Users at your district can now easily reset their Active Directory passwords through Clever. Districts who are using SAML provide Clever with secure access to your Active Directory server via an LDAP Bind Account and users to configure their own password reset method (either through email or text message) from within their Clever portal.
To use the Clever to Active Directory password reset feature, your district will first need to set up Active Directory as your login method in the SSO settings page of your Clever portal.
Once this is established, click the “Manage Account Recovery” button. This will then launch the District AD Account Recovery set-up wizard.
You will first need to provide us with a URL to your district’s LDAP server and the SHA-1 fingerprint.
Next, you will need to configure the LDAP server to Clever matching and provide the base DN, and the Bind Account username and password.
For the Search Attribute, provide the Active directory field you think would best serve as a field to search on in Active Directory and the Clever field it will match with. This field should be unique across all user types (e.g. students, teachers, school admins, etc.)
Lastly, you will be able to set additional configurations which include surfacing the search field (user identifier) to users, which user types are allowed to use this feature, the AD password requirements, email domains you would like to exclude from being used as recovery methods, and whether or not teachers can reset their students' AD passwords:
Click “Finish” and now students, teachers, and school admins can reset their AD passwords from their Clever portals!