• Udemy for Business Learning Management System Integration: SuccessFactors

    Overview

    To extend the value of the Udemy for Business collection, we are partnering with the SAP SuccessFactors  Learning Management System. We offer native support to integrate with SuccessFactors to bring ease in the discoverability and tracking of Udemy for Business courses. The  learning management system (LMS) and learning experience platform (LXP) native integration for SuccessFactors enables Learners to search and discover Udemy for Business content directly from their SuccessFactors Learning Management System. The integration also enables Admins to easily view reporting data from their SuccessFactors LMS on Udemy progress and completion activity. Udemy for Business Course deep-link URLs and Single Sign-On (via SAML 2.0) provide a seamless launch of Udemy courses directly from SuccessFactors. Course progress is automatically synchronized between Udemy and the learners SuccessFactors transcript on a daily basis.

    Table of Contents

    Integration Benefits

    • Allow learners to search and discover Udemy for Business content directly from their SuccessFactors LMS environment.
    • Automatically synchronize learner progress and completions with their SuccessFactors transcript.
    • Enable admins to easily enable the integration between their Udemy environment and SuccessFactors LMS;
      • Catalog Synchronization
      • Learner Progress and Completions Synchronization
      • Single Sign-On via SuccessFactors embedded SSO or via dedicated Identity and Access Management System (e.g., Azure, Okta, AD FS).

    Capabilities Included

    Catalog Synchronization

    Learner Progress & Completions

    Authentication

    Yes: daily, via APIs.

    Yes; daily via APIs for user progress.



    Yes; SAML 2.0 Single Sign-On (SSO) recommended  via Identity & Access Management System (e.g., Okta, Azure, OneLogin, AD FS, etc).

    Note: When setting up SSO, you will need to map the user’s SuccessFactors BizX ID to Udemy’s lmsUserID in your SAML claim attributes

     

    Integration Process

    The integration between the Udemy for Business Web application and SuccessFactors environment requires both systems to be configured. For your SuccessFactors environment, you will need to enable the integration via the SuccessFactors Open Content Network (OCN). The overall process is as follows: 

    • Step 1: Configure SuccessFactors OCN for Udemy. This will include the following:
      1. Configure OCN Provider Label for Udemy
      2. Enable OCN Provider for Udemy
      3. Configure Provider Logo for Udemy
      4. Create OCN Admin Role
      5. Create OCN Admin User
      6. Create OCN OAuth Credentials
    • Step 2: Enable Udemy LMS/LXP Integration. Enable the LMS/LXP Integration for SuccessFactors from your Udemy for Business admin portal. You will need the SuccessFactors API parameters in Step 1. Udemy requires the following parameters to enable the integration.
      1. Client ID
      2. Client Secret
      3. OAuth User ID
      4. SuccessFactors Environment Base Endpoint URL 

    Udemy will validate these parameters when you save.

    • Step 3: Configure SSO
      1. Configure your organization’s Identity Provider (IdP) for Udemy for Business
      2. Configure SSO for your organization’s SSO connection for Udemy 

    SuccessFactors OCN Configuration

    Provider Label

    For every OCN Provider it is recommended to attach a label to the ProviderID. The ProviderID is a fixed text identifier for content providers, whereas the label is more human-readable.

    Successfactors reference on creating OCN provider labels: https://help.sap.com/viewer/9d4c9e0d04304afdbe8f1b4480d71403/2005/en-US/4ae2f73d864d4282a909bdf5143e2b58.html

    Thelabel.u.UdemyForBusiness” is created in SuccessFactors under References > Manage Labels > Labels

    sf_1.png

    sf_2.png

    Enabling OCN Provider

    The ProviderID is fixed text that is set in the System Administration > Configuration > System Configuration > Open Content Network settings. The label is as follows:

    providers[UDEMY].enabled=true

    providers[UDEMY].name=Udemy for Business

    providers[UDEMY].label=label.u.UdemyForBusiness
    providers[UDEMY].syncCourses=true

    providers[UDEMY].baseLaunchUrl=https://<udemy portal>.udemy.com

    providers[UDEMY].pricingModel=

    defaultValues.markCompleteOnLaunch[UDEMY]=false


    Note 1
    : Theproviders[UDEMY].baseLaunchUrl=https://<udemy portal>.udemy.com should be your organization’s specific Udemy (UFB) domain. 

    Note 2: Setting providers[UDEMY].enabled=true enables the provider.

    Note 3: If Udemy is your first OCN integration, you will need to configure three additional parameters. To find the possible values for these parameters, follow the paths below:

    • defaultValues.itemType[default]: References > Learning > Item Types > Do a blank search > choose the necessary item type and add it to the value parameter in the OCN property file.
    • defaultValues.itemCompletionStatus[default]: References > Learning > Item Completions > Do a blank search > choose the necessary item completion and add it to the value parameter in the OCN property file.
    • defaultValues.domainID[default]: System Admin > Security > Domains > Do a blank search > choose the default domain where the item would be created and add it to the parameter in the OCN property file.

    These values vary per SuccessFactors deployment. Udemy can’t provide guidance regarding which values to use. If you have questions, direct them to SAP SuccessFactors support.

    Provider Logo

    A thumbnail image can be applied to each course as a watermark.  This can be configured in SuccessFactors via System Administration > Configuration > System Configuration > Open Content Network > Logos.

    sf_3.png

    OCN Admin Role

    This step creates a role to allow OData API calls. It can be configured in System Administration > Security > Role Management.  The required permissions (or workflows in older versions) are:

    • Add History Record (or Add Learning Events in older version)
    • If the customer opts in for OData API synchronization instead of IdP custom attribute, Udemy needs the permission to query users via Search Successfactors OData API service.

    3a.png

    OCN Admin User

    An Admin user is required in order to make API calls; the user must be associated with the OCN Admin Role previously  created.  The user can be created in System Configuration > Security > Administrators

    OAuth Tokens

    This step creates the SuccessFactors OAuth Client ID and Client Secret. It can be issued in SuccessFactors via System Configuration > Configuration > OAuth Token Server. Note that Issuing a new secret invalidates all previous ones. If existing OCN providers are enabled, you can use the same token or re-issue a new token to all providers.

    Open Content Network Synchronization

    There is an automatic process (System Administration > Automatic Processes > Open Content Network Content Synchronization) in SuccessFactors that can be configured to update the OCN content.  This will sync course metadata and cleanup inactive courses.  Inactive courses can still receive completion records, as long as they remain in the OCN with the Import Status: “Imported”.

    sf_4.png

    Importing Content > Open Content Network

    If all is configured correctly, you can import Udemy content (transform into Learning Items) in SuccessFactors via Learning Administration > Content > Open Content Network section.

    sf_5.png

    Enable Udemy LMS/LXP Integration

    This section outlines how to enable the Udemy for Business Integration with SuccessFactors. You will first need to enable the SuccessFactors OData APIs and obtain the base URLAPI Client ID and Client Secret for your SuccessFactors environment  (i.e., Stage, Pilot and/or Production). Then, proceed to configure your Udemy for Business environment for Catalog and User Process Synchronization as outlined below.

    You will need the following OCN OAuth Credentials and OCN Admin User information:

    1. Client ID

    2. Client Secret

    3. OAuth User ID: OCNAdmin

    4. SuccessFactors Environment Base Endpoint URL 

    Prerequisites:

    1. Enable the OData APIs in your SuccessFactors environment following the instructions in the ‘OAuth Tokens” section of this documentation above.

    2. Obtain the SuccessFactors environment API parameters: (a) base URL; (b) API Client ID; and (c) Client Secret.

    Enabling catalog and user progress synchronization

    1. Log in as an Admin to your Udemy for Business Web App.

    2. Navigate to Manage | Settings (top right menu).

    3. From the Left panel, select LMS/LXP Integrations.

    4. From the Start set-up button, select SuccessFactors.

    sf_6.png

    5. Enter the Base URL Endpoint, Client ID and Client Secret you retrieved from SuccessFactors.

    sf_7.png

    6. For User ID, enter OCNAdmin

    7. Click Save set-up. Udemy will display a confirmation if the SuccessFactors APIs were successfully enabled.  The SuccessFactors Integration status screen will then display. The User Progress Synchronization between Udemy and SuccessFactors is now enabled! 

    8. Allow 24 hours for the Udemy for Business Course Catalog list to appear in your SuccessFactors environment. 

    9. Once the Udemy for Business Catalog is listed in your SuccessFactors environment, you will need to import the courses into your SuccessFactors course catalog.

    Once you import the courses, your SuccessFactors designated users can search, discover the Udemy for Business catalog and launch the course experience in your dedicated Udemy environment.

    Managing SuccessFactors locales

    In SuccessFactors LMS, course titles and descriptions only appear in the locale to which they are populated. If your Udemy subscription includes access to multiple languages and locales, you may notice some Udemy content appears in search results without a title and description. This means the locale you are searching in doesn’t match the locale of the Udemy content. The title and description are only returned for courses for the user's designated SuccessFactors locale.

    So - far example, if your SuccessFactors locale is set for English, you will be able to see course titles and descriptions for all English courses.

    sf_8.pngTo request title and description locale defaults, please submit a case for SuccessFactors support team.

    You will need to enable the locales in SuccessFactors, if you want to see the title and descriptions for Udemy courses offered in those languages:

    • Spanish
    • French
    • German
    • Portuguese
    • Japanese

    Enable Udemy Single Sign-On

    This section outlines how to enable Single Sign-On for your Udemy for Business environment (the Service Provider, or SP). Udemy supports SP-initiated SAML 2.0 via your corporate Identity Provider (IdP). 

    Your IdP must be configured to send the SuccessFactors unique user identifier (also known as BizX UserID) to Udemy and SuccessFactors. If user IDs aren’t the same between the two systems, learner activity tracking will not work. If you are unsure how to identify your BizX UserID, please contact your dedicated SuccessFactors Technical Consultant.

    Identifying your BizX UserID

    If you opt to connect your organization’s identity management solution to Udemy, you must configure it to send the SuccessFactors unique user identifier (also known as BizX ID) to Udemy so Udemy can communicate course completions back to SuccessFactors. This section describes how to identify your BizX ID.

    1. In the SuccessFactors navigation menu, select Admin Center.

    2. Scroll down to the tools panel and type “Employee Export” and select the top result.

    3. Select Export User File.

    4. Open the CSV file.

    5. The “USERID” value is the user’s BizX ID for SuccessFactors.  This value must be sent to Udemy from your Identity System via SAML 2.0 SSO (mapped to Udemy as lmsUserID in the claim attributes).   It is best to share examples of this “USERID” value with your SSO administrator to ensure the correct BizX ID (i.e., lmsUserID) values are available in Udemy in order to synchronize Udemy learning data with SuccessFactors.

    sf_9.png

    Enabling Single Sign-On for your Udemy Environment

    To enable Udemy SSO with your Identity Provider System (e.g., Okta, Azure, AD FS, OneLogin) [Recommended], please visit the following Udemy for Business support article and follow the steps to set up SAML 2.0 SSO.  Your SSO admin will need the Udemy for Business SSO metadata file; you can download the Udemy For Business SSO metadata from the support articles above, or from this link.

    In your Identity Provider System, you must add the BizX User ID as an additional claim attribute for the SAML assertion.  In the claim attribute mapping, the BizX user id must be mapped to lmsUserID.

    If your organization does not have an Identity Provider system, you can use SAP SuccessFactors SSO as the IdP.  You should only pursue this option if you don’t have an IdP system, or if recommended by Udemy Solutions Engineer. If SuccessFactors is selected as your proxy IdP for Udemy, first configure SSO from your SuccessFactors  environment using the attached Udemy metadata:

    What you need before configuring Udemy SSO:

    • The SuccessFactors environment metadata file. This file contains the SSO configuration settings for your SuccessFactors system; e.g., Entity ID, SSO Endpoint and Certificate. 
    • Administrator access to your Udemy for Business Web application. Only Administrators can configure SSO in Udemy.

    The general procedure for configuring SSO with an LMS (i.e., custom) can be viewed here.

    Test the Integration

    Once you’ve configured your Udemy and SuccessFactors  APIs and SSO you will want to test the integration between Udemy for Business and the LMS. Steps on how to do this can be viewed here. 

    Questions/Support

    If you encounter any issues or need help with Udemy SSO or LMS/LXP Configuration, please contact our support team by clicking here. For SuccessFactors related issues, please contact the designed SuccessFactors support team.

    Read Article
  • How to Configure SSO With Your Learning Management System

    This article outlines how you can configure single sign-on (SSO) for the learning management system your organization uses.

    To enable SSO with your specific Identity Provider System (e.g., Okta, Azure, AD FS, OneLogin), please visit the support page here.

    You can download the Udemy For Business SSO metadata from the articles above, or from this link.

    Steps on how to integrate the learning management systems below, with Udemy for Business are also available in our Help Center.

    How to configure SSO for an LMS

    The general procedure for configuring SSO with an LMS (i.e., custom) is outlined below.

    1. After you’ve enabled embedded SSO on your LMS environment, log in as an Admin to your Udemy for Business Web App.

    2. Navigate to Manage | Settings (top right menu).

    3. From the left pane, select Single Sign-On (SSO).

    4. Click Start setup, and select Custom.

    custom_sso.png

    5. Optionally, give the SSO Connection a Name (e.g., CSOD OSSO).

    6. Click Select file and import the Metadata file you received from Cornerstone. Observe the parsed CSOD SSO Configuration. Verify that all parameters are correct for your CSOD environment.

    select_file.png

    7. Click Optional settings and select Login via SSO Provider only to enable Forced SSO. This setting configures Udemy to redirect authentication via CSOD. You can keep this setting unchecked until you’ve tested the SSO Configuration. Once you deploy to production, it is recommended that you enable Forced SSO for optimal user experience.  The remaining SSO Optional settings don’t need to be configured. 

    8. Click Save. A green banner will display in the lower right if the settings are successfully applied. In the SSO Configuration page, validate your CSOD OSSO settings. 

     

    sso_completed.png

     

    Your SSO Configuration is complete!

     

    Read Article
  • How to Test Your Learning Management System Integration With Udemy for Business

    This article outlines how you can test your learning management system integration (LMS) with Udemy for Business.

    Steps on how to integrate the systems below are also available in our Help Center.

    How test your LMS integration with Udemy for Business

    Once you’ve configured your Udemy for Business and LMS APIs and single sign-on (SSO) you will want to test the integration between Udemy for Business and the LMS. It is recommended that you first launch Udemy for Business SSO directly, then test the course search and launch from LMS, and finally validate the user progress synchronizations.

    1. From your browser, navigate to your Udemy for Business site (e.g., https://mydomain.udemy.com). 
    2. Using SSO via your LMS environment, log in to Udemy for Business. You should be automatically redirected back to your Udemy for Business site after authenticating on your LMS environment.

    Note that you will be automatically redirected to your Udemy for Business Site if Forced SSO is enabled (step 7 in the Enabling Single Sign-On section above). If Optional SSO is enabled instead, you will need to click Continue with SSO from the Udemy for Business login page.

    1. Now, log in to your LMS environment and search for a Udemy for Business course.
    2. Launch the Course into Udemy for Business. Observe how you’re automatically redirected to your Udemy for Business site and access the course landing page. 
    3. From the course landing page, select Enroll Now to begin the Course.

    The “Enroll Now” option is only presented the first time you access the Udemy for Business course. 

    1. As you progress through your Udemy for Business course, you can check your LMS environment and observe the Training Progress automatically synchronize with your LMS transcript (this may take up to 24 hours).

    If you encounter any issues or need help with Udemy for Business SSO or LMS/LXP Configuration, please contact our support team by clicking here.

    Read Article
  • Udemy for Business Learning Management System Integration: Cornerstone OnDemand

    Overview

    To extend the value of the Udemy for Business collection, we are partnering with the Cornerstone OnDemand Learning Management System (CSOD). We offer native support to integrate with CSOD to bring ease in discoverability and learning management.

    The learning management system (LMS) and learning experience platform (LXP) native integration for CSOD enables Learners to search and discover Udemy for Business content directly from their Cornerstone Learning Management System. The integration also enables Admins to easily view reporting data from their CSOD LMS on Udemy progress and completion activity. 

    Udemy for Business Course deep-links and Single Sign-On (via SAML 2.0) provide a seamless launch of Udemy courses directly from Cornerstone. Course progress is automatically synchronized in real time between Udemy and the learners Cornerstone transcript (supported when a Udemy for Business course is launched from Cornerstone for active learning objects in Cornerstone).

    Table of Contents

    Integration Benefits

    Integration Process

    Integration Benefits

    • Allow learners to search and discover Udemy for Business content directly from their Cornerstone LMS environment.
    • Automatically synchronize learner progress and completions with their Cornerstone transcript.
    • Enable admins to easily enable the integration between their Udemy environment and Cornerstone LMS:
      • Catalog Synchronization.
      • Learner Progress and Completions Synchronization.
      • Single Sign-On via CSOD embedded SSO or via dedicated Identity and Access Management System (e.g., Azure, Okta, AD FS).

    Catalog Synchronization

    Learner Progress & Completions

    Authentication

    Yes: daily, via APIs

    Yes; real-time via APIs for user progress.

    Yes; SAML 2.0 Single Sign-On (SSO)  with Cornerstone On Demand  as Identity Provider (IdP); alternatively, SSO via Identity & Access Management System (e.g., Okta, Azure, OneLogin, AD FS).

     

    Integration Process

    The integration between the Udemy for Business Web application and Cornerstone OnDemand environment requires both systems to be configured. For your Cornerstone On Demand environment, you will need to enable the integration via the Cornerstone Content Delivery System (CDS). The overall process is as follows: 

    • Step 1: Enable Cornerstone Content Delivery APIs. The following Cornerstone API parameters are required before you can configure the integration in Udemy:
      1. Environment Base URL
      2. Environment API Client ID
      3. Environment API Client Secret
    • Step 2: Enable Udemy LMS/LXP Integration. Enable the LMS/LXP Integration for Cornerstone OnDemand from your Udemy for Business admin portal. You will need the obtained CSOD API parameters in Step 1. Once Udemy is configured, you will need to share the Udemy Client Integration Identifier (CIID) Token with CSOD.The CIID will enable Cornerstone to pull the Udemy catalog for search and discovery as Online Learning Objects.   
    • Step 3: Configure SSO. Contact your Cornerstone Global Integration Services team to enable Embedded SSO on your CSOD environment. Once SSO is enabled on your CSOD environment, proceed to enable SSO on your Udemy for Business environment.  

    Enable Cornerstone Content Delivery APIs

    To list Udemy’s Course Catalog as online learning objects in your Cornerstone Learning Management system, you will first need to provision the Content Delivery API keys in Cornerstone. Coordinate with your Cornerstone customer support team to enable the Catalog and the Progress synchronization APIs. Once the Cornerstone Content Delivery APIs are enabled, follow the Cornerstone process for retrieving the environment-specific (e.g., Stage, Pilot, Production) base URLAPI Client ID and Client Secret

    These values are required in order to generate the corresponding Udemy Client Integration Identifier (CIID) for the Course catalog synchronization and enable user progress synchronization between Udemy and Cornerstone. 

    edge_intergration_center-1.png

    Images: Cornerstone Integration Center Configuration for Udemy for Business.

    edge_intergration_center_2.png

    Enable Udemy LMS/LXP Integration

    This section outlines how to enable the Udemy for Business Integration with Cornerstone OnDemand. 

    You will first need to enable the Cornerstone Content Delivery APIs and obtain the base URL, API Client ID and Client Secret for your Cornerstone environment (i.e., Stage, Pilot and/or Production). Then, proceed to configure your Udemy for Business environment for Catalog and User Process Synchronization as outlined below.

    Prerequisites:

    1. Enable the Content Delivery APIs in your Cornerstone environment. Contact your Cornerstone Customer Success Manager for assistance.
    2. Obtain the CSOD environment API parameters: (a) base URL; (b) API Client ID; and (c) Client Secret.

    Enabling Catalog and User Progress Synchronization

    1. Log in as an Admin to your Udemy for Business Web App.

    2. Navigate to Manage | Settings (top right menu).

    3. From the Left panel, select  LMS/LXP Integrations.

    lms_lxp_intergrations.png

    4. From the Start set-up button, select Cornerstone On Demand.

    cornerstone_on_demand_option.png

    5. Enter the Base URL Endpoint, Client ID and Client Secret you received from Cornerstone.

    6. For User ID, enter UdemyProvider

    7. For Scope, enter all.

    lms___lxp_scope.png

    8. Click Save set-up. Udemy will display a confirmation if the Cornerstone APIs were successfully enabled. The Udemy Cornerstone OnDemand Integration status screen will then display.  The User Progress Synchronization between Udemy and Cornerstone is now enabled. Next, enable the Catalog Synchronization.

    intergration_enabled.png

    9. From the Udemy Cornerstone OnDemand Integration status screen, click Copy to clipboard next to the Cornerstone CIID. Share the CIID token with your Cornerstone Integration team to enable the Catalog the synchronization on your Cornerstone environment.

    Allow 24 hours for the Udemy for Business Course Catalog list to appear in your Cornerstone environment. Once the Udemy for Business Catalog is listed in your Cornerstone environment, you can search, discover the Udemy for Business catalog and launch the course experience in your dedicated Udemy environment.

    Enable Udemy Single Sign-On

    This section outlines how to enable Single Sign-On for your Udemy for Business environment (the Service Provider, or SP). Udemy supports SP-initiated SAML 2.0 via your corporate Identity Provider (IdP). You may choose to use Cornerstone embedded SSO as the IdP, or your dedicated Identity Provider System (e.g., Okta, Azure, AD FS, OneLogin). If Cornerstone is selected as your proxy IdP for Udemy, first configure SSO from your CSOD environment using the Udemy metadata below:

    What you need before configuring Udemy SSO:

    • The Cornerstone environment metadata file. This file contains the SSO configuration settings for your Cornerstone system; e.g., Entity ID, SSO Endpoint and Certificate.
    • Administrator access to your Udemy for Business Web application. Only Administrators can configure SSO in Udemy.

    Enabling Single Sign-On for Your Udemy Environment

    To enable SSO with your specific Identity Provider System (e.g., Okta, Azure, AD FS, OneLogin), please visit the support page here.

    You can download the Udemy For Business SSO metadata from the articles above, or from this link.

    The general procedure for configuring SSO with an LMS (i.e., custom) can be viewed here.

    Test the Integration

    Once you’ve configured your Udemy and Cornerstone APIs and SSO you will want to test the integration between Udemy for Business and the LMS. Steps on how to do this can be viewed here.

    Questions/Support

    If you encounter any issues or need help with Udemy SSO or LMS/LXP Configuration, please contact our support team by clicking here. For Cornerstone related issues, please contact the designed Cornerstone support team.

    Read Article
  • How to use our SCIM API to Automate User & Group Management

    Overview

    SCIM System for Cross-Domain Identity Management is a standard API for automating user and group provisioning/deprovisioning, and updating user and group data from the customer’s Identity Provider (IdP) into the Udemy for Business account. SCIM is supported by a number of Identity Providers such as Okta, Azure AD, and OneLogin but you can also write your own tools to make use of the Udemy for Business SCIM API. 

    SCIM uses a standardized REST API with data formatted in JSON. Udemy for Business supports version 2.0 of the SCIM standard. The API is available for all customers that are on the Enterprise plan.

    Udemy for Business SCIM API supports the following features: 

    • Provisioning users
    • Deprovisioning users (deactivation/anonymization)
    • Changing email addresses
    • Changing user details
    • Provisioning groups
    • Adding/removing users to groups

    SCIM protocol description

    SCIM Protocol is an application-level REST protocol for provisioning and managing identity data on the web. The protocol is client-server where the client is the Identity Provider (IdP) and the server is Udemy for Business.

    The basic flow is:

    • When access to Udemy for Business is granted to the user in the IDP by the customer, the IdP sends us a request to check if the specific user exists in our database. They issue a User search request by an attribute like userName or email.
    • If the user does not exist, the IdP sends a request to create a user.
    • If the user exists, the IdP sends an update request for the user.
    • When access to Udemy for Business is revoked, the IdP sends us a request to deactivate/delete the user from our database.
    • IdP can also send requests to change user details.

    How to access the API?

    In order to obtain the authorization credentials to connect to the SCIM API, you will have to set up SCIM integration via Manage -> Settings -> Provisioning (SCIM) page in your Udemy for Business account. Note that only Admins have access to this page. 

    Click Start Setup.

    1.png
    In the next step, select Other from the Choose Provider dropdown.

    2.png

    3.png

    4.png

    Click Generate token.

    5.png
    On this screen, click Copy to copy the Bearer token to the clipboard.

    You will need to include Authorization HTTP header with the Bearer token in your requests, for example:

    GET /scim/v2/Users HTTP/1.1

     Host: myorganization.udemy.com

     Accept: application/scim+json

     Authorization: Bearer <enter you Bearer token here>

    Content-Type: application/scim+json

    Udemy for Business SCIM API uses the HTTP protocol and is only available over a secure HTTPS connection.

    The base URL for the API is https://<organization>.udemy.com/scim/v2/

    If you are developing an application to interact with the Udemy for Business SCIM API, it is recommended to refer to the SCIM RFCs included at the end of this document. Udemy for Business SCIM API implementation is compliant with the standard.

    SCIM API Endpoints

    Informational Endpoints

    These endpoints are information and serve to configure the clients. They do not require authentication, so you don’t need to include the Authorization header when accessing these endpoints.

    GET /ServiceProviderConfiguration

    Returns details about Udemy for Business SCIM implementation including which methods are supported.

    GET /Schemas

    Returns information about the schemas that our SCIM implementation supports. Supported schemas are Users and Groups.

    GET /Schemas/Users

    Returns all attributes that we support for User resources.

    GET /Schemas/Groups

    Returns all attributes that we support for Group resources.

    User Endpoints

    Using these endpoints you can list users, filter by attributes, add new users, update  users’ information, or deactivate/anonymize users. Bear in mind that you will only be able to access users that were created using the SCIM API, users created within Udemy for Business will not be available unless you reconcile them through SCIM. More details about reconciliation are given below.

    Supported Attributes

    SCIM attribute

    Required?

    Description

    userName

    Yes

    The userName from the IdP. Must be unique.

    name, { givenName, familyName }

    No

    Given name and family name of the user. Even though they are not required, we recommend always specifying those attributes since it’ll make it easier to identify users.

    emails[type=”work”]]['value’]

    Yes

    Email of the user, must be unique

    active

    Yes

    Flag to deactivate/reactivate users

    title

    No

    User’s job title, i.e. “Senior Engineer”

    externalId

    Yes

    The externalId of the user from IdP. Must be unique.

    Please note: If you specify any other attribute that is not on this list, it will be ignored.

    GET /Users

    Returns a paginated list of users, 12 users per page by default. You can pass in count and startIndex parameters to paginate through the result set. For example:

    GET /scim/v2/Users?startIndex=1&count=100 HTTP/1.1

     Host: myorganization.udemy.com

     Accept: application/scim+json

     Authorization: Bearer <enter you Bearer token here>

    • startIndex is the 1-based index of the first result in the current set of list results (offset)
    • count is the number of resources returned in a list response page (limit). You can retrieve no more than 1000 users in a single request. If this item is omitted it will default to 12.

    GET /Users?filter=

    This endpoint is used to filter users by specific attributes. For example, it is possible to search by userName attribute:

    GET /Users?filter=userName eq "gloria.graynor”

    Note: In the example above, you will need to urlencode the URL parameters so the URL becomes:
    GET /Users?filter=userName%20eq%20%22gloria.graynor%22

    This will return a list of user resources. If there are no results, an empty list will be returned.

    The supported filters are:

    • userName
    • externalID
    • emails[type eq=”work”]

    The supported operators are:

    • and
    • eq

    Response:

    • HTTP status code 200 with the list of entities on success
    • HTTP status code 501 if an unsupported filter is supplied

    POST /Users

    This endpoint is used to create (provision) new users in Udemy for Business. 

    The response will contain an id attribute which should be used when referring to this user in all subsequent requests.

    Note that:

    • New users created this way will not consume a license until that user signs in for the first time.
    • If there was an existing pending invitation for this user, it will get used at this point.
      The user will get added to groups, be assigned appropriate role/course assignments according to what is specified in the invitation.
    • An attempt to create a user that already exists in Udemy for Business will cause the user to become SCIM managed (displayed with a small link icon in Manage Users pages). Note that user’s status and license usage will not be changed. If the user was active it will remain active and if the user was deactivated it will remain deactivated.

    Response:

    • HTTP status code 201 and the user’s resource on success
    • HTTP status code 409 if the member with the same userName already exists in the Organization
    • HTTP status code 400 with the error details in the response body if the request did not pass validation

    GET /Users/<id>

    This endpoint is used to retrieve user details for a specified user. id parameter in the request above is a unique identifier that was returned when the user was created using SCIM or when listing all existing users.

    Response:

    • HTTP status code 200 with the user resource on success
    • HTTP status code 404 if the user has not been found

    PUT /Users/<id>

    This endpoint is used to replace (overwrite) user details in Udemy for Business. If specified, attribute active can be used to deactivate or reactivate the user.

    Response:

    • HTTP status code 200 and the updated user resource
    • HTTP status code 404 if the user doesn’t exist. 
    • HTTP status code 400 in case of an attempt to deactivate an organization owner.

    PATCH /Users/<id>

    This endpoint is used to make partial updates to the user details in our system, meaning that you can use it to change only some attributes of the user. This is in contrast to PUT which replaces the entire user. 

    It can contain attribute active which will cause the user to be deactivated or reactivated.

    • The body of each request MUST contain the "schemas" attribute with the URI value of "urn:ietf:params:scim:api:messages:2.0:PatchOp".
    • The body of an HTTP PATCH request MUST contain the attribute "Operations", whose value is an array of one or more PATCH operations.  Each PATCH operation object MUST have exactly one "op" member, whose value indicates the operation to perform and MAY be one of "add", "remove", or "replace".
    • The “path” attribute can be empty, in this case “value” should be a dictionary in the format of {“path”: “value”}.

    Response:

    • HTTP status code 200 with the updated user’s resource on success
    • HTTP status code 404 if the user was not found
    • HTTP status code 400 if attempting to deactivate an organization owner or in case of an invalid operation.

    DELETE /Users/<id>

    This endpoint is used to remove or to deprovision the user in Udemy for Business. The user will get anonymized when this request is received and all their data will be permanently removed. This is a dangerous operation and we recommend deactivating users instead using PUT or PATCH with active attribute set to false.

    Response:

    • HTTP status code 204 on success.
    • HTTP status code 404 if the user was not found.

    Group Endpoints

    Supported Attributes

    SCIM attribute

    Required?

    Description

    displayName

    Yes

    Group title. Must be unique among all Udemy for Business groups.

    externalId

    No

    The externalId of the group from the Identity Provider

    Note: If you specify any other attribute that is not on this list, it will be ignored.

    GET /Groups

    This endpoint is used to get a paginated list of all provisioned groups. Include startIndex and count query string parameters to paginate through the results. 

    Bear in mind that only groups created using SCIM will be returned. Groups created from Udemy for Business will not be returned.

    GET /Groups?filter=

    This endpoint is used to filter groups by specific attributes. For example, it is possible to search by displayName attribute:

    GET /Groups?filter=displayName eq "Marketing”

    This will return a list of group resources. If there are no results, an empty list will be returned.

    Note that you will need to url encode the parameters, so the request becomes:
    GET /Groups?filter=displayName%20eq%20%22Marketing%22

    The supported filters are:

    • displayName
    • externalId
    • Id
    • member.value

    The supported operators are:

    • and
    • eq

    Response:

    • HTTP status code 200 with the list of entities on success
    • HTTP status code 501 if the non-supported filter is used

    POST /Groups

    This endpoint is used to create (provision) new groups in Udemy for Business. 

    Response:

    • HTTP status code 409 If the provisioned group with the same name already exists in the org, we return 409 (Conflict) with a scimType error code of uniqueness.
    • When the group has been created successfully, we return the full representation of the group with HTTP status code 201 (Created) together with the Location header that contains the URL of the create group resource.

    GET /Groups/<id>

    This endpoint is used to fetch the group details from Udemy for Business. 

    Response:

    • HTTP status code 200 and a group resource
    • HTTP status code 404 if the group has not been found

    PUT /Groups/<id>

    This endpoint is used to replace the group details in Udemy for Business.

    Response:

    • HTTP status code 200 and the updated group resource 
    • HTTP status code 404 if the group doesn’t exist. 

    PATCH /Groups/<id>

    This endpoint is used to make partial updates to group details in Udemy for Business. 

    The PATCH endpoint is more tricky than others, as it supports different kinds of operations (and their combinations are possible):

    • replace operation changes the specified value. In our case it’s either group name or members.
    • remove operation removes a member from the group.
    • add operation adds members to the group.

    The rules are the following:

    • We never remove unprovisioned members from the group (in case of `replace` members operation, for example).
    • PATCH request, regardless of the number of operations, SHALL be treated as atomic.

    The input validations are the following:

    • The body of each request MUST contain the "schemas" attribute with the URI value of "urn:ietf:params:scim:api:messages:2.0:PatchOp".
    • The body of an HTTP PATCH request MUST contain the attribute "Operations", whose value is an array of one or more PATCH operations.  Each PATCH operation object MUST have exactly one "op" member, whose value indicates the operation to perform and MAY be one of "add", "remove", or "replace".
    • The “path” attribute can be empty, in this case “value” should be a dictionary in the format of {“path”: “value”}.
    • For “Remove” operation the “members” path is required.
    • For the “Add” operation either “members” or “externalId” “path” should be present.
    • For “Replace” operation “members” path may be present. If it’s not there it means that we are replacing the group details (like group name) but not members.

    Note:

    • Assigning/unassigning users to a group happens asynchronously, so the changes won’t be reflected immediately in Udemy for Business.
    • We do not support nested groups, so they will be ignored during this request.

    Response:

    • HTTP status code 204 if the operation was successful.
    • HTTP status code 404 if the group does not exist.
    • HTTP status code 404 with the error details if there is an attempt to assign a group to a user that’s not a member of the organization.
    • HTTP status code 400 with the error details in the response body if the request did not pass the validation

    DELETE /Groups/<id>

    This endpoint is used to remove or deprovision a group in Udemy for Business. 

    The rules are the following:

    • If the group contains non-provisioned members, remove provisioned users from the group, delete `OrganizationSCIMGroup` record.

    Response:

    • HTTP status code 204 if the operation was successful.
    • HTTP status code 404 if the group does not exist.

    Further Reading

    Read Article
  • Configure SCIM Provisioning With OneLogin

    Once Single Sign-on (SSO) is set up you can then configure SCIM provisioning in OneLogin with Udemy for Business. This will allow you to provision, deprovision, create groups, manage group membership and change user profile details like name and email address in OneLogin, which automatically updates Udemy for Business. You will no longer need to update both OneLogin and Udemy for Business separately with these actions as it will all be synced from OneLogin.

    To enable SCIM Provisioning for your Udemy for Business account, first go to your Udemy for Business account and access Manage > Settings > Provisioning (SCIM).

    Click Start Setup and follow the instructions to enable SCIM and generate the Secret Token (Bearer token) which you then need to put into OneLogin.

    1.png

    Next, access your OneLogin account and go to your Udemy for Business SSO app and follow the steps below to get set up. 

    More information about setting up User Provisioning with OneLogin is available here.

    In the admin panel click on the applications tab

    2.png
    Next, click on “Add App

    3.png

    Type “SCIM” in the search box and select SCIM Provisioner with SAML (SCIM v2 Core)

    4.png

    Type in the Display Name. You can also add an icon and a description (optional) 

    Click “Save

    5.png

    Go to “Configuration

    {

        "schemas": ["urn:scim:schemas:core:2.0"],

        "userName": "{$parameters.scimusername}",

        "name": {

            "familyName": "{$user.lastname}",

            "givenName": "{$user.firstname}"

        },

        "emails": [{

            "value": "{$user.email}",

            "type": "work",

            "primary": true

        }],

        "title": "{$parameters.title}",

        "locale": "{$user.locale_code}",

        "externalId": "{$user.external_id}",

        "active": "{$user.status}"

    }

    • In the “Custom Headers” type: Content-Type: application/scim+json
    • Paste in the Bearer token

    6.png

    Click “Enable” and then “Save

    Go to “Provisioning

    7.png

    Select “Enable provisioning

    Choose your desired behaviour for:

    • when a user is deleted in OneLogin, or the user’s app access is removed
    • When user accounts are suspended in OneLogin

    Click “Save

    Provisioning users manually

    Go to “Users” and select a user you wish to provision

    8.png

    Go to “Applications” and click the + button

    9.png

    Select the Application and click “Continue” and then “Save

    10.png

    Go back to the new SCIM application and select users, click on the “Pending” provisioning status and click “Approve”

    11.png

    The user is now provisioned

    To automatically provision users without admin approval go to your application provisioning page and uncheck “Create user”, “Delete user” and “Update user” from “Require admin approval before this action is performed” and click “Save”

    12.png

    Configuring SAML in your SCIM application

    Go to your application configurations page:

    https://sso.connect.pingidentity.com/sso/sp/ACS.saml2?saasid=<idpid>

    Click Save

    13.png
    Go to Parameters and click the + button

    Add a parameter SCIM.email with value Email and select “Include in SAML assertion

    Click Save

    14.png

    You can also add these optional parameters:

    • SCIM.name.givenName the given (or first) name of the user
    • SCIM.name.familyName the family (or last) name of the user
    • externalID the user ID specified by customer

    Click Save

    Next, download the metadata and access the Single Sign-On (SSO) tab of your Udemy for Business account. 

    Click Start setup and choose your Identity Provider. 

    On the configuration page, choose the appropriate metadata configuration method and follow the instructions to create the SSO connection with your Identity Provider and Udemy for Business.

    SSO.png

    You have now completed configuring SSO for Udemy for Business with OneLogin. 

    Additional information about OneLogin is available in their Knowledge Base.

    Read Article
  • Configure and Customize Your Account Settings

    The Settings section of your Udemy for Business account is where you can customize the appearance of your account, enable access features and configure integrations such as Single Sign-On (SSO) and Slack sharing. To access the Settings area click Manage > Settings.

    What you can do in Settings:

    settings.png

    Read Article
  • How to Configure Automatic Provisioning (SCIM) in Okta for Existing Udemy for Business Customers

    This guide provides the steps required for existing Okta and Udemy for Business customers to configure automatic provisioning, deprovisioning, profile updates and group management of Udemy for Business using System for Cross-domain Identity Management (SCIM 2.0).

    Notes:

    • If you already have SSO sign on enabled from the previous Udemy for Business app you do not need to reconfigure SSO again, just look for the Provisioning tab under Applications in Okta to set SCIM up. 
    • If you had SSO set up from a manual configuration by one of our team, you should add our new Udemy for Business app into your Okta account. You will find this in Applications by searching for Udemy for Business. Because this is a new version of our app in Okta, existing customers might be required to reconfigure Single Sign On (SSO) before enabling SCIM Provisioning. (step by step instructions below)
    • Users provisioned through Okta will not take up a license until they log into the Udemy for Business application for the first time. 
    • SCIM provisioning changes can only be synced from Okta to Udemy for Business, not the other way round. 
    • Users and Groups managed by SCIM in Okta cannot be changed within the Udemy for Business app - SCIM is the single source of truth for user and group data.

    Contents

    • Features
    • Requirements
    • Configuration Steps
    • Schema Discovery
    • Troubleshooting Tips

    Features

    The following provisioning features are supported:

    • Identity Provider (IdP) Initiated SSO
      • Users will be able to initiate the login process from their Okta dashboard
    • Service Provider (SP) Initiated SSO
      • Users will be able to access [your-subdomain.udemy.com] and initiate the login process their Udemy for Business login page.
    • Just in Time (JIT) Provisioning
      • Users authenticated through SSO will be provisioned to Udemy for Business on their first login.
      • All user attributes which are configured to be sent will be updated whenever the user logs in. This does not apply to SCIM users since they are only managed by SCIM.
    • Push Users with Ahead of Time Provisioning (SCIM)
      • New users associated with Udemy for Business app on Okta will be created on Udemy for Business.
    • Push Profile Updates (SCIM)
      • Updates made to the user's profile through Okta will be pushed to Udemy for Business for users that are associated with the Udemy for Business on Okta.
    • Push User Deactivation (SCIM)
      • Deactivating the user or disabling the user's access to the application through Okta will deactivate the user on Udemy for Business and remove them from all groups.
      • Note: For Udemy for Business, deactivating a user means removing access to login, but maintaining the user's information on Udemy for Business as a deactivated user.
    • Reactivate Users
      • User accounts can be reactivated on Udemy for Business by reassigning the app to that user through Okta.
    • Group Push (SCIM)
      • Groups and their memberships will be pushed to Udemy for Business. Manage groups is limited to groups pushed originally from Okta as we do not send information of groups created on Udemy for Business.

    Configuration Steps

    1 - To get started, log into your Udemy for Business account and go to the User Access page from Manage > Settings > Single Sign-On (SSO).

    Click Start setup. Choose your Identity Provider and follow the instructions from there to enable SCIM, and generate your credentials for inputting into your Identity Provider, as part of the configuration process.

    start_scim_integration.png

    2 - From your Okta's Dashboard, use the top menu to access the Applications page.

    3 - Click on the button Add Application, search for Udemy for Business and click Add.

    1.png

    4 - Adding Udemy for Business app will redirect you to the Application General Settings - Required page as shown below.

    2.png

    5 - Add the Audience URI (SP Entity ID) value below into the corresponding field and click Done. 

    d905a6ca-adf9-45e2-9b9d-0d6485f27206

    Note: 

    • If you already have SSO login enabled from the previous Udemy for Business app you do not need to reconfigure SSO again, proceed to step 8. 
    • If you had SSO set up from a manual configuration by one of our team, you should reconfigure SSO with the new app.
      • You can avoid any SSO downtime by hiding the Udemy for Business tile in your Okta dashboard until the new SSO and SCIM configuration is complete. 
      • Beside Application Visibility click ‘Do not display application icon to users’

    6 - Click on Sign On tab to start the SSO configuration. 

    7 - Click on Identity Provider metadata, save the metadata file or copy the metadata URL with your organization's metadata. 

    Access the SSO section of your Udemy for Business account. On the configuration page, choose the appropriate metadata configuration method, and follow the instructions to create the SSO connection with your Identity Provider and Udemy for Business.

    SSO_settings.png

    8 - To enable automatic Provisioning (SCIM) click on the tab Provisioning and Configure API integration.

    3.png

    9 - Click on Enable API integration and add your subdomain, CLIENT_ID as username, and SECRET_ID as password

    [You can generate or view these credentials in your Udemy for Business account by accessing the Provisioning (SCIM) page under Settings.]

    4.png

    10 - Click on Test API Credentials and you should see a message like below. Otherwise, send a message to the Udemy for Business Support Team (ufbsupport@udemy.com) with the given error message.

    5.png
    11 - Click on Save and you will be redirected to the Application Provisioning configuration page.


    6.png

    12 - On To App link click on Edit to enable individual features. To use all the capabilities we recommend to enable Create Users, Update User Attributes and Deactivate Users on this page.

    7.png
    13 - Click on Save

    14 - Click on the Assignments tab to assign Udemy for Business to single users or entire groups. Assigned users will be automatically provisioned after being added, automatically modified when changes are made to their profiles, and automatically deactivated when they are removed from assignments.

    15 - Click on the Push Groups tab to send groups and their membership information to Udemy for Business.

    8.png
    16- Click on + Push Groups and select the groups you want to push to Udemy for Business.

    You will be able to select each group, or you can create an automatic rule.

    9.png
    17 - Select the group search criteria and fill the requested information for the groups you would like to send information to Udemy for Business.

     10.png18 - After selecting the group, check Push group memberships immediately to send not only the group but the members within the group as soon as you select the group, and click on Save.

    19 - Follow the previous steps for groups selection for all groups you would like to send to Udemy for Business.

    Note: After Okta sends User or Group information to Udemy for Business, we will consider Okta as the source of truth, and will not allow changes to user profiles or groups on Udemy for Business.

    Read Article
  • How to Automate User and Group Management With SCIM

    Udemy for Business supports user and group access and identity management with the System for Cross-domain Identity Management (SCIM) standard. SCIM is used by Single Sign-On (SSO) services and Identity Providers to manage people across a variety of apps and tools, including Udemy for Business.

    What you can do with SCIM:

    • Grant access to users and groups (provisioning)
    • Deactivate users and groups (deprovisioning) 
    • Change user details: name, email address 
    • Create, remove or edit groups
    • Manage group membership (users changing groups)

    What you cannot do with SCIM:

    • Delete User PII - this is dependent on the Identity Provider. 
      • In Okta you cannot Delete User PII with SCIM. You can, however, do this in the Udemy for Business platform once the user has been unassigned the Udemy for Business app, or deactivated in the Identity Provider. 
      • In Azure AD you can Delete User PII with SCIM by permanently deleting the user in Azure AD. 
    • Sync data from Udemy for Business back to the Identity Provider 

    Once you take any of the above actions, the data or change will automatically update in Udemy for Business.

    Your SCIM integration setup will vary depending on the identity provider you use. 

    Udemy for Business supports SCIM Provisioning for the key identity providers and SSO services that offer access and identity management. 

    SCIM Provisioning is available to Enterprise Plan customers using Single Sign-on (SSO). 

    Note: Users provisioned through SCIM in your SSO service will not take up a license until they join Udemy for Business by signing in for the first time. 

    If you wish to disconnect a learner from being managed by your IdP with SCIM, you can do so by deleting the learner's PII in your Udemy for Business account.

    If you need to manage a learner directly from within your Udemy for Business account and not via your SSO IdP, and further, you do not wish to delete their PII, please reach out to ufbsupport@udemy.com for further assistance.

    How to enable SCIM provisioning

    To enable SCIM provisioning for your Udemy for Business account, go to your Udemy for Business account to Manage > Settings > Provisioning (SCIM). 

    Scroll to the SCIM Integration section. Next, follow the instructions to enable SCIM, choose your Identity Provider from the dropdown and generate the credentials (Username and Password or Secret/Bearer token), which you then need to input into your Identity Provider as part of the configuration.

    SCIM_1.png

    Depending on which Identity Provider you use, follow the instructions in the appropriate guide below to complete the SCIM set up.

    Okta Configuration Guide 

    Azure AD Configuration Guide 

    OneLogin Configuration Guide

    How to disable SCIM provisioning

    To disable SCIM provisioning for your Udemy for Business account (if you’re changing providers or no longer require SCIM) access Manage > Settings > Provisioning (SCIM).

    Scroll to the SCIM Integration section and click on the Disable Integration link and follow the instructions to disable SCIM. This will disable the integration from the Udemy for Business side, but your IT team will need to disable the integration from the Identity Provider side also. 

    You can continue to use Udemy for Business as usual, but you will need to manually update user and group information within the platform from now on.

    SCIM_2.png

    Read Article
  • How to Configure Single Sign-On & Provisioning in Okta for Udemy for Business

    This guide provides the steps required to configure Single Sign-On using Security Assertion Markup Language (SAML 2.0) and Provisioning using System for Cross-domain Identity Management (SCIM 2.0)  for Udemy for Business.

    Existing Okta and Udemy for Business customers who wish to enable SCIM Provisioning in Okta should use this configuration guide.

    Notes:

    • Single sign-on and provisioning are available to Udemy for Business Enterprise Plan customers.
    • Users provisioned through Okta will not take up a license until they log into the Udemy for Business application for the first time. 
    • SCIM provisioning changes can only be synced from Okta to Udemy for Business, not the other way round. 
    • Users and Groups managed by SCIM in Okta cannot be changed within the Udemy for Business app - SCIM is the single source of truth for user and group data.

    Contents

    • Features
    • Requirements
    • Configuration Steps
    • Schema Discovery
    • Troubleshooting Tips

    Features

    The following provisioning features are supported:

    • Identity Provider (IdP) Initiated SSO
      • Users will be able to initiate the login process from their Okta dashboard
    • Service Provider (SP) Initiated SSO
      • Users will be able to access [your-subdomain.udemy.com] and initiate the login process their Udemy for Business login page.
    • Just in Time (JIT) Provisioning
      • Users authenticated through SSO will be provisioned to Udemy for Business on their first login.
      • All user attributes which are configured to be sent will be updated whenever the user logs in. This does not apply to SCIM users since they are only managed by SCIM.
    • Push Users with Ahead of Time Provisioning (SCIM)
      • New users associated with Udemy for Business app on Okta will be created on Udemy for Business.
    • Push Profile Updates (SCIM)
      • Updates made to the user's profile through Okta will be pushed to Udemy for Business for users that are associated with the Udemy for Business on Okta.
    • Push User Deactivation (SCIM)
      • Deactivating the user or disabling the user's access to the application through Okta will deactivate the user on Udemy for Business and remove them from all groups.
      • Note: For Udemy for Business, deactivating a user means removing access to login, but maintaining the user's information on Udemy for Business as a deactivated user.
    • Reactivate Users
      • User accounts can be reactivated on Udemy for Business.
    • Group Push (SCIM)
      • Groups and their memberships will be pushed to Udemy for Business. Manage groups is limited to groups pushed originally from Okta as we do not send information of groups created on Udemy for Business.

    Configuration Steps

    1a - To get started, log into your Udemy for Business account and go to Settings > Single Sign-On (SSO). Click Start setup, choose your Identity Provider from the list and follow the instructions to configure SSO and input your Identity Provider Metadata to automatically create the SSO connection with Udemy for Business.

    SS0_Settings.png

    1b - While still within your Udemy for Business account you can access the necessary details to set up SCIM Provisioning which automates user and group management. 

    Access the tab under SSO called Provisioning (SCIM). Click Start setup, choose your Identity Provider and follow the instructions from there to enable SCIM and generate your credentials for inputting into your Identity Provider as part of the configuration process.

    SCIM_Integration_Start.png

    2 - From your Okta's Dashboard, use the top menu to access the Applications page.

    3 - Click on the button Add Application, search for Udemy for Business and click Add.

    okta_verified.png

    4 - Adding Udemy for Business app will redirect you to the Application General Settings - Required page as shown below.

    add_udemy_for_business.png

    5 - Add the Audience URI (SP Entity ID) value below into the corresponding field and click Done.

    d905a6ca-adf9-45e2-9b9d-0d6485f27206

    6 - Click on Sign On tab to start the SSO configuration.

    7 - Click on Identity Provider metadata, save the metadata file or copy the metadata URL with your organization's metadata. 

    Access the SSO section of your Udemy for Business account again, and on the configuration page, choose the appropriate metadata configuration method and follow the instructions to create the SSO connection with your Identity Provider and Udemy for Business.

    sso_2.png

    8 - To enable Auto Provisioning (SCIM) click on the tab Provisioning and Configure API integration.

    provisioning.png

    9 - Click on Enable API integration and add your subdomain, CLIENT_ID as username, and SECRET_ID as password

    [You can generate or view these credentials in your Udemy for Business account by accessing the User Access page under Settings.]

    integration.png

    10 - Click on Test API Credentials and you should see a message like below. Otherwise, send a message to the Udemy for Business Support Team (ufbsupport@udemy.com) with the given error message.

    verified.png

    11 - Click on Save and you will be redirected to the Application Provisioning configuration page.

    to_app_okta.png

    12 - On To App link click on Edit to enable individual features. To use all the capabilities we recommend to enable Create Users, Update User Attributes and Deactivate Users on this page.

    to_app_save.png

    13 - Click on Save

    14 - Click on the Assignments tab to assign Udemy for Business to single users or entire groups. Assigned users will be automatically provisioned after added, modified when updated their profiles, and deactivated when they are removed from assignments.

    15 - Click on the Push Groups tab to send groups and their membership information to Udemy for Business.

    push_groups_.png

    16- Click on + Push Groups and select the groups you want to push to Udemy for Business.

    You will be able to select each group, or you can create an automatic rule.

    push_group_.png

    17 - Select the group search criteria and fill the requested information for the groups you would like to send information to Udemy for Business 

    push_group_by_name.png

    18 - After selecting the group, check Push group memberships immediately to send not only the group but the members within the group as soon as you select the group, and click on Save.

    19 - Follow the previous steps for groups selection for all groups you would like to send to Udemy for Business.

    Note: After Okta sends User or Group information to Udemy for Business, we will consider Okta as the source of truth, and not allow modifications to user profiles or groups on Udemy for Business.

    For SP-initiated SSO

    1- Go to https://[your-subdomain].udemy.com

    2- Click on Continue with SSO

    sso_ufb.png 

    Read Article
  • Team Plan Receipts

    Accessing Team Plan Receipts:

    Receipts are available to view, print, and download in your Udemy for Business Team Plan account. To view and access all your receipts, visit Manage > Billing. Your Payment History will be available at the bottom of the Billing page. Only account Admins will be able to see your company receipts.

    To Edit Receipt Information:
    You can now make a one time edit to the following information on your receipt:

    • Company Name
    • Company Address
    • Tax ID

    receipt_details.png

    To make these changes, visit Manage > Billing. Go to “Payment History” and view the receipt.

    team_plan_receipt.png

    Once you click into the receipt, you will be prompted to add a Company Name, Address, and Tax ID (optional). Note: This will only happen the first time you access receipts.

    If you would like to make any additional changes or add any additional information to your receipt please click on “Request Change” when you are viewing the receipt. Please specify what you would like to change on the receipt in the form. Our Support Team will make the changes and contact you when the new information has been updated. The update will be reflected in all receipts.

    Please note that the Udemy address on the receipt cannot be changed.

    Read Article
  • Nonprofit Plan FAQ

    The Udemy for Business Nonprofit Plan is a special, more affordable, pricing of our Udemy for Business Enterprise Plan. The Nonprofit Plan is available to all registered U.S. 501(c)(3) organizations. Your organization must have a valid Employer Identification Number (EIN) to qualify as a Nonprofit. The plan offers an annual subscription to over 5,000 of Udemy’s best courses to a minimum of 21 users. For specifics on what is included in the Nonprofit Plan, please click here.

    Below are answers to some of the most frequently asked questions we receive regarding the Udemy for Business Nonprofit Plan.

    What is the cost?

    Since nonprofit organizations around the U.S. come in all shapes and sizes, our sales team wants to work closely with you to figure out the price that works best for you. Please request a demo from our sales team here and we will help you make learning and development a priority at your organization.

    Can I pay monthly?

    At this time, there is only an annual subscription available.

    How can I pay for the Nonprofit Plan?

    All Udemy for Business Nonprofit customers are invoiced with Net 30 payment terms based on the completion of an agreement. Payments are accepted via check or ACH.

    I work at an international nonprofit. Can I qualify for the special discounted pricing?

    The Nonprofit Plan is currently only available to U.S. registered nonprofits. If you are interested in using Udemy for Business for your learning and development needs, please consider learning more about our Enterprise Plan or our Team Plan. Contact us here if you have any other questions.

    What currencies do you accept?

    We currently only accept payments in US Dollars.

    I do not need 21 licenses. Can I request less?

    Not at this time. In order to best support nonprofit organizations around the country, we ask for a minimum purchase of 21 licenses.

    Which courses are included in the Nonprofit Plan?

    Your nonprofit organization will have on-demand access to a content collection of more than 5,000 professional courses across 20+ business and technical topics. These top-rated courses have been curated from Udemy.com — our global marketplace powered by tens of thousands of instructors all over the world who teach over 35 million students. (Note that not all courses on udemy.com are available as part of the Udemy for Business Nonprofit Plan.)

    Our content team works hard to ensure that we only include the most highly rated and engaging courses from Udemy.com. You can view the full content collection here. We are also pleased to offer courses tailored to the specific needs of nonprofit organizations. You may browse through some of these sample courses here.

    What language are the courses in?

    Currently, all courses in the Nonprofit Plan are in English. A few courses will have English subtitles available.

    What is your refund policy?

    As stated in our Udemy for Business Agreement, under section 8, we do not accept refunds at this time. All purchases are final. All fees shall be paid in US dollars and are non-refundable.

    Can I add more users during my subscription?

    Certainly! Just contact us here and we would be happy to help!

    Does the administrator require a license?

    Yes. In order to access your learning account, you, as an account administrator, must occupy a license. This means if you purchase a Nonprofit Plan with the minimum 21 licenses required, you will occupy one seat, and you’ll be able to invite 20 additional team members to your account.

    Can I customize our team’s account with our organization’s logo or branding?

    Definitely! Your nonprofit's account administrator will be able to set up a custom logo or branding for your organization. Please review this support article to find out how to customize your account.

    What reporting and insights are available?

    Nonprofit subscribers get access to the same analytics and reporting that are included in the Udemy for Business Enterprise Plan. To learn more about the various reports and dashboards available, please see this article.

    I am an existing Udemy for Business customer. Can I get this discount retroactively?

    Since all of our deals are annual subscriptions, we will not be able to apply the discount to your account retroactively. We are happy to honor the discount at the time of your renewal for the following year.

    What if I have more questions about the Nonprofit Plan?

    You can learn more about the Nonprofit Plan here. If you have any additional questions regarding the Nonprofit Plan, please contact us at ufbsupport@udemy.com.

    Read Article
  • Team Plan Renewal FAQ

    Below are answers to frequently asked questions we receive regarding Team Plan renewals.

    Who can enable Team Plan Renewals?

    Anyone who is designated as an “Admin” in your account can renew your Team Plan contract, enable automatic renewals, or see and change their payment method. How to make a user an admin.

    How can admins enable automatic Team Plan renewals?

    Customers with Admin access can turn automatic renewals on by going to Manage > Settings > Billing and then toggling the renewal option.

     toggle_on_.png

    How can I opt out of automated renewals?

    Customers with Admin access can turn automatic renewals on or off at any time by going to Manage > Settings > Billing and then toggling the renewal option.

    What will happen if payment is declined on the automatic renewal date?

    We will notify you by email so you can update your account with a working debit or credit card. If your credit card on file has expired before the renewal date, we will also notify you via email.  

    Can Team Plans be renewed early?

    No, Team Plans cannot be renewed early. If auto-renew is enabled (please see above), the plan will automatically renew on its annual renewal date. If auto-renew is disabled, then Admins will be able to manually renew the plan once it has expired (i.e., after the renewal date has passed). As the renewal date approaches, we will send out reminders via email to ensure you know that your renewal is coming up.

    Once a Team Plan has expired, how can admins manually renew the Team Plan subscription?

    Admins can manually renew their Team Plan subscription by logging into their Udemy for Business account, navigating to Manage > Settings > Billing, then entering the number of licenses required. For more information on adding more licenses to your subscription please click here.

    How long will I have to manually renew my plan once it expires?

    For privacy reasons, Udemy for Business Team plans are routinely anonymized 30 days after the expiration date. If it has been more than 30 days since your Team Plan expired, you will need to sign up for a new Team Plan. Please note updated pricing may apply.

    What forms of payment are accepted?

    Currently the following debit / credit cards are accepted by Udemy for Business: Visa, Mastercard, and AMEX.

    Please note that only one payment method can be associated with an account.

    payment_options.png

    I’m based in India and I don’t see an option to renew my Team Plan subscription or to purchase more licenses. How should I proceed?

    The Team Plan subscription is currently not available for online renewal in your region and as a result, additional licenses are not available at this time. Please request a demo and a sales representative will reach out to assist.

    Read Article
  • Webinar: New Admin Training

    Welcome to Udemy for Business! To help you get started with your new Udemy for Business account, we offer live webinars to get you and your team off to a successful start. This 45-minute webinar is hosted via GoToWebinar.

    Join us for an interactive webinar and walk away with:

    • A blueprint for launching Udemy for Business at your company
    • Strategies for developing a culture of learning at your organization
    • Specific tactics for driving ongoing adoption of Udemy for Business
    • A deep understanding of the Admin capabilities of the platform
    • Product knowledge to support your team

    To register for an upcoming webinar, click on one of the links below.

    Please invite everyone in your organization who will be an admin of your Udemy for Business account.

    If you have any questions, please click on the Contact Us icon. 

    Read Article
  • Team Plan FAQ

    Team Plan is a self-serve, subscription service for Udemy’s solution for businesses, Udemy for Business. Team Plan is designed for teams or organizations of 5-20 people, who are in need of on-demand learning and development at work. With a subscription to Team Plan, you and your team will get access to 5,000+ of Udemy’s most highly rated business and technical courses.

    Below are answers to some of the most frequently asked questions we receive regarding Team Plan. You can also learn more about Team Plan here.

    What is the cost?

    Team Plan is priced as an annual subscription of $360 (in USD) per person, per year, and payment is due in full, upfront. There is a minimum of 5 users required for purchase. This means that the minimum purchase will be $1800 US Dollars, plus applicable taxes. You can view more details here.

    Can I pay monthly?

    No. At this time, only an annual payment option is available.

    What currencies do you accept?

    We currently only accept payments in US Dollars.

    Can I buy this for 1,2,3 or 4 users?

    Not at this time. The Udemy for Business Team Plan is meant for groups of 5 or more people, up to 20 people in total.

    What is your refund policy?

    As stated in our Udemy for Business Agreement, under section 8, we do not accept refunds at this time. All purchases are final. All fees shall be paid in US dollars and are non-refundable.

    Which courses are included in the Team Plan subscription?

    You and your team will have on-demand access to a collection of more than 5,000 professional courses across 20+ business and technical topics. These top-rated courses on Udemy have been curated from Udemy.com; our global marketplace powered by over 35 million students, 57,000 instructors, and 130,000 courses. Our content team works hard to ensure that we only include the most engaging courses from Udemy.com. You can view the full content collection here or explore the courses by creating your free trial account here. All courses are currently in English.

    How can I renew my Team Plan subscription?

    Steps to manually renew your team plan subscription or set up automatic renewals can be viewed here.

    What language are the courses in?

    Currently, all courses on Udemy for Business are in English. A few courses will have English captions available.

    How is Team Plan different from Udemy.com?

    Team Plan is a product offered by Udemy for Business, Udemy’s business product offering. It has been designed to serve small teams and organizations of 5 to 20 people. Instead of purchasing courses one by one on udemy.com, Team Plan provides a team of people with unlimited access to over 5,000 of Udemy’s top-rated business and technical courses, in your own unique account. Your team can take these courses at any time, however many times they want, within the one-year plan. The plan is priced as an annual subscription at $360 (plus applicable taxes) per person per year.   

    How is Team Plan different from Enterprise Plan?

    Team Plan is designed for teams and organizations for  5-20 people. The Enterprise Plan is a product designed for larger departments and organizations of 21 or more people. Both plans offer the same course collection of high-quality professional content. The Enterprise Plan includes additional features such as SSO support, API integration, and advanced analytics. To view more differences between the two plans, please click here.

    Can I pay via check, sales order, or purchase order?

    Not at this time. All Team Plan payments must be made via a credit card online.

    Can I add more users during my subscription?

    Yes! For more information on adding more licenses to your subscription please click here.

    Does the administrator require a license?

    Yes. In order to access your Udemy for Business learning account, you, as an account admin, must occupy a license. This means if you purchase Team Plan for 5 users, you will occupy one seat, and you’ll be able to invite four additional team members to your account.

    What if I find a course on Udemy.com that I want added to Udemy for Business?

    It's best to try entering different keywords when searching for the course or topic you want to learn first. Further instructions on how to do this can be viewed here. If the course you want is not in the Udemy for Business collection, you can suggest that the course be added here. Our content team reviews these course suggestions on a monthly basis, and will do their best to honor all requests, but please know that not all suggestions will be honored.

    Can I customize our team’s account with our organization’s logo or branding?

    Yes! Team Plan accounts can be customized to include your organization’s name, logo or icon. In addition, you can also upload a background to reflect your organization’s brand. At the time of the account creation, you can also provide a unique URL that is directly related to your Team Plan Account. For example, if your company name is acme, your account URL could be acme.udemy.com.

    What reporting and insights are available?

    Team Plan subscribers have access to basic analytics through the User Adoption Dashboard, which helps you understand how many and which users have logged in to your Udemy for Business account and started using it. User Adoption information can also be exported via a CSV file.

    For more information regarding the User Adoption Dashboard, please click here.

    I have a sales tax exemption certificate. How do I provide it so that I’m not charged tax on my subscription?

    The Udemy for Business Master Services Agreement (MSA) outlines applicable transaction taxes as the responsibility of our customers. As such, Udemy invoices now include a transaction tax, such as VAT, GST, or sales tax, in addition to your Team Plan subscription total, as required by law based on where your licenses are being consumed.

    Customers who are exempt from these taxes can email us at ufbsupport@udemy.com and request for a refund on any taxes applied to their Team Plan purchase.

    I have paid for tax but I have a tax exemption certificate. Am I eligible for a refund? 

    Yes. Please email us your certificate at ufbsupport@udemy.com and we will process a refund for any taxes applied to your Team Plan purchase.  

    I’m based in India but I don’t see an option to purchase the Team Plan subscription. Why?

    Team Plan is currently not available for online purchase in India. If you’re based in India and would like to purchase Udemy for Business, please reach out to our sales team.

    What if I have more questions about Team Plan?

    If you have any additional questions regarding Team Plan, please contact Udemy for Business Support.

    Read Article
  • How to Configure Single Sign-On and Provisioning in Azure AD for Udemy for Business

    This guide provides the steps required to configure Single Sign-On (SSO) using Security Assertion Markup Language (SAML 2.0) and Provisioning using System for Cross-domain Identity Management (SCIM 2.0) for Udemy for Business.

    If you have already configured SSO with SAML in Azure AD for Udemy for Business and just want to enable SCIM Provisioning, access your existing Udemy for Business SSO in Azure AD and follow the instructions from section 2 below (after SSO set up).

    Udemy for Business SAML Metadata for Azure AD is linked here.

    Notes:

    • Single sign-on and provisioning are available to Udemy for Business Enterprise Plan customers.
    • Users provisioned through Azure AD will not take up a license until they log into the Udemy for Business application for the first time. 
    • SCIM provisioning changes can only be synced from Azure AD to Udemy for Business, not the other way round. 
    • Users and Groups managed by SCIM in Azure AD cannot be changed within the Udemy for Business app - SCIM is the single source of truth for user and group data.
    • You can still create groups manually in Udemy for Business if you have users that you don’t need or want to push from Azure AD, eg. contractors or temporary staff.

    1. Configure Single Sign-On (SSO) with Azure

    Log in to your Azure portal and click Azure Active Directory.

    1.png

    Next, select Enterprise applications.

    2.png

     Now click + New application in the top bar.

    3.png

     Select Non-gallery application.

    4.png

    Enter a name for the new application and click Add at the end of the window.

    5.png

    Then select Set up single sign on. 6.png

    For Single Sign-on mode, select SAML based Sign-on.

    7.png

    Follow the 4 steps on the SSO with SAML screen. Azure AD has also provided a detailed configuration guide at the top of the page for further guidance.

    8.png

    For Step 1, Basic SAML Configuration:

    For Step 2, User Attributes and Claims:

    In the User Identifier field, enter user.mail.

    Udemy for Business supports the following SAML attributes (all attributes are case-sensitive).

    Required attributes

    • SCIM.email
      the unique email of the user

    Optional attributes

    • SCIM.name.givenName
      the given (or first) name of the user
    • SCIM.name.middleName
      the middle name (if any) of the user
    • SCIM.name.familyName
      the family (or last) name of the user
    • SCIM.name.formatted
      the fully formatted name of the user
    • groups
      the list of groups to which the user belongs
    • externalID
      a unique user ID specified by the customer

    To change each attribute, click on the respective row.

    Enter the attribute name as specified in the table above, select the corresponding value and remove Namespace value (leave it blank) and click OK.

    To add more attributes to your SAML assertion, click Add attribute and repeat the process.

    10.png 

    Once you’re done adding the attributes, click Save to complete the configuration.

    For Step 3, in the SAML Signing Certificate section, copy the App Federation Metadata URL or click Download Federation Metadata XML, which will export the Metadata file.

    Access the Single Sign-On (SSO) tab of your Udemy for Business account. Click Start setup and choose your Identity Provider. On the configuration page, choose the appropriate metadata configuration method and follow the instructions to create the SSO connection with your Identity Provider and Udemy for Business.

    sso_providers.png

    Finally, please click here to contact our support team so we can complete the setup on our end. Our team will confirm once everything is finalized, at which point you’ll be ready to give your learners access to Udemy for Business.

    Click on Azure Active Directory.

    12.png

    Select Enterprise applications.

    13.png


    Select your newly created application from the list.

    Click Users and groups.

    14.png

    Click on Add User -> Users and Groups

    Select all users you want to add to the application and click Select.

    15.png 

    You have now completed configuring SSO for Udemy for Business with Azure AD.

    2. Configure SCIM Provisioning with Azure AD

    Once Single Sign-on (SSO) is set up you can then configure SCIM provisioning in Azure AD with Udemy for Business. This will allow you to provision, deprovision, create groups, manage group membership and change user profile details like name and email address which is then automatically updated in Udemy for Business. You will no longer need to update both Azure and Udemy for Business separately with these actions as it will all be synced from Azure.

    1a.png

    To enable SCIM Provisioning for Udemy for Business, first go to your Udemy for Business account and access Manage > Settings > Provisioning (SCIM).

    Click Start Setup, choose your Identity Provider and follow the instructions to generate the Secret Token (Bearer token) which you then need to input into Azure AD.

    Next, access your Azure AD account and go to your Udemy for Business SSO app and follow the steps below to get set up. You can also refer to Microsoft’s own configuration guide for SCIM Provisioning with Azure AD for further guidance.

    Go to the Provisioning tab in your Azure portal.   

    (Note: udemyazure is a test name we used in the screenshots below for the purpose of illustrating how to configure SCIM; you should locate the app that was named by your team when configuring SSO) 

    1b.png

    Choose Automatic as the Provisioning Mode.

    1c.png

    In the Admin Credentials section:

    Tenant URL is: https://yourdomain.udemy.com/scim/v2 (yourdomain is the url for your Udemy for Business account)

    Secret Token: This is a ‘Bearer’ token that you can generate or view inside your Udemy for Business account. (go to Manage > Settings > User Access to get the Secret Token)

    Click Test Connection to check that it’s working correctly. 

    Optional: You can enter an email address if you wish to receive alerts from Azure about errors.1d.png
    In Mappings

    Check the attribute mapping so that user's email is mapped to emails[type eq "work"].value 

    1e.png

    1f.png

    In Settings

    Toggle the Provisioning Status button to On.1h.png

    Choose the Scope of how you want to sync your users and groups.

    1i.png

    You can sync only users and groups who are assigned the Udemy for Business app if you need to restrict access to certain employees or departments. Or, you can sync all users and groups if every employee is going to have access.

    1j.png

    In order to provision more users and groups with Udemy for Business access:

    Click Users and groups

    1k.png

    Click on Add User (which will give you the option to add both Users and Groups)

    Select all users or the groups you want to add to the application and click Select.

    1l.png

    Troubleshooting

    In relation to Mappings:

    1m.png
    If you experience this error when provisioning:

    {"schemas":["urn:ietf:params:scim:api:messages:2.0:Error"],"status":400,"detail":"{'emails': ['This field is required.']}"}

    You should change the mapping of the User.

    1n.png
    emails[type eq "work"].value needs to be mapped to userPrincipalName that is, if userPrincipalName is where the email is.

    If you go to the user profile, you should be able to see which field contains the email there.1o.png

    Read Article
  • Configuring SSO With Your Identity Provider

    Udemy for Business supports Single Sign-On (SSO) integrations for Security Assertion Mark-up Language (SAML 2.0) standard Identity Providers (IdP). The list below includes links to tutorials that outline how you can set up SSO integration for your Identity Provider.

    How to enable SSO in your Udemy for Business account

    You can enable SSO in your Udemy for Business account yourself, using our self-serve settings, by doing the following.

    1. Access Manage > Settings > Single Sign-On (SSO). 
    2. Click Start Setup
    3. Choose your Identity Provider and using our supporting documentation, configure your SSO integration and choose from a range of optional settings.

     sso_options.png

    Important: if your Identity Provider is Azure, once you configure the setup, please click here to contact our support team so we can complete the process on our end.

    How to pause or delete SSO in your Udemy for Business account

    You can pause or delete SSO in your Udemy for Business account using our self-serve settings, by doing the following.

    1. Access Manage > Settings > Single Sign-On (SSO). 
    2. Use the toggle to pause your connection or the Delete Connection link to remove the SSO connection completely. 

    Both actions will prevent your users logging into Udemy for Business through SSO. By pausing, however, all of the SSO connection details are maintained. If you delete the connection, you will need to configure SSO once again, if you wish to enable it in future.

    pause_sso.png

    How to replace your SAML Signing Certificate

    You can replace your SAML Signing Certificate in your Udemy for Business account by using our self-serve settings. 

    1. Access Manage > Settings > Single Sign-On (SSO). 
    2. Use the Replace Certificate link to upload a new SAML Signing Certificate, which is provided by your Identity Provider.
    3. Replace the certificate in your Identity Provider once it’s been updated in Udemy for Business. 

    Note: Please update your SAML Signing Certificate in Udemy for Business first before updating it in your Identity Provider to avoid a certificate mismatch from occurring which would prevent your team from being able to access your Udemy for Business account.

    replace_certificate.png

    Configure optional settings for your SSO connection

    Further optional settings can be configured when setting up or editing your SSO connection. These include:

    • Login via SSO Provider only: by selecting this option all users will be forced to log in via SSO. If this option is not selected, users will be able to login via SSO or their username and password.
    • Custom redirect URL: insert the URL of the page you wish your users to land on, if an error occurs with your SSO connection.
    • Session timeout: set a time, after which, inactive users will be automatically logged out of UFB.
    • Single logout: if selected, when a user logs out of UFB, they will be logged out of all SSO applications.

    sso_optional_settings.png

    Read Article
  • How to Configure SSO With ADFS

    In this tutorial we will configure ADFS with Udemy for Business using the metadata from ADFS.

    Udemy for Business SAML Metadata for ADFS is linked here.

    Configuring ADFS

    1. Launch the ADFS 2.0 console.

    1.png 

    2. Under Trust Relationships > Relying Party Trusts, add a new Relying Party Trust. This will launch the wizard shown below.

    2.png 

    3. Next, you will be prompted to import the Udemy for Business Metadata file.

    3.png

    4. Enter a name for the connection, for example Udemy for Business. 

    4.png

    5. On the Choose Issuance Authorization Rules step, select Permit all users to access this relying party.

    5.png

    6. Click Next to view the summary and complete the wizard.

    6.png

     7. Leave the “Open the Edit Claim Rules…” option checked and finish the wizard.

     image7.png

    8. This will launch the Edit Claim Rules configuration utility.

    8.png

    9. This example will only gather claims from Active Directory to present to Udemy for Business. 

    9.png

    10. Configure a basic claim set.

     Udemy for Business supports the following SAML attributes (all attributes are case sensitive).

     Required attributes

    • SCIM.email
      the unique email of the user
       

    Optional attributes 

    • SCIM.name.givenName
      the given name of the user
    • SCIM.name.middleName
      the middle name (if any) of the user
    • SCIM.name.familyName
      the family (or last) name of the user
    • SCIM.name.formatted
      the fully formatted name of the user
    • Name ID
    • groups
      the list of groups to which the user belongs
    • externalID
      A unique user ID specified by the customer

    10.png

    11. Once you’ve configured the claims, back on the ADFS 2.0 Relying Party Trusts window, right-click the newly created connection and view the properties for the connection. Navigate to the Encryption tab and Remove the encryption certificate.

    11.png

    12. That will complete the ADFS configuration. Next, you should download the metadata and input it into your Udemy for Business account to create the SSO connection. You can find the Metadata file at:

    https://<ADFS server name>/FederationMetadata/2007-06/FederationMetadata.xml

    Access the Single Sign-On (SSO) tab of your Udemy for Business account. Click Start setup and choose your Identity Provider. On the configuration page, choose the appropriate metadata configuration method and follow the instructions to create the SSO connection with your Identity Provider and Udemy for Business.

    sso_providers.png

    Read Article
  • How to Configure SSO With G Suite

    In this tutorial, we will configure G Suite (formerly known as Google Apps for Work). 

    Udemy for Business SAML Metadata for G Suite is linked here.

    Locating Your SaasID

    To configure G Suite you will need your SaasID. This value will be provided by Udemy and it is going to be the sub domain to access udemy, e.g. the yoursubdomain where Udemy For Business full address is yoursubdomain.udemy.com.

    In addition to your SaasID, you will also need the following parameters to configure G Suite.

    Creating a New SAML Application in G Suite

    The steps below outline how to create a new SAML application in G Suite.

    1. Log into G Suite for Work Admin Console.
    2. Navigate to Apps > SAML Apps.
    3. Click Add a service/App to your domain.
    4. Choose Setup My Own Custom App, and click Next.
    5. Enter the Application Name and Description, upload a logo if desired, and click Next.
    6. Enter the ACS URL and Entity ID fields with the information given above.
    7. Leave Start URL blank if users will only be accessing Udemy for Business directly from the account URL (i.e., yoursubdomain.udemy.com). If your users will be accessing Udemy for Business from G Suite, then you will need to apply the following value for the Start URL: https://pingone.com/1.0/d905a6ca-adf9-45e2-9b9d-0d6485f27206
    8. The NameID will automatically be set to the Primary Email address so leave it at that. Click Next.
    9. If your application requires additional attributes, you can add them in this section. If not, click Finish.
    10. Click OK to complete the wizard.
    11. By default, new applications are OFF for all users. Click the menu icon and choose ON for Everyone.

    sso_1.png

    Once the SAML application is created, you will need to configure attributes that are going to be sent in the SAML assertion.

    Udemy for Business supports the following SAML attributes (all attributes are case sensitive).

    Required attributes

    • SCIM.email
      the unique email of the user

    Optional attributes

    • SCIM.name.givenName
      the given name of the user
    • SCIM.name.middleName
      the middle name (if any) of the user
    • SCIM.name.familyName
      the family (or last) name of the user
    • SCIM.name.formatted
      the fully formatted name of the user
    • groups
      the list of groups to which the user belongs
    • externalID
      A unique user ID specified by the customer

    Finally, you will need to generate a metadata file for the newly created SAML application and enter it into your Udemy for Business account to create the SSO connection. 

    Access the Single Sign-On (SSO) tab of your Udemy for Business account. Click Start setup, choose your Identity Provider and on the configuration page choose the appropriate metadata configuration method. Then follow the instructions to create the SSO connection with your Identity Provider and Udemy for Business.

    sso_providers.png

    Please note: when adding a new SAML application in G Suite, it might take up to 24 hours for the process to be completed.

    Read Article
  • How to Configure Udemy for Business and Onelogin

    When SSO is enabled, enterprise customers will be able to manage employee authorization and authentication to their Udemy for Business learning site from their corporate identity system. Udemy for Business (UFB) supports federated authentication via SAML 2.0-based Single Sign-On (SSO).

    In this tutorial, we will configure OneLogin using the metadata provided by the Udemy for Business team or the metadata downloaded from here.

    Udemy for Business SAML Metadata for Onelogin is linked here.

    This article will cover all the key steps to add and configure Udemy for Business SSO for Onelogin. You may, however, also want to refer to this Onelogin article for additional details.

    Steps to Configure Udemy for Business and Onelogin:

    1. Add an App in OneLogin
    2. Configure Application Details
    3. Set the Parameters for the App
    4. Assign Users and Groups to the application
    5. Download metadata (to input into your Udemy for Business account)

    Add an App

    Start by navigating to Apps > Add Apps in the OneLogin administrator dashboard. Next, search for SAML Test Connector (IdP w/attr) and select the first result from the search results.

    1.png

     Select Add App:

    2.png

    On the Find Applications page, search for SAML Test Connector (IdP w/ attr w/ sign response) and select theresult from the search results.

    3.png

    Then, set the Display Name, Icon and Save the application. Onelogin will take you to the application Info page, where you will navigate to the Configuration tab. You should be able to fill in all the values based on your metadata.

     Configure the Application Details

    image4.png

    Configure the Application Details (Continued)

    The following Application details should be pre-configured as long as you selected the SAML Test Connector (IdP w/ attr w/ sign response) in the previous step.

    5.png

    • RelayState 
      yoursubdomain.udemy.com
      [This is your vanity url]
    • Audience
      https://sso.connect.pingidentity.com/sso/sp/ACS.saml2
    • Recipient
      https://sso.connect.pingidentity.com/sso/sp/ACS.saml2
    • ACS (Consumer) URL Validator*
      ^https:\/\/sso\.connect\.pingidentity\.com\/sso\/sp\/ACS\.saml2$
    • ACS (Consumer) URL
      https://sso.connect.pingidentity.com/sso/sp/ACS.saml2

    Next, go to the Parameters tab. Here you can add/edit attributes that are sentin the SAML assertion. By clicking on 'Add parameter', you can add new parameters with a field name. When adding new parameters, don't forget to check the flag to include new fields in the SAML assertion. Once a new parameter is added, click on it and set the value for it.

    Udemy for Business SAML 2.0 supports the following attributes (please note: all attributes are case sensitive).

    Required attributes:

    • SCIM.email the unique email of the user

    Optional attributes:

    • SCIM.name.givenName the given (or rst) name of the user
    • SCIM.name.middleName the middle name (if any) of the user
    • SCIM.name.familyName the family (or last) name of the user
    • SCIM.name.formatted the fully formatted name of the user
    • groups the list of groups to which user belongs
    • externalID the user ID specified by customer

    Set the Parameters for the App

     6.png

    Configure User Access to the App

    In the Access tab and Users tab, configure the users’ access for the newly created app (either by adding Udemy for Business app to a role (recommended), or adding the app to a specific user).
    Please see this 
    Onelogin article for details.

    7.png

    Save the Application Metadata

    Save the application and in the More Actions dropdown options, click on SAML Metadata.

    8.png

    Next, download the metadata and access the Single Sign-On (SSO) tab of your Udemy for Business account. Click Start setup and  choose your Identity Provider. On the configuration page, choose the appropriate metadata configuration method and follow the instructions to create the SSO connection with your Identity Provider and Udemy for Business.

    SSO_start_setup.png

    You have now completed configuring SSO for Udemy for Business with OneLogin. 

    Additional information about OneLogin is available in their Knowledge Base.

    SSO is set up so you can also configure SCIM provisioning in OneLogin with Udemy for Business. This will allow you to provision, deprovision, create groups, manage group membership and change user profile details like name and email address in OneLogin, which automatically updates Udemy for Business.  

    You do not need to update both OneLogin and Udemy for Business separately with these actions as it will all be synced from OneLogin. Click here for more details and instructions on how to set this up.

    Read Article
  • Udemy for Business Help Center FAQ

    How do I access the Help Center?
    Login to your Udemy for Business account, click your user menu in the upper right-hand corner and select Help.

    Who has access to the Help Center and forms?
    All Udemy for Business users and admins have access.

    How do I report a technical issue with the Support model?
    All technical issues will now be tracked via Zendesk tickets.  If you have a technical issue, please submit a ticket through our help center or email ufbsupport@udemy.com.

    If you email your Customer Success Manager regarding a technical issue, they will forward your request to the Support team to create a case.

    How do I request a course be added to the Udemy for Business collection?
    Now, every user can request courses be added or topics enhanced. If you want to request a course be added to the Udemy for Business collection, fill out this form in our Help Center. We will review all course requests every couple of weeks and will let you know if we can add the course you request into the collection.

    What is the likelihood my course request is added to the Udemy for Business collection?
    We appreciate customer course suggestions. However, it is not guaranteed your course requests will be added to the collection. Courses that are added must be applicable to all of our customers and must meet our instructor and quality standards.

    I have a good idea for a product enhancement, how do I let you know?
    If you have a feature request that you think would make our product better, please fill out this form in our help center.

    Will my feature request make it into the product?
    We will review all feature requests and see how they align with our product vision and the needs of our customer base. We cannot guarantee any feature will be added to the product.

    Can I see a list of my support requests?
    If you want to see a list of your outstanding tickets, you can find them in the help center under your user menu in the upper right-hand corner.

    What is the difference between Customer Support and my Customer Success Manager?
    Customer Support is designed to help you triage technical issues. They are great at managing cases and partnering with our Product & Engineering teams to solve bugs.

    Your Customer Success Manager is a strategic partner to help with best practices, employee engagement, and driving value of Udemy for Business.

    Read Article
  • Terms of Use

    To view the Udemy for Business Master Services Agreement, please visit: https://www.udemy.com/terms/ufb/ 

    To review the Udemy for Business Privacy Statement, please visit: https://www.udemy.com/terms/ufb-privacy/

    Please note: depending on how your company signed up for its Udemy for Business account, you may be subject to additional or different terms, as listed in the agreement your company has signed.

    Read Article
  • Getting Help

    For support and/or product related questions, we have helpful articles in our Help Center for frequently asked questions. If you have a technical issue or question that you cannot solve, please submit a support ticket and a member of our support team will respond within 24 hours. For strategic related questions on how to promote your Udemy For Business account, please click on the Contact Us icon. 

    The best and quickest way for your end-users to get assistance with technical issues is to file a ticket with Customer Support. A member of our support team can help them troubleshoot since it may be an issue specific to their individual set-up (browser, cache, etc.).

    Read Article
  • Customizing my Account

    To customize your account appearance, upload three images: a logo, a background image and your company icon. Go to Manage > Settings > Customize Appearance

    1. Logo: upload a logo in one of the following formats: jpg, .jpeg, .gif, .png, .bmp. The logo should be at least 400 x 70 pixels.
    2. Background image: upload a background image for your login page. It should be at least 1920 x 1080 pixels.
    3. Icon: upload an optional square logo to use as a browser icon.  It should be at least 32x32 pixels.
    Read Article
  • What is Udemy For Business?

    Udemy for Business is a next-gen learning solution that transforms the workplace learning experience through a consumer-first on-demand learning solution. Built for businesses striving to be at the forefront of innovation, Udemy for Business offers fresh, relevant learning anytime, anywhere. The 5,000+ high-quality courses taught by the world’s leading experts cover a wide range of topics from development and IT to design, leadership and stress management. In addition to its curated content collection, organizations can also securely host and distribute their own proprietary content.

    To read more about many of the companies that leverage Udemy for Business for their learning needs, please click here.

     

    Read Article