Please note: In order to improve the security of your platform, as of November 1, 2021, Docebo has discontinued the support of second-level domains.
Introduction
Docebo's Extended Enterprise app is a useful tool that allows you to rebrand your platform to show customized branding elements for each organizational chart node.
To activate this app, please contact your Account Manager (if your plan includes this option).
Please note: Docebo does not provide support for non standard DNS configurations, like those using Cloudflare.
Want to learn more about the Extended Enterprise? Have a look at the dedicated course, Taking Learning Beyond Your Organization with Extended Enterprise (opens in a new tab), on Docebo U!
Use case scenario
The Extended Enterprise app can serve different scenarios, one of which is self-registration. For example, the branch that is assigned to an Extended Enterprise has sub-branches nested under it. Users can self-register and when doing so, they need to select the sub-branch they are associated with and be placed into that sub-branch rather than the Extended Enterprise branch. Users will be required to enter a branch code or to choose a branch from a dropdown of available branches to identify their branch placement.
Configuring global settings for your Extended Enterprise
Start your configuration by managing the global settings of the app. Log into your platform as the Superadmin, then select the gear icon from the top right corner of the page to access the Admin menu. Find the Extended Enterprise section, then press the Settings subitem.
On the Settings page, select the option to enable login restrictions for the users of your Extended Enterprise. This option can only be selected globally (for all of the Extended Enterprise clients), it is not possible to set this restriction at domain level.
When this option is enabled, users will be able to log in only to the domain they belong to. If a user attempts to access an Extended Enterprise platform to which he or she is not assigned, he or she will receive an error message and will not be allowed to log in.
When this option is NOT enabled as well as when already logged in to a domain, if users attempt to access a domain of the Extended Enterprise to which they are not assigned, a domain selection page will be displayed for the selection of a domain to which they have access. The page lists all of the platforms that the user has permission to access so that he or she just needs to click on the platform’s name and log into that platform.
Superadmins are always allowed to access any Extended Enterprise platform, so the domain selection page will not be displayed to them when logging into the platform.
Please note that all users are allowed to access the main domain, as every user is associated with the root branch.
Creating clients for your Extended Enterprise
When you create an extended enterprise client, you must first of all assign a Name to the client. This is only for reference within the configuration page and will not be visible to users.
Next you will need to define a distinct URL through which that client will be accessed. This can be:
A subfolder of your main platform URL:
For example, academy70.docebosaas.com/foldername
or, if you have a custom domain configured for your platform, <mycustomdomain.com>/foldername
- If you choose this option, you can simply enter the desired folder name when creating or editing the client. Remember that the folder name you choose will become part of the URL for accessing the platform.
A separate domain name:
Instead of a subfolder, you can also associate a dedicated domain name to the client. This can be a subdomain of your main custom domain, if you have one, but it can also be an entirely independent domain name.
In practice, this option makes it possible to assign additional domain names to the same Docebo installation.
- To be able to do this you must first have configured the domain name you plan to use as instructed in the article Configuring secondary domains.
Please note: Subfolder-type Extended Enterprise clients can only be created under the platform root domain (either the standard docebosaas.com
domain or the platform's main custom domain, if configured). It is not possible to create subfolder clients under another Extended Enterprise domain.
To create an extended enterprise client, select Admin menu > Extended enterprise > Manage, and click the New client button at the top of the page.
In the window that opens assign a Name to the client, for reference purposes. Then choose whether you want to create a subfolder-type or domain-type client:
-
Subfolder: With this option, you can directly enter the subfolder name. This will be appended to your platform URL to compose the URL of the client. For example
mycompany.docebosaas.com/foldername
. - New domain: With this option, you can select from the drop-down list any of the available secondary domains configured in domain management.
Press Next to proceed.
Now select the organizational branch to associate with this extended enterprise client. Users belonging to the selected branch will be able to log in to the client using its distinct URL, and have the customized experience (logo, homepage image, and course player) that you configure for their platform.
Please note that:
- You can associate only one extended enterprise client to any given branch of your platform.
- If you attempt to select a branch that is already associated with another extended enterprise client, you will receive an error message.
Tip: If you have more than 1000 branches in your platform, to make it easier and faster to select branches, you will see a text input field to type in branch names rather than a list of branches to select
If your organizational chart has nested branches, for example Docebo/Marketing and Docebo/Marketing/Emea, you can associate an extended enterprise client to the parent branch and another extended enterprise client to the child branch. However, be aware that:
- The members of the child branch (Marketing/Emea) are also technically members of the parent branch (Marketing), and so will be able to access both clients
- In some cases the links in notifications addressed to child branch members, such as
{{course_link}}
, may contain the base URL of the parent branch. See the article Shortcodes in notifications.
Managing the client branding and look
To manage the client settings and preferences, find the client in the list of clients on the bottom half of the main Extended Enterprise page, then click on the gears icon in the client's row. At the top of the client's settings page, click the Configure branding and look button to access the corresponding menu for the selected client and to configure its look and feel.
The Configure Branding and Look page will open in a new tab, so make sure your browser is configured to allow Docebo to open new tabs. Configure the branding and look as described in the dedicated article of the Knowledge Base, and press Save changes to confirm the update and close the tab, going back to the client settings page.
Click on the pen and paper icon next to the Configure Branding and Look button to change the client name and the client type.
Docebo White label tab
For those using Docebo's White label, you can apply White Label settings to specific Extended Enterprise clients, or adjust various parts of the theme in this tab. Please note that the options in this tab change depending on which theme you've selected for the client, so you should refer to the corresponding articles linked in this section for more information about the options in this area.
HTTPS tab
Disclaimer: With the introduction of the Domain Management feature, the HTTPS app is no longer used for activating HTTPS on your platform. Please see Domain Management for more information.
If Domain management is activated on your platform then, instead of the configuration settings for HTTPS, the HTTPS tab in the platform Advanced settings shows a message and a link to redirect to Domain Management, with all other functionality removed.
If you have activated the HTTPS app, you can upload and install your SSL certificate for each domain configured via this app. When finished, press Save.
Course catalog tab
In this tab, you can apply specific settings related to internal or external course catalogs. To enable the customization of this area, select the option Enable custom settings for this client, otherwise, users assigned to this folder will see the standard course catalog settings.
You can now take advantage of the following options:
- Catalog options: Select whether to use a category tree for the catalog, as well as show the catalog to non-authenticated users. When activating this option, remember that courses and training materials reside at a global level. Subsequently, the categories used to organize them are also at the global level, but they can be assigned to catalogs across the domains.
- Public catalog: Use this option to make the public courses and learning plans visible to the non-authenticated users of the client, or restrict their visibility to a selection of catalogs.
- Show "Share this view" button: Define whether to enable the Share this view button in the top right corner of domain internal and external catalogs and the Course catalogs tab of the domain Global search results page so that users can use it to copy the page link on their clipboard to share the filtered results of their search within the catalog with other users. Refer to the Advanced filtering article for further information on sharing filtered page deeplinks. This option activates the Share this view button on the catalog page; if the catalog is displayed in a Catalog Widget, activate the button in the pages including the widget. Further information on widget pages.
-
Quick enrollment: Activate this option to streamline the enrollment process for e-learning courses, making it quicker for learners to start playing them with fewer clicks. When this option is enabled, the course details page is not displayed and learners will directly land on the course player page after self-enrolling in free e-learning courses from catalogs and channels unless enrollment additional fields are required or the administrator has to approve their enrollment. In addition, both for free and paid courses, the Enrollment successful pop-up is not displayed as an intermediate step of the enrollment procedure. If you are using the new course page, the Enrollment in waiting list done pop-up is also not displayed. Learners can still view the course details page for free e-learning courses by clicking on View course details on the course card in catalogs and channels before they enroll. You can manage this option at course level from the course Properties tab, Enrollment options section for free courses. The quick enrollment is not available when:
- the course enrollment policy is set to Only Admins can enroll learners in the course properties > Catalog options tab.
- The course maximum enrollment quota is reached, even if the waiting list is active.
- Learners are required to fill in enrollment additional fields.
Press Save changes when finished.
E-commerce tab
This tab allows you to apply specific E-commerce settings (currencies, training credits, account, payment gateways and wire transfer options) for the selected client. To enable the customization of this area, select the option Enable custom settings for this client. Then you can configure all the options relating to currencies and payment methods for this client.
Press Save changes when finished.
Self registration tab
In this tab, you can apply a specific registration type to users in this domain. Begin by selecting the option to enable custom settings for the client. Then, select whether you want to allow quick registration for these learners when they register into the platform.
Next, select whether these users can have free self-registration, moderated self-registration, or only-by-administrator registration. Learn more about the different registration types.
You can also select the option to not send the confirmation email to users upon self-registration if you've allowed free or moderated self-registration, but please note that selecting this option means that you will have to manually send users their credentials.
Next, you can restrict user registration into the platform to a specific email domain, so users registering themselves using an email with a different domain will be automatically rejected. Define the domains that are allowed by inserting the list of domains in the Restrict Domains field.
Please note: This feature only works with the self-registration and the moderated registration policies.
Press Save changes when finished.
Auth0 settings tab
In this tab, you can activate Auth0 for this specific client. With this integration, you can allow users to log into their Docebo platforms using credentials from an active session of other web platforms. Find out more about the integration with Auth0.
LDAP app settings tab
If you have activated the LDAP app, you can assign a specific LDAP configuration to each domain you have in your Extended Enterprise platform. Users who access the platform from different URLs will be able to authenticate their credentials through different LDAP systems. Find out more about the integration with LDAP. When finished, press Save changes.
OpenID Connect settings tab
If you have activated the OpenID Connect app, you can assign a specific OpenID Connect configuration to each domain you have in your Extended Enterprise platform. Find out more about the integration with OpenID Connect. When finished, press Save changes.
SAML 2.0 settings tab
SAML 2.0 allows users to use SAML to sign in between their active directory and the platform for each Extended Enterprise client. Activating this app allows your users to log in to their computer and, with an active session, also sign into the Docebo platform, using the domain assigned to each one by the Extended Enterprise app.
Learn more about the settings in this tab. Press Save changes when finished.
Please note: In a multi-domain scenario where different instances are leveraging different SSO protocols, either Auth0, LDAP, OpenID Connect or SAML can be configured at the domain level. However, if the API and SSO app is being leveraged at the root level to include the Force External SSO option, it will supersede the multi-domain SSO settings and thus apply to the entire domain. This is likely to affect a use case where you wish to set up a service-provider-initiated SSO on a multi-domain.
Language settings tab
Use this tab to manage the active set of languages and assign a default language for the clients of your Extended Enterprise. To edit the languages, select the option to Enable custom settings for this client. The language list below will no longer be greyed out.
In the last column for each row, you will see a checkmark to activate or deactivate a language. Simply click the checkmark to do so. A green checkmark means the language is active, and a grey checkmark means the language is not active.
In the Default column, you can click on a flag in a language’s row to make the flag green, thus setting it as the default language for that client.
Subscription settings tab
For those using the subscriptions module in Docebo, you can apply specific settings to a client of your Extended Enterprise, overriding any global settings that you configured for the module. Simply select the option at the top of the tab to enable custom settings for the client, then select any of the subscription options that you want to apply. Learn more about subscriptions. When finished, press Save changes.
User options tab
In this tab, you can manage various options for the selected client that apply to the user creation or to the login procedure.
Begin by activating the option to enable custom settings for the client. You can now take advantage of the following options:
- Auto-calculate password
- Use the Automatically calculate password option to enable the platform to automatically generate a password for users, upon creation. Further information on the platform password management policy.
- Change password
- Enable the Prevent users from changing their password option to prevent users from seeing the Change Password tab in the My Profile area (on desktop and mobile ), in the My profile widget as well in the password reset option in the login form. This option applies to both the desktop and mobile versions of the platform. This option is enabled by default when the Show only SSO buttons and hide login form toggle is enabled in the configure Branding and look menu of your platform so that users logging into the platform with the Single Sign On do not have the option to change their password in the platform and will keep the one set in the Identity Provider. The configuration of this option does not affect Superadmins.
- Hide My profile and Preferences sections
- Use the Hide the Personal info tab except for the avatar image in the My profile area for all users option to hide all of the fields of the Personal Info tab, except for the avatar image in the My profile area for all users.
- Use the Hide the Preferences tab in the My profile area for users and Power Users option to hide the Preferences tab in the My profile area for users and Power Users. The tab will still be visible for Superadmins.
- Use email as username
- Use the Use Email as Username option to use email addresses as usernames. When enabling this option, make sure that your users are associated with valid email addresses. Please note that:
- the email address used as the username is the one associated to the user in the Users menu of your platform. If users update their email address in their personal area, their username is not updated to reflect the new email address, while when the Superadmin or the Power User (with granted permissions) updates the user email address in the Users menu, they can also decide to update the username.
- when creating or updating users via API or through SSO (Single Sign-On) provisioning, you must provide values both for the email and for the username, even when this option is enabled.
- Login
- Enable the Enable "Remember me" functionality option to show the Remember me option in the login page (both on desktop and on mobile). When users select the option, the platform will no longer ask them to enter their username and password to log in, but will automatically log them in upon connection.
- Platform language selection
- Enable the Make the language selected during the pre-login mandatory steps as the user’s default language option to set the language preferences selected by users during the pre-login phase to read and give consent to the conditions of use as their preferred language. When this option is enabled, it’s highly suggested to keep the Hide the Preferences tab in the My Profile area for users and Power Users option disabled so that users can see the Preferences tab in the My Profile area. Usage Tip: When activating this option, create a shortcut to the My Profile / Preferences tab to make it easier for learners to manage their language preferences (for example, use the Custom content box widget embedding the URL of the My Profile page).
Privacy Policy tab
Whether you have activated the privacy policy globally from your main domain or not, you can locally activate or deactivate the privacy policy for a subdomain in the Extended Enterprise settings. Remember that local settings take priority over the global configuration for the privacy policy, so any settings that you configure for that subdomain will always override any global privacy policy settings that you’ve configured.
In the Privacy Policy tab, select the option in the first section to Enable custom settings for this client. Now, you will see that the Privacy Policy section is no longer greyed out. Depending on how you’ve set the global settings for all domains, you can select the option to not require a policy signature for users in this subdomain (meaning that these users will not have to accept a privacy policy before accessing their platforms), or you can select the Assign a policy option.
If you select the second option, use the Select a policy dropdown menu to assign a privacy policy for this domain of your Extended Enterprise. Alternatively, you can assign a privacy policy to this subdomain from the Privacy Policy management area of your platform. The assigned policy will be reflected in the interface of the Privacy Policy tab in the subdomain’s settings. Likewise, if you assign a policy to the client in the settings area for the subdomain, it will be reflected in the interface of the Privacy Policy management area of your platform. Press Save changes once finished.
Upon assigning a privacy policy to a subdomain, all users in that subdomain must accept that privacy policy upon their next log into the platform. Learn more about managing your privacy policy.
Terms and Conditions tab
Whether you have activated the terms and conditions globally from your main domain or not, you can locally activate or deactivate terms and conditions for a subdomain in the Extended Enterprise settings. Remember that local settings take priority over the global configuration for the terms and conditions, so any settings that you configure for that subdomain will always override any global terms and conditions settings that you’ve configured.
In the Terms & Conditions tab, select the option in the first section to Enable custom settings for this client. Now, you will see that the Terms & Conditions section is no longer greyed out. Depending on how you’ve set the global settings for all domains, you can select the option to not require a policy signature for users in this subdomain (meaning that these users will not have to accept a privacy policy before accessing their platforms), or you can select the Assign a Terms and Conditions record option.
If you select the second option, use the dropdown menu to assign terms and conditions for this domain of your Extended Enterprise. Alternatively, you can assign terms and conditions to this subdomain from the Terms and Conditions management area of your platform. The assigned terms and conditions will be reflected in the interface of the Terms & Conditions tab in the subdomain’s settings. Likewise, if you assign terms and conditions to the client in the settings area for the subdomain, it will be reflected in the interface of the Terms & Conditions management area of your platform. Press Save changes once finished.
Upon assigning terms & conditions to a subdomain, all users in that subdomain must accept those terms & conditions upon their next log into the platform. Learn more about terms and conditions.
Advanced tab
In this tab, you can select whether to activate the "send notification" option when Admins create new users. Upon creating the new user, the User has been created (by administrator) will be sent to the email address that you added for the user.
Please note: The User has been created (by administrator) notification must already be configured and activated using the Notifications app if you want to use this feature.
When finished, press Save changes.
Teams and managers tab
For those using the My team functionality in Docebo, you can apply specific settings to a client of your Extended Enterprise, overriding any global settings you have configured. Simply select the option at the top of the tab to enable custom settings for the client, then configure the available options according to your needs. Further information on My team.
Global search tab
Use this tab to customize the visibility of the global search tab overriding any global settings configured in the platform Advanced settings.
Use the checkboxes next to the tab name to enable or disable the tab's visibility and set the sorting order of the tabs by dragging and dropping them in the list.
Remember that:
- You must select at least one tab.
- For the All results tab to be shown, you have to make at least another tab visible.
- When a tab is not visible, the platform will not search for the type of content related to the hidden tab. If, for example, the Assets tab is hidden, when an asset matches the searched terms, the asset will not be shown in the All results tab, if enabled.
Best practices
The Extended Enterprise app is recommended in the following use cases:
- Internal
- You have business units in your company and you want to separate for users the login page to the platform (e. g. with their own language and look & feel). You need to delegate to some power users limited control over specific users.
- External
- You sell courses to your clients and you want to provide them separated login page, domain and look & feel.
- Internal/External
- A combination of the previous ones.
The Extended Enterprise app does not work in case you want to partition the platform in instances and allocate an independent Superadmin per branch. The Superadmin always has visibility over the whole platform configuration, content and users.
Please note: As of February 10, 2022, for security reasons text field input validation has been modified to enhance the security in the Extended Enterprise app and no longer accepts certain characters for input in text fields. Please see the complete list of special characters for more information.
Subfolder restrictions for Extended Enterprise clients
When creating subfolders for Extended Enterprise clients, you cannot create subfolders that start with or are labeled exactly as the following words:
- addons
- admin
- analytics
- analytics/v1
- api
- app7020
- assets
- audiences
- audiences/v1
- audittrail
- audittrail/v1
- authoring
- bamboohr
- bamboohr/v1
- check_*.php
- common
- community
- cookiebaker
- course
- course/v1
- custom_plugins
- db
- dcd
- debug
- demo
- demo/v1
- doceboCore
- doceboLms
- doceboScs
- docs
- docs/v1
- documentation
- domains
- ecommerce
- ecommerce/v1
- erp
- erp/v1
- files
- gapps
- hybridauth
- hydra-assets
- i.php
- i18n
- images
- impact
- impact/v1
- index.php
- insights
- ipaas
- ipaas/v1
- learn
- learn/v1
- learningplan
- learningplan/v1
- legacy
- lib
- lms
- loki
- manage
- manage/v1
- marketplace
- marketplace/v1
- media
- mobile
- moxiemanager
- notifications
- notifications/v1
- oauth2
- offline.php
- otj
- otj/v1
- pages
- pages/v1
- pens
- plugins
- poweruser
- poweruser/v1
- public
- report
- report/v1
- salesforce
- salesforce/v1
- scormcmd
- server-status
- setup
- setup/v1
- share
- share/v1
- simplesaml
- skill
- skill/v1
- sso
- tcapi
- templates
- themes
- tmrepo
- tmrepo/v1
- tos
- trms
- trms/v1
- unauthorized
- webapp
- widget
- yii