Udemy Business Single Sign-On (SSO) integration

You can integrate the Udemy Business application with CyberArk Identity to enable use of SAML SSO.

Supported features

This application template supports the following features:

  • SP-initiated SSO

  • IdP-initiated SSO

  • SCIM provisioning

  • Just-in-time (JIT) provisioning

Before you begin

Make sure you have the following information:

  • An Udemy Business account with administrator privileges.

  • Request the Udemy support team to enable SAML 2.0 for your account. Once the request is processed, you will get the Audience URL (SP Entity ID) value.

Configure the Udemy Business app template in the Identity Administration portal

Perform these steps in the Identity Administration portal to configure the Udemy Business app template for SSO.

Step 1: Add the Udemy Business web app template

  1. In the Identity Administration portal, select Apps & Widgets > Web Apps, then click Add Web Apps.

    Add a web app screen

  2. On the Search page, enter the application name in the Search field and click the search button.

  3. Next to the application name, click Add.

  4. On the Add Web App page, click Yes to confirm.

  5. Click Close to exit the Application Catalog.

    The application opens to the Settings page.

Step 2: Configure the Trust page

  1. Select Trust from the menu.

  2. In the Identity Provider Configuration section, select Metadata.

  3. Click Download Metadata File and save it. You will need these files later when you configure Udemy Business.

  4. In the Service Provider Configuration section, select Manual Configuration. Enter the SP Entity ID and Assertion Consumer Service (ACS) URL (from the Udemy Business app), then click Save.

Step 3: Configure the SAML Response page

  1. Verify the following attributes with the Udemy Business attribute name in the Attribute Name column and the CyberArk attribute in the Attribute Value column.

    Attributes are case-sensitive.

    Attribute Name Attribute Value
    email LoginUser.Email

    2. The following attributes are optional.

    Attribute Name Attribute Value
    firstName First name of the user

    middleName

    Middle name (if any) of the user

    lastName

    Last name of the user

    displayName

    Name of the user

    Name ID

    Use this identifier when duplicate username exists

    groups

    List of groups to which the user belongs

    externalID

    A unique user ID specified by the customer

  2. Map any other attributes that you want to pass in the SAML response, then click Save.

Step 4: Configure the Permissions page to grant Udemy Business users SSO access

Grant SSO access to Udemy Business by assigning permissions to users, groups, or roles. Add two users. One user must be an administrator who is mapped to the udemy_business_role attribute, while the second user can have any role. The users must already exist in Udemy Business.

Perform these steps to define permissions for each user.

  1. On the Permissions page, click Add.

    The Select User, Group, or Role window appears.

  2. Select the user(s), group(s), or role(s) that you want to give permissions to, then click Add.

    The added object appears on the Permissions page with View, Run, and Automatically Deploy permissions selected by default.

  3. Select the permissions you want, then click Save.

Step 5: Review and save

Review your settings to confirm your configuration. For example, you might want to verify that you selected the appropriate users, groups, or roles on the Permissions page. Click Save.

Configure Udemy Business for SAML single sign-on

Perform these steps to configure the Udemy Business application template for SSO:

  1. Sign in to Udemy Business as the administrator.

  2. Go to Manage > Settings > Single Sign-On (SSO) > Start setup and select Custom.

  3. Enter Connection name.

  4. Upload the metadata file downloaded from CyberArk.

  5. Click Save.

Udemy Business SCIM provisioning

Udemy Business supports user and group access and identity management with the System for Cross-domain Identity Management (SCIM) standard. SCIM is used by Single Sign-On (SSO) services and Identity Providers to manage users across various apps and tools, including Udemy Business.

Before you begin

Make sure you have the following information:

  • SCIM provisioning is available to Enterprise Plan customers using SSO.

  • SCIM base URL

  • Bearer/API token

  • Create a custom Udemy Business application in CyberArk Identity. If you have already set up SSO then use the existing Udemy Business app.

Supported features

The following features are supported:

  • Grant access to users and groups (provisioning)

  • Deactivate users and groups (deprovisioning)

  • Reactivate users who were previously deprovisioned (provided the user’s personal identifiable information has not been anonymized).

  • Change user details (name, email address)

  • Create, remove or edit groups

  • Manage group membership

The following features are not supported:

  • Delete user's Personal Identifiable Information (PII) via SCIM

  • Sync data from Udemy Business back to the IdP provider

  • Manage roles (assign group admins, admins)

Users provisioned through SCIM in SSO do not have a license until they sign in to Udemy Business. When users are provisioned through SCIM, and are not signed in for the first time, a No License status displays on the All-users page.

Enable SCIM provisioning in Udemy Business

Step 1: Generate Bearer Token

  1. Log in to Udemy Business.

  1. Navigate to Manage > Settings > Provisioning (SCIM) > select the Identity Provider and generate Bearer Token.

Step 2: Settings in the Provisioning page

  1. Open the Udemy Business application in CyberArk Identity User Portal.

  2. Go to the Provisioning page and select Enable provisioning for this application.

    1. Enter the following:

      • SCIM URL - Use this format https://<organization>.udemy.com/scim/v2/

      • Bearer Token - Use the token generated earlier

    2. Click Verify.

    3. In the Sync Options section, select the options shown in the image below.

    4. Add the required role mappings.

    5. If required, provide necessary mappings under the Provisioning Script Editor section

  1. Click Save. You can use the application for SCIM provisioning.

    When you make changes to the provisioning role mapping, CyberArk Identity synchronizes automatically. If required, you can also run a preview synchronization.

Test the Udemy Business SSO configuration

Now that you have finished configuring the application template settings in the Identity Administration portal and Udemy Business application, users can benefit from IdP-initiated and SP-initiated SSO.

To test IdP-initiated SSO:

  1. Sign in to CyberArk Identity using the non-administrative user account you just added.

  2. Click Udemy Business to launch it in a new tab and automatically sign in.

To test SP-initiated SSO:

  1. Go to your organization's Udemy Business SSO URL. For example: https://[your-subdomain].udemy.com.

  2. Click Continue with SSO connection. For example, Continue with CyberArk Identity. The IdP provider sign in page appears.

  3. After you successfully authenticate on the IdP, it redirects to Udemy Business.

Additional information

For additional resources, see the Udemy Business’s integration support documents at: