District SSO vs Library SSO
This page will cover the key differences and workflows between these two SSO integration types.
Both of these integration types use the same authorization grant flow with Clever. As such, it's very easy to get them confused.
We covered the high level differences between District SSO and Library SSO in the Clever SSO Overview. We're going to dive a bit deeper here to illustrate the differences at each stage of development and certification. This documentation should help you avoid getting the two mixed up when it comes time to certify.
While this information can all be found throughout our documentation, this page will hopefully serve as a one-stop-shop for helping you understand the key differences and similarities between the two integration types.
Check out these key resources for a high level understanding of Clever's integrations
Audience
District SSO
Clever District SSO supports district admins, school admins/staff, teachers, and students. An application building out this integration type can choose any subset of these user types to allow SSO for.
Library
Clever Library only supports teachers and students. Other user types cannot use this integration type. The idea behind Library SSO is to allow teachers to try out new software at their classroom level.
Authorized By
District SSO
The district must authorize these connections in order for them to work. Districts do this by connecting to an application at the district level and then setting up sharing permissions. More on these processes can be found in the documentation below:
Below is an example of how you can identify a District SSO authentication request using the /me
endpoint. Notice "authorized_by"
is set to "district"
.
{
"type": "user",
"data": {
"id": "5fc43758db087d0be186c29d",
"district": "5d0a9e5d0958b300014e49d2",
"type": "user",
"authorized_by": "district"
},
"links": [
{
"rel": "self",
"uri": "/me"
},
{
"rel": "canonical",
"uri": "/v3.0/users/5fc43758db087d0be186c29d"
},
{
"rel": "district",
"uri": "/v3.0/districts/5d0a9e5d0958b300014e49d2"
}
]
}
Library
Teachers authorize these connections. In order for a student to access a Library application, they must be part of a section belonging to a teacher that has authorized a connection with that application. More on Library can be found in the articles below:
- For Teachers: Connecting with Clever Library
- For Clever Admins: Managing the Clever Library
- Below is an example of how you can identify a Library SSO authentication request using the
/me
endpoint. Notice"authorized_by"
is set to"district"
.
{
"type": "user",
"data": {
"id": "607741faddeea003f1bb6cfd",
"type": "user",
"authorized_by": "teacher"
},
"links": [
{
"rel": "self",
"uri": "/me"
},
{
"rel": "canonical",
"uri": "/v3.0/users/607741faddeea003f1bb6cfd"
}
]
}
Scopes
As always please refer to https://clever.com/schema for a comprehensive overview of field-level access for each integration type.
District SSO
District SSO gives access to the following fields:
Districts
- District Clever ID
- District Name
Schools
- N/A
Sections
- N/A
Users
- User Clever ID
- User First Name, Last Name
- User Email
Library
Districts
- N/A
Schools
- N/A
Sections
- Section Clever ID
- Section Name
- Section Grade
- Section Subject
- Section Teacher
- Section Students
Users
- Teacher Clever ID
- Teacher First Name, Last Name
- Teacher Email Address
- Student Clever ID
- Student First Name, Last Initial
Missing Required Fields?
If these integration types don't give you access to fields that are considered "required" in your application, simply collect that information upon their first login.
User Registration
District SSO
Because you are limited in the information you receive for this integration type, it is common to first provision the users through Clever Secure Sync, another rostering service, or manual provisioning as a prerequisite to integrating. In some cases, there are applications that auto-provision on their first login using the fields available.
Library
With Clever Library, it is expected for you to auto-register a new teacher when they first "install" your Library application. For students, you should auto-provision their account as soon as their teacher authorizes the connection.
Testing
District SSO
Do not use the Library Integration Guide in your Dashboard!
Clicking around the dashboard, you may come across an "Integration Guide". This is specifically for the Library integration. Testing using this tool may result in some confusion during the certification process. Please be sure to instead use the documentation linked directly below to test your District SSO integration.
Library
Certification
You can certify for both of these integrations on the same client credentials at the same time and using the same certification survey! Please be sure to review the certification guides linked below:
District SSO
District SSO Certification Guide
Library
Updated 3 months ago