This article contains the following:
1. Overview
2. Requirements
3. Setup
4. Customizing the Login Flow (optional)
Overview
Clever works seamlessly with Chromebooks, which allows students and teachers to access all of their learning applications while only logging in once per device. There are two methods to use Clever with Chromebooks:
- Users use Clever Badges to log into Chromebooks
- Users log into Chromebooks, then access Clever
Each method can be configured separately for different Organizational Units (OUs).
Since Google only allows one third party identity provider per domain, districts that have enabled Active Directory as a third party identity provider encounter a unique challenge when looking to enable Clever Badge logins for Chromebooks.
Since Clever integrates with many identity providers, including Active Directory, Clever can serve as the authentication pathway for both Badge and Active Directory users! See below for details on this integration.
Requirements
- Clever enabled as the third party identity provider in the Google Admin Console (Security Settings > Setup SSO with third party identity provider)
- Active Directory enabled as an identity provider in Clever (Settings > SSO Settings)
- Staff and students that will use Chromebooks must be active users in Clever
- Staff and students that will use Chromebooks must have their Google email address populated in Clever
Setup
Step 1 - Setup Active Directory authentication into Clever
To pass through authentication for non-Badge users, we will need to add Active Directory as an login method for Clever. Directions for adding Active Directory can be found here:
Single sign-on (SSO) with Active Directory Federation Services
Step 2 - Upload student/teacher Google emails to Clever
In order to authenticate both Clever Badge and Active Directory users into Chromebooks, the district will need to ensure that all students and teachers have Google emails synced to Clever. If these emails are not populated in the SIS, we can enable manual email uploads as described here: How do I upload emails that are not in my SIS?
Step 3 - Customize login flow (optional)
Districts can adjust settings in the admin console to tweak the login flow to best meet the needs of your district. See below for more details!
Step 4 - Apply settings and test logins
Apply the settings for Clever single sign-on (SSO) into Chromebooks as described here:
For districts that are actively using Active Directory to sign users into Chromebooks, we recommend completing login tests at a time when most users are not utilizing their Chromebooks to reduce interruptions to learning.
Customizing the Login Flow (optional)
Option 1: Bypass badge login
By default, once users open the Chromebook and select "Next" they will be presented with the badge login screen. If the district would prefer, this behavior can be adjusted so the district's general login page is presented first, facilitating faster logins for users logging in via Active Directory.
To implement this option, begin by navigating to the Security Settings page in the Google Admin Console and scroll down to the SSO section. Under Setup SSO with third party identity provider, let's adjust the "Sign-in page URL"
Currently your sign-in URL should look something like this:
This URL contains a parameter that forwards users directly to the badge authentication page:
Let's adjust the URL by removing: ?specify_auth=badges
The result should look like this:
This will send all users to the general login page for your district! From there, users can select their preferred login method. Here is what the login page will now look like:
Option 2: Pass-through Google authentication into Clever Portal
Pass through authentication ensures that all users are automatically logged into the Clever Portal when logged into a Chromebook.
To configure this setting, navigate to the "User Settings" page in the Google Admin Console. Depending on how you have applied the settings, you may need to adjust the Homepage, Pages to Load on Startup, or both. Currently the settings will look similar to below:
To enable pass through authentication add: ?skip=1&specify_auth=google to your district URL. Your district specific URL can be found here: https://schools.clever.com/portal
The result should look like this: https://clever.com/in/cleverdemo?skip=1&specify_auth=google
Login experience
- Open Chromebook, press “Next”
- If a user logs in using:
- Badges: user selects 'Log in with Clever Badges'.
- User scans their badge and is authenticated into Clever and Google/Chromebook!
- ADFS Credentials: User selects 'Log in with Active Directory'. Active Directory login screen is presented. User logs in to ADFS. ADFS authenticates the user into Clever, Clever authenticates the user into Google/Chromebook.
- Clever portal launches and learning begins!