Testing Your SSO Integration

🚧

Testing is a key part of certification

If you're not yet familiar with how certification works with Clever, take a look at this section.

☝️

A few things to consider before you start testing

Which integration type are you testing for? It's important to maintain the distinction between District SSO and Library SSO when testing your SSO integration. It's very easy to get mixed up if you're not paying attention.

Which users should be used to test each integration? Please note that in most cases, there are pre-determined users you should be testing with for each integration. Please keep an eye out for that information detailed below.

What scopes do you have access to when testing each integration? Both integration types have different access levels when it comes to fields. On top of that, having Secure Sync enabled on your account will also affect the outcome of your testing. Be aware of what you're testing for and what you're looking to certify for. If you need a refresher, please refer to LINK.

Pay close attention to the details mentioned on this page, as failure to do so can significantly impact your ability to get your integration live and in front of end-users in a timely manner. A successfully designed test plan allows for us to quickly process your certification.

💪

Pro tip

If your browser does not have the correct district context, you will come across a "school picker". You won't be able to find your sandbox district by searching the school names. Instead you should be using your district ID. Click into your sandbox district on the developer dashboard to find the district ID.

To skip this step during testing, you can hardcode the district ID into your authorization URL as such:

https://clever.com/oauth/authorize?response_type=code&redirect_uri=&client_id=&district_id=

Prerequisites

Settings

Before you get started with testing, make sure that you have the following settings configured. Without them, your SSO integrations will not work. Both settings can be found on the same page in your developer dashboard: Settings > Integration

• Supported User Types: This setting controls which user types can use your SSO integration. Note: The Library integration type only supports teachers and students.
• Redirect URI:
  • The redirect URI is used to securely return the authorization code or access token to your application after the user authorizes access. It ensures that the token is sent to the correct location, mitigating risks like token leakage or unauthorized access.
  • This setting is an allowlist of redirect URIs that Clever will send an authorization code to. Any authentication requests sent from a redirect URI that is not recognized from Clever will result in an error.
  • If no redirect URI is specified in an authentication request, Clever will default to the first redirect URI in the list. This is important behavior to consider during the certification process. If you do not have a publicly accessible redirect URI set as your default one, we will not be able to certify your integration.

Test Users

By default, you will have access to a useful number of test users for each integration type. However, context really matters. Pay close attention to which users you're testing for and for which integration type. Take a look at the SSO Test Plan linked below for an integration-specific guide for testing SSO.

📘

Want to use our streamlined test plan?

If you're looking for a way to quickly test out your SSO integrations without diving into the nuances, we've developer an SSO Test Plan that you can use to quickly get your testing out of the way in preparation for certification.

Check out this SSO Test Plan.

Understanding the SSO entry points

There are a number of ways that users in Clever can initiate an authentication request. Be sure to review Clever SSO Overview. It's important to account for all these entry points to ensure that your integration is working in all cases. If your SSO integration requires a state parameter, the Clever Portal-initiated SSO may cause you trouble. Be sure to take a look at this documentation about state parameters.