If you're interested in using an identity provider with Clever that we don't currently have an official connection with, we may be able to set up a custom SAML connection to your identity provider.
Here's what your IDP must have:
- Support for SP-initiated sign on using a Redirect Binding
- Response must be sent to a specified POST Binding (https://clever.com/oauth/saml/assert)
- Response must contain an assertion encrypted using Clever's public key (found in the metadata file)
- The assertion must be signed with a private key owned by the IDP
- The assertion must contain an AuthnStatement with a SessionIndex
- The assertion must contain at least one attribute which can uniquely identify a Clever user
- Multiple attributes are allowed and only one needs to match a user, but only one user must be matched.
- Attributes should be in the form clever.[user type].[field] and contain the field they wish to match on. For example, an attribute with the name clever.student.sis_id with a value of 12345 will attempt to find a student with the SIS ID of 12345. A user type of 'any' may be used to match both students and teachers with the same field.
- A LogoutRequest must be accepted at a Redirect Binding. The LogoutResponse should be sent to to the specified HTTP-Redirect Binding (https://clever.com/oauth/saml/assert)
If your IDP supports all of the above, they will need to provide us with a Metadata URL. Please find an example SAML metadata file that we support attached at the bottom of this article.
If you have any questions or are ready to get started, send a request to Clever Support!