Districts have the option to allow users to easily reset their Active Directory passwords through Clever. Districts who are using SAML as their single sign-on (SSO) method provide Clever with secure access to their Active Directory server via an LDAP Bind Account allowing district users to configure their own password reset method (either through email or text message) in Clever.
To use the Clever Active Directory password reset feature, your district will first need to set up Active Directory as your login method from your Clever district dashboard > Portal > SSO settings page.
Once this is established, select the 'Manage Account Recovery' button. This will launch the District AD Account Recovery set-up wizard.
You will first need to enter the URL for your district’s LDAP server and the SHA-1 fingerprint.
Next, configure the LDAP server:
- User attribute to match to the specified Clever field
- For the Search Attribute, provide the Active directory field you think would best serve as a field to search on in Active Directory, and the Clever field it will match with. This field should be unique across all user types (e.g. students, teachers, school admins, etc.).
- The base DN
- The Bind Account username and password
- Please note: The Bind Account will need to have write access, which will allow Clever to find student and teacher accounts in order to reset their passwords.
Lastly, you will be able to set additional configurations which include:
- Surfacing the search field (user identifier) to users
- Selecting which user types are allowed to use this feature
- The AD password requirements
- Email domains you would like to exclude from being used as recovery methods
- Whether or not teachers can reset their students' AD passwords
Select 'Finish'. Students, teachers, and school admins can now reset their AD passwords from their Clever portals!