Clever’s single sign-on (SSO) allows students and teachers to safely access education apps with a single username and password. You can rely on your existing user management system - single sign-on (SSO) supports common user management systems like Lenovo Stoneware.
To use single sign-on (SSO) with Stoneware, you’ll need the following:
- Active SIS sync with Clever
- webNetwork version 188.8.131.52 and above
Before you start setting up single sign-on (SSO) with Stoneware, it’s important to look at the attributes in Stoneware and the data that’s synced to Clever - in order for users to be able to authenticate, there needs to be an attribute in Stoneware that matches the user’s sis_id. Additionally, we recommend having your users’ mail attribute match the email address in Clever, though this is not mandatory.
How does single sign-on (SSO) work with Stoneware?
- When you set up Stoneware, you define usernames and passwords for your users.
- When you set up single sign-on (SSO) with Stoneware, you create a hidden SAML application on your Stoneware portal, so when students authenticate to Stoneware, they are logged in to the hidden SAML application.
- When users click on an single sign-on (SSO) link, Clever queries the SAML application to see which user is logged in. The SAML application uses claims rules to identify the user, and we grant them access to the application if they are correctly set up in Clever and in Stoneware.
Please note: Because credentials are only entered on the Stoneware Portal log in screen, Clever will never know the usernames and passwords of your users.
Can I use the Clever Portal instead of the Stoneware Portal?
It’s possible to log in to the Clever Portal using your Stoneware credentials once single sign-on (SSO) with Stoneware is set up. However, as the Stoneware set up process requires adding single sign-on (SSO) links to the Stoneware Portal in order for users to be able to log in, districts generally prefer to use the existing Stoneware Portal.
Preparing for setup with Clever
If you haven't finished signing up for a Clever account yet, you can choose "Custom Username & Password" and "Synced Passwords" to start. Once you have access to the Clever Admin Dashboard, take the following steps:
- Under single sign-on (SSO) in your Clever dashboard menu, click ‘Settings.'
- Choose the shortname for your single sign-on (SSO) portal URL. The URL will be www.clever.com/shortname. Remember to use something that your students and teachers will remember easily.
- Keep Identity System set to "Google Apps" or "Clever Passwords" for now
- Add the contact information that students and teachers should reach out to if they have trouble with logging in to Clever - this should be someone who can help them reset their Stoneware credentials and/or make sure they are shared with the application they're trying to access through Clever.
- Click Save
Configuring the Public webApp for Clever
You’ll need to configure Stoneware to connect with Clever single sign-on (SSO). In order to do so, you’ll need to set up a public webApp for Clever.
Creating a Public webApp
- Open webAdmin, right-click "Applications Admin", "Create Public Application", and enter "Clever SSO" as the webApp name.
- Open the Clever SSO "Properties" tab and set the following properties:
- Description: “CleverSSO”
- Application Type: “Public”
- Context Path (Alias) “/CleverSSO”
- You may need to refresh the page for this option to appear
- Assigned Relay(s): This should assign the app to each relay in your environment by default. //More complex setup? Reach out to StonewareUse the green ‘+’ icon to assign the app to each relay in your environment
- Please note that Assigned Link should be blank
Setting up Single-Sign-On to the Clever webApp
Open the Clever SSO ‘Authentication Tab and set the following properties:
- Type: ADFS
- Identity: Use the Wizard to add an attribute that matches data in Clever
- SAML Initiation: Service Provider
- Assertion Consumer: https://clever.com/oauth/saml/
- PFX Certificate: Click on the Wizard button
- Set Algorithm to RSA and Strength to 2048
- Click the “Generate” button, then the “Overwrite” button
- Certificate: Use the wizard to configure the certificate as you would any other self-signed certificate.
- SAML Logout Behavior: Full Logout
Setting up Attributes for single sign-on (SSO)
Open the CleverSSO “Attributes” or “Provisioning” tab and set the following properties:
- Attribute Assertion: Enabled
- Type: SAML
- Attribute Assertion Parameters: Use the green ‘+’ button to add the following attributes:
- clever.any.sis_id = <the Stoneware Attribute that matches Clever sis_id>
- clever.any.email = @@attr:mail@@
- This attribute is optional but recommended!
Once you’re done here, hit save and reload the page!
Testing the Public webApp
Navigate to https:// <dns of your webNetwork system>/swPublicSSO/SAMLMetadata/CleverSSO - this should display a page like this:
You’ll want to double-check that the two attributes at the bottom match the attributes you set up in the CleverSSO webApp.
If this page does not load or does not properly display the attributes, double-check your webApp configuration and assignments, and try reloading this page.
Finishing setup with Clever Support
Once you’ve finished the above, please contact Clever Support and provide the following information:
- The URL that you used to test your CleverSSO webApp
- An application that you’ve added to your Portal
We’ll help you finalize setup and test your first logins!
How do I add applications to the Stoneware Portal?
You can add Clever apps to the Stoneware Portal using single sign-on (SSO) links - this allows users to access applications seamlessly, thanks to the public webApp you’ve set up. Once you’ve acquired the direct link from your Clever dashboard, you can add it to the portal by adding a new Link Object to your portal for each application and assigning it to the appropriate users.
The Link Object should look like this:
Please note: single sign-on (SSO) will only work for users who both have access to this Link Object and are shared with the application in question through Clever.