from the Udemy for Business team, or you're not sure how to download it, please refer to this article.

    Steps to Configure

    Log into your Okta organization as a user with administrative privileges and click on the Admin button. On the right, click on Add Applications shortcut.

    Screen_Shot_2017-05-30_at_18.22.03.png

    Then click on Create New App button and select SAML 2.0.

    Screen_Shot_2017-05-30_at_18.23.20.png

    In General settings, enter your App name, logo and set the visibility. After clicking on next, you will be directed to the Configure SAML step. To configure SAML, you will need the Single sign on URL and your SP entity ID.

    Screen_Shot_2017-05-30_at_18.39.03.png

    • Single SIgn on URL - https://sso.connect.pingidentity.com/sso/sp/ACS.saml2
    • Audience URI (SP Entity ID) - This value can be found in your metadata. If you set up your integration with PingOne through Manual Connection, then you Entity ID can be found in the metadata provided by the Udemy for Business team. If you set up your integration with PingOne through Email Invitation, then your Entity ID will be displayed in PingOne, under the application name on the My Applications page.
    • Name ID format - EmailAddress
    • Application username - Email

    Next, you will need to configure the Attribute Statements. The Udemy for Business instance of PingOne supports the following attributes:

    Required attributes:

    • SCIM.email the unique email of the user

    Optional attributes:

    • SCIM.name.givenName the given (or rst) name of the user
    • SCIM.name.middleName the middle name (if any) of the user
    • SCIM.name.familyName the family (or last) name of the user
    • SCIM.name.formatted the fully formatted name of the user
    • groups the list of groups to which user belongs
    • externalID the user ID specified by customer

    Screen_Shot_2017-05-30_at_18.46.09.png

    After you have saved and published the application, you should be able to generate a metadata file for the new SAML application. Once you have the metadata, you can import it to PingOne or send it to the Udemy for Business team. 

    Below are links to additional Okta and PingOne integration documentation:

     

    Read Article
  • Udemy for Business Support Center FAQ

    How do I access the new help center?
    Login to your Udemy for Business account, click your user menu in the upper right hand corner, and select Help.

    Who has access to the new help center and forms?
    All Udemy for Business users and admins have access.

    How do I report a technical issue with the new Support model?
    All technical issues will now be tracked via ZenDesk tickets.  If you have a technical issue, please submit a ticket through our help center or email ufbsupport@udemy.com.

    If you email your Customer Success Manager regarding a technical issue, they will forward your request to the Support team to create a case.

    How do I request a course be added to the Udemy for Business collection?
    Now, every user can request courses be added or topics enhanced. If you want to request a course be added to the Udemy for Business collection, fill out this form in our help center. We will review all course requests every couple of weeks and will let you know if we can add the course you request into the collection.

    What is the likelihood my course request is added to the Udemy for Business collection?
    We appreciate customer course suggestions. However, it is not guaranteed your course requests will be added to the collection. Courses that are added must be applicable to all of our customers and must meet our instructor and quality standards.

    I have a good idea for a product enhancement, how do I let you know?
    If you have a feature request that you think would make our product better, please fill out this form in our help center.

    Will my feature request make it into the product?
    We will review all feature requests and see how they align to our product vision and the needs of our customer base. We cannot guarantee any feature will be added to the product.

    Can I see a list of my support requests?
    If you want to see a list of your outstanding tickets, you can find them in the help center under your user menu in the upper right hand corner.

    What is the difference between Customer Support and my Customer Success Manager?
    Customer Support is designed to help you triage technical issues. They are great a managing cases and partnering with our Product & Engineering teams to solve bugs.

    Your Customer Success Manager is a strategic partner to help with best practices, employee engagement, and driving value of Udemy for Business.

     

    Read Article
  • White-Listing E-mails & IP Addresses

    If your company's firewalls are generally restrictive (certain commonly used sites are blocked), you must complete the following two items:

    1. White-list the following emails from Udemy to ensure operation of the password reset function:

    • a) udemy.com
    • b) email.udemy.com 
    • c) e.udemymail.com

    2. Give permission to the following Server IP addresses to ensure operation of the password reset function:

    • a) 199.7.202.244 
    • b) 199.7.203.141 
    • c) 199.102.106.33 — 62 
    • d) 167.89.101.213 
    • e) 167.89.104.228 
    • f) 167.89.104.232
    Read Article
  • System Requirements

    If your computer is less than 5 years old, you can almost certainly use Udemy. To watch courses, however, we recommend using Google Chrome. You can download Chrome for free here.

    Minimum System Requirements

    Latest Chrome, Firefox, Safari, and IE11 for desktop/laptop
    Adobe Flash Player 10.0.22+ plug-in
    Broadband connection with a minimum speed of 5Mbit or 800kbps

    PC Specific Requirements

    Platform: Windows 7 or higher with latest updates installed
    Processor: the CPU must be 1.8GHZ or higher
    RAM: 128MB or more
    Video Card: at least 64MB of video memory
    Sound Card: at least 16-bit

    Mac Specific Requirements

    Platform: Mac OS X 10.3 or higher with latest updates installed
    Processor: the CPU must be 1.8GHZ or higher
    RAM: 128MB or more
    Video Card: at least 64MB of video memory
    Sound Card: at least 16-bit
    We also have a mobile app for iPhone for those on the go!

    Mobile Requirements

    iOS 8.0 or later

    What Browser am I Using

    To find out more about your specific system, this site will tell you which browser and OS you are currently using. 

    Read Article
  • Terms of Use

    To view our Terms of Use, please visit: https://www.udemy.com/terms/

    To review our Privacy Policy, please visit: https://www.udemy.com/terms/ufb-privacy/

    Read Article
  • Getting Help

    For support and/or product related questions, we have helpful articles in our Help Support Center to help address frequently asked questions. If you have a technical issue or question that you cannot solve, please submit a support ticket and a member of our support team will respond within 24 hours. For strategic related questions on how to promote your Udemy For Business account, please contact our Customer Success team at success@udemy.com.

    The best and quickest way for your end users to get assistance with technical issues is to file a ticket with Customer Support. A member of our support team can help them troubleshoot since it may be an issue specific to their individual set-up (browser, cache, etc.).

    Read Article
  • Customizing my Account

    How do I customize my account?

    To customize your account, upload three images: a logo, a background image and your company icon.

    1. Logo: Go to Manage --> Logo and upload a logo in one of the following formats: jpg, .jpeg, .gif, .png, .bmp and should be at least 400 x 70 pixels.
    2. Background image: Go to Manage --> Background and upload a background image for your login page. It should be at least 1920 x 1080 pixels.
    3. Icon: Go to Manage --> Icon and upload an optional square logo to use as a browser icon.  It should be at least 32x32 pixels.

     

    Read Article
  • What is Udemy For Business?

    Udemy for Business is a next-gen learning solution that transforms the workplace learning experience through a consumer-first on-demand learning solution. Built for businesses striving to be at the forefront of innovation, Udemy for Business offers fresh, relevant learning anytime, anywhere. The 2000+ high-quality courses taught by the world’s leading experts cover a wide range of topics from development and IT to design, leadership and stress management. In addition to its curated content collection, organizations can also securely host and distribute their own proprietary content.

    Leading organizations including PayPal, Gemalto, Lyft, Booking.com, Capgemini, ON24, and Century 21 choose Udemy for Business to upskill their workforce and drive learning forward.

     

    Read Article