3b. District SSO Certification Guide

How Long Does it Take?

The time it takes to build an integration with Clever varies depending on your business needs, data model, and technical constraints.

Once you have built a Clever integration, you may submit to become certified. After you submit your certification, our Partner Engineering team will review your integration in accordance with our certification requirements. Once we've finished reviewing your submission, you’ll receive an email with your certification results and recommended next steps. If needed, we will schedule a call to go over the integration in greater detail.

How Do I Get Started?

Create a developer account at apps.clever.com/signup. You can then refer to our District SSO integration documentation here:

District SSO with OAuth 2.0

Checklist

You will need to ensure the following items are complete before submitting for certification.

  • Visit Clever Academy to make sure you understand how Clever works.
  • Link users from your Clever sandbox district to users in your system. As part of certification, we will be testing the SSO experience through your sandbox district. You will need to provide one working example of SSO for each supported user type.
  • Ensure that you provide a redirect URI that we can use to test your integration. This setting can be found in your dashboard at Settings >> Instant Login.
  • Check that your supported user types are set in your dashboard at Settings >> Instant Login.
  • Test your integration thoroughly. A testing guide for District SSO integrations can be found here: Testing Logins
  • Ensure that your integration meets the integration requirements listed below

Integration Requirements

  • Must use the authorization grant flow to support SSO
  • Must utilize all relevant data from Clever API
  • Must provide clear indication to user that they are logged in to the correct account
  • Must match users on Clever ID or email address when they log in
  • Must allow users to log in on the primary redirect URI, even if application is multi-tenant. Redirect URI must be secured with https
  • Must show a friendly error screen when logins fail
  • Must provide a "Log Out" button

Recommendations

  • Add a "Log in with Clever" button to log-in page
  • For required fields that you can't get from the API, prompt users to provide this information on first login
  • Leverage data available from Clever (e.g.name, email)
  • Support students, teachers, and sections with names that contain utf-8 characters, such as ñ or é
  • Override any existing session upon new Clever auth requests in your application in order to support students on shared devices

Important questions to answer

  • Does your integration work in:
    • Chrome
    • Firefox
    • Internet Explorer
    • Safari
    • Mobile Safari
    • Mobile Chrome
  • Do you require any other fields than the ones provided (e.g. school, district info)? If so, do you prompt the user for these during onboarding?
  • Is there an amount of inactivity after which you log someone out?
  • What screen are users directed to when they're logged out? Does the window close?