Clever can connect to your district's existing LDAPS provider to log students and teachers into their Clever Portal account. LDAPS is a more secure variant of LDAP that uses Secure Sockets Layer (SSL) to ensure that usernames and passwords are transmitted securely. For security reasons, Clever does not support using non-secure LDAP with single sign-on (SSO). We are unable to provide support for upgrading your existing LDAP system to LDAPS at this time, but this guide may be helpful if you are using Active Directory.
Here's what we'll need to get you set up:
- A hostname or IP address for your LDAP server.
- You'll need to allow Clever external IP addresses (220.127.116.11, 18.104.22.168, 22.214.171.124) access through your firewall.
- Your Base DNs and and username suffix - or a BIND account.
- The property in your LDAPS accounts that we can match with data in Clever - if you're not sure what this could be, please see this article about claims rules.
- If using a BIND account, the BIND Account Search Attribute and the BIND Account Username Attribute should NOT be the same.
- If a district is using sAMAccountName and userPrincipalName, there is a high likelihood that their server is Active directory.
- Use the "Match Automatically" tool to see what user objects look like.
As always, feel free to contact Clever Support if you run into any issues or have any questions about setting up LDAPS as your identity provider!