This guide is directed toward district admins who are familiar with Google SSO through Clever, and who are trying to troubleshoot user login issues. If you're just getting started with Google and Clever, take a look at the article on Single Sign on (SSO) with Google.
Here is the Clever Google SSO login flow:
When a user clicks 'Log in with Google' from your district's Clever login Portal URL, Clever sends the user to Google where they will enter their district-provided Google email address and password.
Clever does not have access to Google passwords for users; however, once the user has entered their credentials, Google will redirect the user back to Clever providing a "token" that tells Clever this user has successfully logged in.
If it is the users first time logging into Clever via Google, the user may be prompted to approve Clever as a Google SSO application.
Once the user is logged in, Clever shares the user's token with any associated applications they attempt to log into. This allows the user to access their Clever apps via single sign-on (SSO) through Clever without needing to enter their credentials again.
Unfortunately, there are occasional login issues that come up with district users.
The first step in investigating a user login issue is to navigate to your district dashboard > Support Tools > Login Logs. See THIS article for details on how to filter data from your district's Login Logs !
Here are the most common errors, and how to resolve them:
- no_match: The unique identifier passed to us from the Google did not match any user in Clever. In essence, a user (let's call her "Susan") was successfully able to prove who she was to Google, but when Google came to tell Clever "Hey, can you log Susan in for me?", we responded "Sorry, we don't have a Susan here". The most common cause of this is a user trying to log in that is not yet synced to Clever, but it could also be that the field we match on, say student number or email address, is missing in the SIS upload for the user in question. We show the matches we tried to make in your Single sign-on (SSO) Event Logs, so check there and then look up the corresponding information in your SIS and/or Clever Data Browser to see what might be going on.
- no_code: When a user logs in to Clever for the first time using Google, they are asked to give permission. If they deny permission, we don't get a valid code to log them in with, and show this error. Ask the user to try again, and accept the permissions to use Clever.
- no_token: A fairly rare error (hopefully!), this indicates Google had an issue while we were attempting to log the user in. This can indicate that Google had a temporary network glitch, or that there is a bug. If you are seeing this error occur frequently, please reach out as soon as possible to Clever Support so we can work with Google and help you troubleshoot.