If you're interested in using an identity provider with Clever that we don't currently have an official connection with, we may be able to set up a custom SAML connection to your identity provider.
Here's what your IDP must have:
- Support for SP-initiated sign on using a Redirect Binding
- Response must be sent to a specified POST Binding (https://clever.com/oauth/saml/assert)
- Response must contain an assertion encrypted using Clever's public key (found in the metadata file)
- The assertion must be signed with a private key owned by the IDP
- The assertion must contain an AuthnStatement with a SessionIndex
- The assertion must contain at least one attribute which can uniquely identify a Clever user
- Multiple attributes are allowed and only one needs to match a user, but only one user must be matched.
- Attributes should be in the form clever.[user type].[field] and contain the field they wish to match on. For example, an attribute with the name clever.student.sis_id with a value of 12345 will attempt to find a student with the SIS ID of 12345. A user type of 'any' may be used to match both students and teachers with the same field.
- A LogoutRequest must be accepted at a Redirect Binding. The LogoutResponse should be sent to to the specified HTTP-Redirect Binding (https://clever.com/oauth/saml/assert)
If your IDP supports all of the above, they'll need to provide us with a Metadata URL - here is an example SAML metadata file that we support: example_metadata.xml
If you have any questions or are ready to get started, send a request to Clever Support!