Introduction

The Extended enterprise feature allows you to customize the branding and functionality of your learning platform for different branches of your organization, providing tailored experiences for different types of users.

Main URL or main domain:

When you purchase your learning platform you are given a URL, such as https://academy70.docebosaas.com, through which users can access it. If desired you can use the custom domain feature to replace this URL with a more customized one such as https://learning.mycompany.net 

Whichever option you choose, this is generally referred to as your “main platform” or “root platform”. 

Users and branches:

When you configure the users of the platform, you will typically organize them into branches that reflect the divisions of your organization (such as Sales, Marketing, etc.) as described in the article Organizing users with branches. 

Appropriately allocating users into branches is important because in extended enterprise you can then create customized versions of your platform, each targeted at a specific branch.

Extended enterprise clients:

An extended enterprise “client” is a variant of your main platform, specifically customized for the needs of users belonging to a particular branch. 

→ Accordingly, the main elements of a client are its associated user branch (the users who can access it) and its URL (the web address that users type to access it) 

The URL of an extended enterprise client, and its associated organizational branch, are both set when you create or edit the client. For more information see the chapter Creating extended enterprise clients. 

Note: In the preceding image, the Domain name column shows the client’s URL, and the Node column shows its associated user branch. 

Subfolder or domain type URLs:

Each extended enterprise client has its own distinct URL, which is different from that of the main platform. 

• The client URLs can be formed as subfolders of the main URL, for example: https://academy70.docebosaas.com/sales
  https://learning.mycompany.net/sales

• Or you can use secondary domains to give them completely independent URLs, such as https://www.companysales.com, 

Tip:  Sometimes extended enterprise “clients” are also referred to as “domains”, even if they are of the subfolder type. 

Redirecting users when they access the wrong extended enterprise client:

Users can only access the extended enterprise clients associated with their branch. If they attempt to access the wrong client, you can display a page that redirects them to the correct client. See the chapter Configuring login redirects for extended enterprise.

Customizing your extended enterprise clients:

Once you have created a client for a particular user branch, you can create a customized learning experience for the users who log in to that client. 

• The aspects you can customize include: branding and look, language, catalogs, e-commerce, single sign-on, user settings, self-registration, and more. 

These elements are covered in detail in the rest of this article. For a starting point see the chapter Customizing an extended enterprise client. 

Prerequisites

To activate this app, please contact your Account Manager (if your plan includes this option).

Creating extended enterprise clients

When you create an extended enterprise client, you must first of all assign a Name to the client. This is only for reference within the configuration page and will not be visible to users. 

Next you will need to define a distinct URL through which that client will be accessed. This can be:

A subfolder of your main platform URL: 

For example, academy70.docebosaas.com/foldername or, if you have a custom domain configured for your platform, <mycustomdomain.com>/foldername

• If you choose this option, you can simply enter the desired folder name when creating or editing the client. Remember that the folder name you choose will become part of the URL for accessing the platform. 

A separate domain name:

Instead of a subfolder, you can also associate a dedicated domain name to the client. This can be a subdomain of your main custom domain, if you have one, but it can also be an entirely independent domain name. 

In practice, this option makes it possible to assign additional domain names to the same Docebo installation.

• To be able to do this you must first have configured the domain name you plan to use as instructed in the article Configuring secondary domains.

Please note: Subfolder-type Extended Enterprise clients can only be created under the platform root domain (either the standard docebosaas.com domain or the platform's main custom domain, if configured). It is not possible to create subfolder clients under another Extended Enterprise domain.

To create an extended enterprise client, select Admin menu > Extended enterprise > Manage, and click the New client button at the top of the page. 

In the window that opens assign a Name to the client, for reference purposes. Then choose whether you want to create a subfolder-type or domain-type client: 

• Subfolder: With this option, you can directly enter the subfolder name. This  will be appended to your platform URL to compose the URL of the client. For example mycompany.docebosaas.com/foldername. 
  Please note that some subfolder names are not allowed. Refer to the chapter Subfolder name restrictions for extended enterprise clients.
• New domain: With this option, you can select from the drop-down list any of the available secondary domains configured in domain management.

Press Next to proceed. 

Now select the organizational branch to associate with this extended enterprise client. Users belonging to the selected branch will be able to log in to the client using its distinct URL, and have the customized experience (logo, homepage image, and course player) that you configure for their platform.  

Please note that:

• You can associate only one extended enterprise client to any given branch of your platform.
• If you attempt to select a branch that is already associated with another extended enterprise client, you will receive an error message. 

Tip: If you have more than 1000 branches in your platform, to make it easier and faster to select branches, you will see a text input field to type in branch names rather than a list of branches to select.

If your organizational chart has nested branches, for example Docebo/Marketing and Docebo/Marketing/Emea, you can associate an extended enterprise client to the parent branch and another extended enterprise client to the child branch.  However, be aware that: 

• The members of the child branch (Marketing/Emea) are also technically members of the parent branch (Marketing), and so will be able to access both clients
• In some cases the links in notifications addressed to child branch members, such as {{course_link}}, may contain the base URL of the parent branch. See the article Shortcodes in notifications.

Configuring login redirects for extended enterprise

This is a global setting that applies to all your extended enterprise clients. It defines what happens when users attempt to log in to the wrong URL, meaning an extended enterprise client not associated with their branch: 

• You can either show the user a standard login error, or a page that redirects them to the correct platform URLs.

To access this option, select Admin menu > EXTENDED ENTERPRISE > Settings.

If you select the check box Enable extended enterprise login restriction when users attempt to log in to the wrong client URL, they will receive a standard “Sign in not possible, wrong credentials” error message, without any information about why the login failed.

If you deselect this check box, when users attempt to log in to the wrong client URL, they will be shown a Select multidomain page listing the platform URLs that they are allowed to access. Clicking one of the options will redirect the user there. 

Note that this list will always include the main platform URL, because every user is a member of the root branch. Additionally, if the user is a member of a sub-branch (such as Marketing/Writers, they will be able to access the client associated with the parent branch (Marketing) as well as the client associated with their own sub-branch (Marketing/Writers).

 Please note: If a user is already logged in to the platform, and they attempt to access a different client (not associated with their branch), for example by editing the URL in the browser address bar, they will always be shown the Select multidomains page, irrespective of the Enable extended enterprise login restriction option.

Note also that the setting does not apply to Superadmins, who can always log in to any extended enterprise client. 

Customizing an extended enterprise client

Once you have created an extended enterprise client, you can begin to customize the learning experience on that client. 

To do this, select Admin menu > EXTENDED ENTERPRISE > Manage. This will display the list of extended enterprise clients. 

Select the gear icon on the row of the client that you want to customize. This will open the configuration page for that extended enterprise client. Here, you will see a vertical list of settings on the left-hand side. 

• If you want to customize any particular area, select it in the left-hand navigation (for example, White label), and then in the right-hand panel select the check box Enable custom settings for this client. This will enable all the fields pertaining to that area, allowing you to define options that are different from those on the main platform. 
• If at any time you deselect the Enable custom settings for this client check box, then all the settings for that particular area will revert to those of the main platform. 

Tip: By default, when you create an extended enterprise client, it inherits all its settings from the main platform. This means that for every item in the left-hand navigation, the check box Enable custom settings for this client is initially deselected.

  

Refer to the rest of this article for details about customizing each setting. 

Managing the client branding and look

To manage the client settings and preferences, find the client in the list of clients on the bottom half of the main Extended Enterprise page, then click on the gears icon in the client's row. At the top of the client's settings page, click the Configure branding and look button to access the corresponding menu for the selected client and to configure its look and feel.

The Configure Branding and Look page will open in a new tab, so make sure your browser is configured to allow Docebo to open new tabs. Configure the branding and look as described in the dedicated article of the Knowledge Base, and press Save changes to confirm the update and close the tab, going back to the client settings page.

Click on the pen and paper icon next to the Configure Branding and Look button to change the client name and the client type.

Docebo White label tab

For those using Docebo's White label, you can apply White Label settings to specific Extended Enterprise clients, or adjust various parts of the theme in this tab. Please note that the options in this tab change depending on which theme you've selected for the client, so you should refer to the corresponding articles linked in this section for more information about the options in this area.

HTTPS tab

If you have activated the HTTPS app, you can upload and install your SSL certificate for each domain configured via this app. When finished, press Save.

Course catalog tab

In this tab, you can apply specific settings related to internal or external course catalogs. To enable the customization of this area, select the option Enable custom settings for this client, otherwise, users assigned to this folder will see the standard course catalog settings.

You can now take advantage of the following options:

• Catalog options: Select whether to use a category tree for the catalog, as well as show the catalog to non-authenticated users. When activating this option, remember that courses and training materials reside at a global level. Subsequently, the categories used to organize them are also at the global level, but they can be assigned to catalogs across the domains.
• Public catalog: Use this option to make the public courses and learning plans visible to the non-authenticated users of the client, or restrict their visibility to a selection of catalogs.
• Show "Share this view" button: Define whether to enable the Share this view button in the top right corner of domain internal and external catalogs and the Course catalogs tab of the domain Global search results page so that users can use it to copy the page link on their clipboard to share the filtered results of their search within the catalog with other users. Refer to the Advanced filtering article for further information on sharing filtered page deeplinks. This option activates the Share this view button on the catalog page; if the catalog is displayed in a Catalog Widget, activate the button in the pages including the widget. Further information on widget pages.
• Quick enrollment:  Activate this option to streamline the enrollment process for e-learning courses, making it quicker for learners to start playing them with fewer clicks. When this option is enabled, the course details page is not displayed and learners will directly land on the course player page after self-enrolling in free e-learning courses from catalogs and channels unless enrollment additional fields are required or the administrator has to approve their enrollment. In addition, both for free and paid courses, the Enrollment successful as well as the Enrollment in waiting list pop-ups are not displayed as an intermediate step of the enrollment procedure. Learners can still view the course details page for free e-learning courses by clicking on View course details on the course card in catalogs and channels before they enroll. You can manage this option at course level from the course Properties tab, Enrollment options section for free courses. The quick enrollment is not available when:
  • the course enrollment policy is set to Only administrators can enroll learners in the course properties > Catalog options tab.
  • The course maximum enrollment quota is reached, even if the waiting list is active.
  • Learners are required to fill in enrollment additional fields.

Press Save changes when finished.

E-commerce tab

This tab allows you to apply specific E-commerce settings (currencies, training credits, account, payment gateways and wire transfer options) for the selected client. To enable the customization of this area, select the option Enable custom settings for this client. Then you can configure all the options relating to currencies and payment methods for this client.  

Please note: If Enable custom settings for this client is deselected, then all the e-commerce settings will be the same as those set for the main domain.

Press Save changes when finished.

Self registration tab

In this tab, you can apply a specific registration type to users in this domain. Begin by selecting the option to enable custom settings for the client. Then, select whether you want to allow quick registration for these learners when they register into the platform.

Next, select whether these users can have free self-registration, moderated self-registration, or only-by-administrator registration. Learn more about the different registration types.

You can also select the option to not send the confirmation email to users upon self-registration if you've allowed free or moderated self-registration, but please note that selecting this option means that you will have to manually send users their credentials.

Next, you can restrict user registration into the platform to a specific email domain, so users registering themselves using an email with a different domain will be automatically rejected. Define the domains that are allowed by inserting the list of domains in the Restrict Domains field.

Please note: This feature only works with the self-registration and the moderated registration policies.

Press Save changes when finished.

Auth0 settings tab

In this tab, you can activate Auth0 for this specific client. With this integration, you can allow users to log into their Docebo platforms using credentials from an active session of other web platforms. Find out more about the integration with Auth0.

LDAP app settings tab

If you have activated the LDAP app, you can assign a specific LDAP configuration to each domain you have in your Extended Enterprise platform. Users who access the platform from different URLs will be able to authenticate their credentials through different LDAP systems. Find out more about the integration with LDAP. When finished, press Save changes.

OpenID Connect settings tab

If you have activated the OpenID Connect app, you can assign a specific OpenID Connect configuration to each domain you have in your Extended Enterprise platform. Find out more about the integration with OpenID Connect. When finished, press Save changes.

SAML 2.0 settings tab

SAML 2.0 allows users to use SAML to sign in between their active directory and the platform for each Extended Enterprise client. Activating this app allows your users to log in to their computer and, with an active session, also sign into the Docebo platform, using the domain assigned to each one by the Extended Enterprise app.

Learn more about the settings in this tab. Press Save changes when finished.

Please note: In a multi-domain scenario where different instances are leveraging different SSO protocols, either Auth0, LDAP, OpenID Connect or SAML can be configured at the domain level. However, if the API and SSO app is being leveraged at the root level to include the Force External SSO option, it will supersede the multi-domain SSO settings and thus apply to the entire domain. This is likely to affect a use case where you wish to set up a service-provider-initiated SSO on a multi-domain.

Language settings tab

Use this tab to manage the active set of languages and assign a default language for the clients of your Extended Enterprise. To edit the languages, select the option to Enable custom settings for this client. The language list below will no longer be greyed out.

In the last column for each row, you will see a checkmark to activate or deactivate a language. Simply click the checkmark to do so. A green checkmark means the language is active, and a grey checkmark means the language is not active.

In the Default column, you can click on a flag in a language’s row to make the flag green, thus setting it as the default language for that client.

Subscription settings tab

For those using the subscriptions module in Docebo, you can apply specific settings to a client of your Extended Enterprise, overriding any global settings that you configured for the module. Simply select the option at the top of the tab to enable custom settings for the client, then select any of the subscription options that you want to apply. Learn more about subscriptions. When finished, press Save changes.

User options tab

In this tab, you can manage various options for the selected client that apply to the user creation or to the login procedure.

Begin by activating the option to enable custom settings for the client. You can now take advantage of the following options:

Auto-calculate password

Use the Automatically calculate password option to enable the platform to automatically generate a password for users, upon creation. Further information on the platform password management policy.

Change password

Enable the Prevent users from changing their password option to prevent users from seeing the Change Password tab in the My Profile area (on desktop and mobile ), in the My profile widget as well in the password reset option in the login form. This option applies to both the desktop and mobile versions of the platform. This option is enabled by default when the Show only SSO buttons and hide login form toggle is enabled in the configure Branding and look menu of your platform so that users logging into the platform with the Single Sign On do not have the option to change their password in the platform and will keep the one set in the Identity Provider. The configuration of this option does not affect Superadmins.

Hide My profile and Preferences sections

Use the Hide the Personal info tab except for the avatar image in the My profile area for all users option to hide all of the fields of the Personal Info tab, except for the avatar image in the My profile area for all users.

Use the Hide the Preferences tab in the My profile area for users and Power Users option to hide the Preferences tab in the My profile area for users and Power Users. The tab will still be visible for Superadmins.

Use email as username

Use the Use Email as Username option to use email addresses as usernames. When enabling this option, make sure that your users are associated with valid email addresses. Please note that:

• the email address used as the username is the one associated to the user in the Users menu of your platform. If users update their email address in their personal area, their username is not updated to reflect the new email address, while when the Superadmin or the Power User (with granted permissions) updates the user email address in the Users menu, they can also decide to update the username.
• when creating or updating users via API or through SSO (Single Sign-On) provisioning, you must provide values both for the email and for the username, even when this option is enabled.

Login

Enable the Enable "Remember me" functionality option to show the Remember me option in the login page (both on desktop and on mobile). When users select the option, the platform will no longer ask them to enter their username and password to log in, but will automatically log them in upon connection.

Platform language selection

Enable the Make the language selected during the pre-login mandatory steps as the user’s default language option to set the language preferences selected by users during the pre-login phase to read and give consent to the conditions of use as their preferred language. When this option is enabled, it’s highly suggested to keep the Hide the Preferences tab in the My Profile area for users and Power Users option disabled so that users can see the Preferences tab in the My Profile area. Usage Tip: When activating this option, create a shortcut to the My Profile / Preferences tab to make it easier for learners to manage their language preferences (for example, use the Custom content box widget embedding the URL of the My Profile page).

Privacy Policy tab

Whether you have activated the privacy policy globally from your main domain or not, you can locally activate or deactivate the privacy policy for a subdomain in the Extended Enterprise settings. Remember that local settings take priority over the global configuration for the privacy policy, so any settings that you configure for that subdomain will always override any global privacy policy settings that you’ve configured.

In the Privacy Policy tab, select the option in the first section to Enable custom settings for this client. Now, you will see that the Privacy Policy section is no longer greyed out. Depending on how you’ve set the global settings for all domains, you can select the option to not require a policy signature for users in this subdomain (meaning that these users will not have to accept a privacy policy before accessing their platforms), or you can select the Assign a policy option.

If you select the second option, use the Select a policy dropdown menu to assign a privacy policy for this domain of your Extended Enterprise. Alternatively, you can assign a privacy policy to this subdomain from the Privacy Policy management area of your platform. The assigned policy will be reflected in the interface of the Privacy Policy tab in the subdomain’s settings. Likewise, if you assign a policy to the client in the settings area for the subdomain, it will be reflected in the interface of the Privacy Policy management area of your platform. Press Save changes once finished.

Upon assigning a privacy policy to a subdomain, all users in that subdomain must accept that privacy policy upon their next log into the platform. Learn more about managing your privacy policy.

Terms and Conditions tab

Whether you have activated the terms and conditions globally from your main domain or not, you can locally activate or deactivate terms and conditions for a subdomain in the Extended Enterprise settings. Remember that local settings take priority over the global configuration for the terms and conditions, so any settings that you configure for that subdomain will always override any global terms and conditions settings that you’ve configured.

In the Terms & Conditions tab, select the option in the first section to Enable custom settings for this client. Now, you will see that the Terms & Conditions section is no longer greyed out. Depending on how you’ve set the global settings for all domains, you can select the option to not require a policy signature for users in this subdomain (meaning that these users will not have to accept a privacy policy before accessing their platforms), or you can select the Assign a Terms and Conditions record option.

If you select the second option, use the dropdown menu to assign terms and conditions for this domain of your Extended Enterprise. Alternatively, you can assign terms and conditions to this subdomain from the Terms and Conditions management area of your platform. The assigned terms and conditions will be reflected in the interface of the Terms & Conditions tab in the subdomain’s settings. Likewise, if you assign terms and conditions to the client in the settings area for the subdomain, it will be reflected in the interface of the Terms & Conditions management area of your platform. Press Save changes once finished.

Upon assigning terms & conditions to a subdomain, all users in that subdomain must accept those terms & conditions upon their next log into the platform. Learn more about terms and conditions.

Advanced tab

In this tab, you can select whether to activate the "send notification" option when Admins create new users. Upon creating the new user, the User has been created (by administrator) will be sent to the email address that you added for the user.

Please note: The User has been created (by administrator) notification must already be configured and activated using the Notifications app if you want to use this feature.

When finished, press Save changes.

Teams and managers tab

For those using the My team functionality in Docebo, you can apply specific settings to a client of your Extended Enterprise, overriding any global settings you have configured. Simply select the option at the top of the tab to enable custom settings for the client, then configure the available options according to your needs. Further information on My team.

Global search tab

Use this tab to customize the visibility of the global search tab overriding any global settings configured in the platform Advanced settings.

Use the checkboxes next to the tab name to enable or disable the tab's visibility and set the sorting order of the tabs by dragging and dropping them in the list.

Remember that:

• You must select at least one tab.
• For the All results tab to be shown, you have to make at least another tab visible.
• When a tab is not visible, the platform will not search for the type of content related to the hidden tab. If, for example, the Assets tab is hidden, when an asset matches the searched terms, the asset will not be shown in the All results tab, if enabled.

Best practices

The Extended Enterprise app is recommended in the following use cases:

Internal

You have business units in your company and you want to separate for users the login page to the platform (e. g. with their own language and look & feel). You need to delegate to some power users limited control over specific users.

External

You sell courses to your clients and you want to provide them separated login page, domain and look & feel.

Internal/External

A combination of the previous ones.

The Extended Enterprise app does not work in case you want to partition the platform in instances and allocate an independent Superadmin per branch. The Superadmin always has visibility over the whole platform configuration, content and users.

Please note: As of February 10, 2022, for security reasons text field input validation has been modified to enhance the security in the Extended Enterprise app and no longer accepts certain characters for input in text fields. Please see the complete list of special characters for more information.

Subfolder name restrictions for extended enterprise clients

When creating subfolders for Extended Enterprise clients, you cannot create subfolders that start with or are labeled exactly as the following words:

• addons
• admin
• analytics
• analytics/v1
• api
• app7020
• assets
• audiences
• audiences/v1
• audittrail
• audittrail/v1
• authoring
• bamboohr
• bamboohr/v1
• check_*.php
• common
• community
• cookiebaker
• course
• course/v1
• custom_plugins
• db
• dcd
• debug
• demo
• demo/v1
• doceboCore
• doceboLms
• doceboScs
• docs
• docs/v1
• documentation
• domains
• ecommerce
• ecommerce/v1
• erp
• erp/v1
• files
• gapps
• hybridauth
• hydra-assets
• i.php
• i18n
• images
• impact
• impact/v1
• index.php
• insights
• ipaas
• ipaas/v1
• learn
• learn/v1
• learningplan
• learningplan/v1
• legacy
• lib
• lms
• loki
• manage
• manage/v1
• marketplace
• marketplace/v1
• media
• mobile
• moxiemanager
• notifications
• notifications/v1
• oauth2
• offline.php
• otj
• otj/v1
• pages
• pages/v1
• pens
• plugins
• poweruser
• poweruser/v1
• public
• report
• report/v1
• salesforce
• salesforce/v1
• scormcmd
• server-status
• setup
• setup/v1
• share
• share/v1
• simplesaml
• skill
• skill/v1
• sso
• tcapi
• templates
• themes
• tmrepo
• tmrepo/v1
• tos
• trms
• trms/v1
• unauthorized
• webapp
• widget
• yii