GuidesSupportStatusClever Academy
Guides

District SSO vs Library SSO

This page will cover the key differences and workflows between these two SSO integration types.

Both of these integration types use the same authorization grant flow with Clever. As such, it's very easy to get them confused.

We covered the high level differences between District SSO and Library SSO in the Clever SSO Overview. We're going to dive a bit deeper here to illustrate the differences at each stage of development and certification. This documentation should help you avoid getting the two mixed up when it comes time to certify.

While this information can all be found throughout our documentation, this page will hopefully serve as a one-stop-shop for helping you understand the key differences and similarities between the two integration types.

📘

Check out these key resources for a high level understanding of Clever's integrations


Audience

District SSO

Clever District SSO supports district admins, school admins/staff, teachers, and students. An application building out this integration type can choose any subset of these user types to allow SSO for.

Library

Clever Library only supports teachers and students. Other user types cannot use this integration type. The idea behind Library SSO is to allow teachers to try out new software at their classroom level.

Authorized By

District SSO

The district must authorize these connections in order for them to work. Districts do this by connecting to an application at the district level and then setting up sharing permissions. More on these processes can be found in the documentation below:

Below is an example of how you can identify a District SSO authentication request using the /me endpoint. Notice "authorized_by" is set to "district".

{
    "type": "user",
    "data": {
        "id": "5fc43758db087d0be186c29d",
        "district": "5d0a9e5d0958b300014e49d2",
        "type": "user",
        "authorized_by": "district"
    },
    "links": [
        {
            "rel": "self",
            "uri": "/me"
        },
        {
            "rel": "canonical",
            "uri": "/v3.0/users/5fc43758db087d0be186c29d"
        },
        {
            "rel": "district",
            "uri": "/v3.0/districts/5d0a9e5d0958b300014e49d2"
        }
    ]
}

Library

Teachers authorize these connections. In order for a student to access a Library application, they must be part of a section belonging to a teacher that has authorized a connection with that application. More on Library can be found in the articles below:

{
    "type": "user",
    "data": {
        "id": "607741faddeea003f1bb6cfd",
        "type": "user",
        "authorized_by": "teacher"
    },
    "links": [
        {
            "rel": "self",
            "uri": "/me"
        },
        {
            "rel": "canonical",
            "uri": "/v3.0/users/607741faddeea003f1bb6cfd"
        }
    ]
}

Scopes

As always please refer to https://clever.com/schema for a comprehensive overview of field-level access for each integration type.

District SSO

District SSO gives access to the following fields:

Districts

  • District Clever ID
  • District Name

Schools

  • N/A

Sections

  • N/A

Users

  • User Clever ID
  • User First Name, Last Name
  • User Email

Library

Districts

  • N/A

Schools

  • N/A

Sections

  • Section Clever ID
  • Section Name
  • Section Grade
  • Section Subject
  • Section Teacher
  • Section Students

Users

  • Teacher Clever ID
  • Teacher First Name, Last Name
  • Teacher Email Address
  • Student Clever ID
  • Student First Name, Last Initial

🚧

Missing Required Fields?

If these integration types don't give you access to fields that are considered "required" in your application, simply collect that information upon their first login.

User Registration

District SSO

Because you are limited in the information you receive for this integration type, it is common to first provision the users through Clever Secure Sync, another rostering service, or manual provisioning as a prerequisite to integrating. In some cases, there are applications that auto-provision on their first login using the fields available.

Library

With Clever Library, it is expected for you to auto-register a new teacher when they first "install" your Library application. For students, you should auto-provision their account as soon as their teacher authorizes the connection.

Testing

District SSO

🚧

Do not use the Library Integration Guide in your Dashboard!

Clicking around the dashboard, you may come across an "Integration Guide". This is specifically for the Library integration. Testing using this tool may result in some confusion during the certification process. Please be sure to instead use the documentation linked directly below to test your District SSO integration.

Library

Certification

You can certify for both of these integrations on the same client credentials at the same time and using the same certification survey! Please be sure to review the certification guides linked below:

District SSO

District SSO Certification Guide

Library

Library Certification Guide

Updated 13 days ago