Single sign-on (SSO) with LDAPS

Clever can connect to your district's existing LDAPS provider to log students and teachers into their Clever Portal account. LDAPS is a more secure variant of LDAP that uses SSL to ensure that usernames and passwords are transmitted securely. For security reasons, Clever does not support using non-secure LDAP with single sign-on (SSO). We are unable to provide support for upgrading your existing LDAP system to LDAPS at this time, but this guide may be helpful if you are using Active Directory. 

Here's what we'll need to get you all set up:

1. A hostname or IP address for your LDAP server.
   
2. You'll need to allow Clever external IP addresses (54.241.134.131, 50.18.217.135, 54.241.154.41) access through your firewall.
   
3. Your Base DNs and and username suffix - or a BIND account.
   
4. The property in your LDAPS accounts that we can match with data in Clever - if you're not sure what this could be, please see this article about claims rules.

Once you're ready, navigate to the SSO Settings page and click Add IDP on the top-righthand side. Click on LDAPS Authentication and begin the setup wizard.

Please note: Changing the certificate on the LDAPS server without updating the SHA1 fingerprint here will cause logins to fail until resolved. 

As always, feel free to contact Clever Support if you run into any issues or have any questions about setting up LDAPS as your identity provider!