District administrators with the Clever Admin user role can set up an automated sync with the district’s Active Directory server to sync non-instructional staff and school administrators to Clever as “staff” users.
This sync between Active Directory and Clever will supplement the existing sync between the district’s SIS and Clever and will only be used to sync staff users.
What are the requirements?
- Your district utilizes an Active Directory server to manage non-instructional staff and school administrators
- The Active Directory Sync toggle has been enabled on the Sync Settings page of the Clever dashboard
How do I prepare for the sync in Active Directory?
Staff sharing rules in Clever
Your district should make sure your staff and school admin sharing rules are in a good place for all of your district’s connected applications, so we’re not unintentionally sharing new users en masse.
Please set up staff sharing rules for your applications using the instructions under section 2 here: How can staff and school admins use the Portal and access applications?
Existing staff in Clever
If your district has already synced staff to Clever via a staff.csv or admins.csv file, please make sure their 'Staff_id' stays the same if you'd like to preserve their historical data in Clever. As this field is the key identifier for staff members in Clever, if an existing user is synced from Active Directory with a different 'Staff_id,' they'll get a brand new account in Clever.
Create a new bind account
Create a new bind account with read-only permissions that Clever can use to query the LDAP server. Once created, take note of the account credentials - you’ll need that for setup!
Review your OU structure in Active Directory
Identify whether classroom teachers are grouped in Organizational Units (OUs) together with non-instructional staff members.
- If not, that’s great! Take note of the OU names for just the non-instructional staff members.
- If so, there’s risk of creating duplicate user accounts in Clever for users that are already in our system as teachers. To counter this, we suggest bulk adding an extension attribute to teaching staff’s profiles that would distinguish these two staff types from each other in your server.
Create a one-time school mapping CSV file
We’ll need a one-time upload to map existing schools in Clever to school names in Active Directory. The file should have two columns: ‘School_id’ (as it appears in Clever) and ‘Active_directory_name’. Example below:
How do I set up the sync in Clever?
- Navigate to the Sync Settings page in the Clever dashboard
- Toggle on “Active Directory Sync” at the bottom of the page to reveal a new setup tab
- Maneuver to the “Active Directory” tab that now appears at the top of the page and click the blue ‘Get started’ button:
- Configure the connection between Clever and your district’s Active Directory server by entering your district’s LDAP URL, certificate fingerprints, and the credentials for the read-only bind account set up in preparation.
- Add staff queries to designate the OUs from which Clever should sync staff user accounts. During this step, you’ll also indicate which Active Directory user attributes should map to the Clever staff fields.
- Optionally configure a sync for staff extension fields such as security group, building code, etc. The Clever extension field will always begin with ‘ext.’
- Upload your prepared school mapping CSV so our system knows what existing School_ids in the district’s Clever account are associated with what school names in Active Directory.
After the sync is configured and a first sync runs, you can view the results on the Sync > Active Directory tab. Like your normal SIS sync report, you can track staff account creations, updates, deletions, and errors here.