If you're interested in using an identity provider or login method with Clever that we don't currently have an official connection with, we may be able to set up a custom SAML connection to your identity provider.
Here's what your Identity Provider (IDP) must have:
- Support for SP-initiated sign on using a Redirect Binding
- Response must be sent to a specified POST Binding
- Response must contain an assertion encrypted using Clever's public key (found in the metadata file)
- The assertion must be signed with a private key owned by the IDP
- The assertion must contain an AuthnStatement with a SessionIndex
- The assertion must contain at least one attribute which can uniquely identify a Clever user
- Multiple attributes are allowed and only one needs to match a user, but only one user must be matched.
- Attributes should be in the form clever.[user type].[field] and contain the field they wish to match on.
- For example, an attribute with the name clever.student.sis_id with a value of 12345 will attempt to find a student with the SIS ID of 12345. A user type of 'any' may be used to match both students and teachers with the same field.
- A LogoutRequest must be accepted at a Redirect Binding. The LogoutResponse should be sent to to the specified HTTP-Redirect Binding
- There cannot be trailing whitespace or a newline at the start and end of the certificate.