Udemy - SCIM Integration

MRP4ND4 · April 30, 2026, 8:46pm

Which IIQ version are you inquiring about?

8.4p2

Share all details about your problem, including any error messages you may have received.

I wanted to reach out to the community to see if anyone has integrated Udemy into IIQ via SCIM 2.0. Particularly, I’m interested to see if others have, what were the challenges and what were some of the customizations needed to make it function properly. I’ve been able to get it configured and pull in all the users. One thing that hasn’t worked is getting the licenseTypes and licensePools to come through on the user accounts. Also, trying to understand if it’s even possible to segrate license assignments based upon an attribute like an “employee type” via SCIM.

My current requirements are to essentially get Udemy integrated via SCIM 2.0

Should be able to add users via a joiner
Should be able to remove users via a leaver
Should be able to assign licenses to users upon login
Should only assign users to full time employee’s and not assign users if they’re a contractor.
Would like to pull in users defined within roles (can’t manage roles per the documentation).
Need the ability to assign specific licenses based upon a “group” - example a technology group would need to have the pro license since it gives extra capabilities.

Documentation:

https://business-support.udemy.com/hc/en-us/articles/8614173026967-Assigning-Removing-Udemy-Business-Pro-Licenses#h_01K07FZ7ABZRK08R5ZM7WY12E6

punna0001 · April 30, 2026, 11:26pm

I did some online research around this & found the following information, which should help narrow down the issue & answer most of your questions.

Main issue is not SCIM itself. Udemy stores licenseTypes & licensePoolName under the custom extension URN urn:ietf:params:scim:schemas:extension:udemy:2.0:User, and the IIQ SCIM 2.0 connector does not auto-surface custom extension attributes through Discover Schema. Aggregation and provisioning succeed but those fields stay empty until you map them manually.

Refs: SailPoint SCIM 2.0 Relax Configuration Udemy SCIM API – Managing Licenses

Add the attributes to the Account schema, then add this in the Application Debug page under jsonPathMapping:

<entry key="licenseTypes" value="$['urn:ietf:params:scim:schemas:extension:udemy:2.0:User']['licenseTypes']"/>
<entry key="licensePoolName" value="$['urn:ietf:params:scim:schemas:extension:udemy:2.0:User']['licensePoolName']"/>

Provisioning Policy must include the extension URN:

"schemas": [
  "urn:ietf:params:scim:schemas:core:2.0:User",
  "urn:ietf:params:scim:schemas:extension:udemy:2.0:User"
]

For your other requirements:

Joiner/Leaver: standard lifecycle provisioning. Leaver sends active:false, do not delete.

FTE only: handle through IIQ role assignment criteria (employeeType == "FTE"), not in connector logic.

Pro vs Standard: use licensePoolName. Create the pools in Udemy admin first, then map them via separate IIQ roles/access profiles. Pool name match is exact and case-insensitive, mismatch fails the request.

License activation on first login is native Udemy behavior, nothing to configure on the IIQ side.

Udemy admin/group-admin roles cannot be managed via SCIM. You can read groups from the user object and treat them as read-only entitlements.

Two things that will burn you:

licenseTypes is plural and expects an array of strings. licenseType or a single string fails validation.
Insufficient licenses returns a 4xx and the change is not applied. Make sure provisioning logs surface that.

Hope, this helps

MRP4ND4 · May 1, 2026, 2:52pm

Hey there, sorry for my ignorance. I haven’t had to do this before.

Within the provisioning policy, this is going to be in the “Create” under the “Object Type: Account”?

punna0001 · May 2, 2026, 2:31am

Yes, create policy under Object Type: Account is where the provisioning attributes get defined. But the schema URN itself is not a Provisioning Policy field. Three separate things here:

Provisioning Policy (Create, Object Type: Account):

Define licenseTypes and licensePoolName as fields. Field names are case sensitive. Source can be static, rule, or identity attribute. Make sure licenseTypes resolves to an array/list value (e.g., ["Pro"] or ["Enterprise"]), not a single string. licensePoolName is a single string & must exactly match a pool name already created in Udemy admin.
Account Schema:

Add licenseTypes (multi-valued, String) and licensePoolName (single-valued, String). Names must match the Provisioning Policy fields exactly.
Application Debug XML (jsonPathMapping):

This is where we tell the connector which JSON path in the SCIM payload these attributes belong to. Without this, even if the Provisioning Policy populates the values, the connector sends them at the root level and Udemy ignores them.

<entry key="licenseTypes" value="$['urn:ietf:params:scim:schemas:extension:udemy:2.0:User']['licenseTypes']"/>
<entry key="licensePoolName" value="$['urn:ietf:params:scim:schemas:extension:udemy:2.0:User']['licensePoolName']"/>

Per SailPoint SCIM 2.0 Relax Configuration: “If any new attribute must be added, then add it into the schema along with its JSON path in the jsonPathMapping attribute in the application.”

Order matters: schema first, then jsonPathMapping, then Provisioning Policy. If you build the policy before the schema knows about the attribute, the field may not render properly in the form builder.

Hope this helps.

neel193 · May 3, 2026, 7:15am

@MRP4ND4 Have you followed Udemy SCIM document: https://business-support.udemy.com/hc/en-us/articles/360047732153-Configure-SCIM-Provisioning-With-Udemy-s-SCIM-API? As per this licenseTypes & licensePoolName are available in User endpoint. Is it possible for you to share your app xml?

MRP4ND4 · May 4, 2026, 6:36pm

Alright, so I have every thing complete but the provisioning policy on the Account Object. I was able to get the licenses to come in as expected during an aggregation.

On the provisioning policy. There isn’t an option for “TYPE” to be an array/list

Would I need to keep it type string, then under Value settings check the dynamic check box and fort the value put something like [“Enterprise”]?

punna0001 · May 5, 2026, 3:03am

Got it. Keep Type as String. Multi-valued comes from the Account Schema (Multi-Valued = true), not the Provisioning Policy.

["Enterprise"] as a Dynamic value won’t work. IIQ sends it as a literal string "[\"Enterprise\"]", not an array. Udemy rejects it.

For licenseTypes, in Value Settings switch from Value to Script (uncheck Dynamic, no longer needed). Paste this:

import java.util.ArrayList;
import java.util.List;

List licenseTypes = new ArrayList();
licenseTypes.add("Enterprise");
return licenseTypes;

Returning a java.util.List is what tells the connector to serialize it as a JSON array.

For licensePoolName, keep it simple. Type = String, single-valued. Either set Value directly to the pool name (e.g., Tech-Pro) or use a Script returning a plain string based on identity attribute logic.

Confirm the schema side: licenseTypes Multi-Valued = true, licensePoolName Multi-Valued = false. Both sides have to match.

neel193 · May 5, 2026, 11:07am

@MRP4ND4 You also need to mark it as multi value in your form as well, otherwise your provisioning policy can only handle single value at a time, even though you marked it as multi value in schema.

MRP4ND4 · May 11, 2026, 6:44pm

Perfect, this is what I ended up doing. Now one last question. I’ve been finding that when I go to the schema page and under the Accounts I click “Preview”

I have quite a bit of blanks. But when I do an aggregation the data is showing on the accounts. Is there something I would’ve had to of done wrong for everything to show blank?

Also, thank you everyone for the help - you’ve made this a great learning experience and smooth for me. Still have a few things to work through on my end. But overall you’ve all been super helpful and i’m very grateful!

Cody

punna0001 · May 12, 2026, 2:13am

I checked the docs & see that this one is actually normal, you didn’t miss anything. Preview just grabs a small sample from /Users (basically the first page at whatever page size is set), so if those happen to be users without licenseTypes filled in, it’ll look blank. Aggregation goes through every page, which is why the real data shows up on the accounts (Application Schemas).

The other thing is Preview doesn’t dig into extension namespaces the same way aggregation does, so anything you mapped under urn:ietf:params:scim:schemas:extension:udemy:2.0:User through jsonPathMapping will often show blank in Preview even though it’s working fine.

If it bugs you, bumping the page size on the app config gives Preview a wider sample to pull from. Doesn’t change anything about aggregation.

MRP4ND4 · May 12, 2026, 1:56pm

Awesome! Thank you!!!

Topic		Replies	Views
SCIM 2.0 connector application attribute doubt IIQ Discussion and Questions workflows , identityiq , provisioning , attributes	3	97	November 4, 2025
How to Provision SCIM 2.0 attribute like Name, Emails, PhoneNumbers and userGroups IIQ Discussion and Questions scim-connector , identityiq , provisioning , connectors	10	304	September 21, 2025
SCIM 2.0 Connector Provisioning Account Issue ISC Discussion and Questions identity-security-cloud , provisioning	12	1206	April 3, 2024
Atlassian integration using SCIM IIQ Discussion and Questions scim-connector , identityiq , provisioning	2	53	May 26, 2025
SCIM 2.0 Connector :Preview:Error: class java.lang.String cannot be cast to class java.lang.Boolean (java.lang.String and java.lang.Boolean are in module java.base of loader 'bootstrap') IIQ Discussion and Questions scim-connector , identityiq , connectors , developer-days-2024-iiq	12	247	September 20, 2025

Udemy - SCIM Integration

Which IIQ version are you inquiring about?

Share all details about your problem, including any error messages you may have received.

Related topics