To use single sign-on (SSO) with Azure AD/Office 365, you'll need to make sure you have:
- Active SIS sync with Clever
- Azure Active Directory Premium OR Azure Active Directory and PowerShell Proficiency
Not sure if you have Azure Active Directory? If you have a paid subscription to Office 365 for your organization, you have a free subscription to Azure Active Directory.
Preparing for Setup with Clever
If you haven't finished signing up for a Clever account yet, you can choose Google to start. Once you have access to the Clever district dashboard, take the following steps:
- From your Clever district dashboard menu, click Portal > SSO Settings.
- Choose 'Add Login Method'.
- Choose Active Directory Authentification
- Enter your metadata URL (you can find out how to obtain your metadata URL below)
- Check the box for 'Allow unencrypted SAML assertions'
- Click Save
- Add the contact information for whom students and teachers should reach out to if they have trouble with logging in to Clever - this should be someone who can help them reset their Azure credentials and/or make sure they are shared with the application they're trying to access through Clever.
- Next, navigate to Portal > Portal Settings and choose your district's portal URL. The URL will be www.clever.com/in/<shortname>. Remember to use something that your students and teachers will remember easily.
Setup In Azure AD
You'll need to configure Azure Active Directory to connect with Clever single sign-on (SSO). In order to do that, you'll need to:
- Add the Clever app to Azure Active Directory
- Set up SSO to the Clever App
- Set up Claims Rules to allow Clever to match Azure users to Clever records
- Assign users to the Clever App in Azure AD
Adding the Clever App to Azure AD
To add Clever from the gallery, perform the following steps:
In the Azure portal, on the left navigation panel, click Azure Active Directory icon.
Navigate to Enterprise applications. Then go to All applications.
Navigate to Enterprise applications - All applications > Categories > Add an application and search for "Clever".
Setting up Azure SSO to Clever
For single sign-on to work, Azure AD needs to know what the counterpart user in Clever is to a user in Azure AD. In other words, a link relationship between an Azure AD user and the related user in Clever needs to be established.
In Clever, assign the value of the user name in Azure AD as the value of the Username to establish the link relationship.
Configure Azure AD single sign-on
In this section, you enable Azure AD single sign-on in the Azure portal and configure single sign-on in your Clever application.
To configure Azure AD single sign-on with Clever, perform the following steps:
In the Azure portal, on the Clever application integration page, find the Manage section and select single sign-on.
On the Select a single sign-on method page, select SAML.
On the Set up single sign-on with SAML page, click the edit/pen icon for Basic SAML Configuration to edit the settings.
On the Basic SAML Configuration section, enter the values for the following fields:
a. In the Sign on URL text box, type a URL using the following pattern:
b. In the Identifier (Entity ID) text box, type a URL using the following:c. In the Reply URL (Assertion Consumer Service URL) text box, type a URL using either of the following:
- Next, open the User Attributes & Claims section.
There will be required claims that you will not need to adjust at all.
Additional Claims rules are used to allow Clever to determine which student or teacher is logging in. To do this, we match Azure AD attributes to data in Clever. In order for users to be able to log in, there needs to be an attribute for each user type that exactly matches data in a field in Clever. Claim name will be the Clever field and the value is the field in Azure.
To generate the Metadata url, navigate to SAML Signing Certificate and copy the App Federation Metadata URL
Grant users access to Clever
In this section, you will enable students and teachers to use Azure single sign-on by granting access to Clever.
To assign users to Clever, perform the following steps:
In the Azure portal, open the applications view, and then navigate to the directory view and go to Enterprise applications then click All applications.
In the applications list, select Clever.
In the menu on the left, click Users and groups.
Click the Add button. Then select Users and groups on Add Assignment dialog.
On the Users and groups dialog, select the appropriate users from the Users list.
Click Select button on the Users and groups dialog.
Click Assign button on the Add Assignment dialog.
Setting up Clever
In a different web browser window, log in to your Clever district dashboard as an administrator.
From the left navigation, click Portal > SSO Settings.
On the SSO Settings page, perform the following steps:
a. Select Add Login Method.
b. Select Active Directory Authentication.
c. Enter the Metadata URL you pulled from the Azure console in the Metadata URL text box.
d. Click Save.