This article describes how to set up Clever to allow your users to sign in using SAML 2 Single Sign On (SSO)
Summary of steps
- Steps 1-3 can be completed in 10-20 minutes, and we recommend joining a call with Digital Theatre+ to swiftly exchange information.
- Step 4 is generally completed within a few hours by Digital Theatre+.
- Step 5 is completed within 10-20 minutes, and we recommend performing testing whilst joining a call with Digital Theatre+ for swift identification and resolution of any issues that arise during testing.
- District Administrator: Request the Digital Theatre+ application in Clever and send the metadata URL to Digital Theatre+
- Digital Theatre+: Provide the ACS URL value
- District Administrator: Update the SAML configuration in Clever with the ACS URL, configure attributes to be sent and setup sharing rules to allow access to users within licensed Schools
- Digital Theatre+: Configure rules to allocate users to groups based on School and User Type (e.g. Student and non-Student) and/or Grade
- District Administrator and Digital Theatre+: Test sign in and enable redirection of user sign in based on email domain
Digital Theatre+ may need the following information in order to correctly group users into Schools and User Type and/or Grades (for content access controls).
|Allow identification of School user is associated with
|Allow identification of Students by Grade. If Grade is not available, agree with Digital Theatre+ other attributes that can be used to identify Student vs. Non-Student users.
- You must be an existing customer of Clever.com
- You will need District Admin permissions for your Clever account
- Your users will need to have email addresses in Clever
1. Request the Digital Theatre+ application
Sign into Clever using your District Administrator credentials
- The application name within Clever is: 'Digital Theatre Plus Edu'
- The URL to request the app is: https://schools.clever.com/applications/add/60a54fde4e1b5e00131e5f13
- Click the 'Request application' button
- The application is automatically approved upon request
2. Send metadata to Digital Theatre+
- Go to the application Settings, and copy the Metadata URL (see the screenshot below marked '1')
- Submit a request for a new SSO configuration via https://sso.digitaltheatreplus.com and paste the metadata URL into the field marked 'Do you have a public URL for your IdP metadata?'.
- Digital Theatre+ will import your metadata into the system.
3. Receive the unique ACS Identifier from Digital Theatre+
- Digital Theatre+ will provide your unique ACS Identifier in response to your metadata being submitted. The ACS Identifier is a string of 20 characters that uniquely identifies your organisation to Digital Theatre+.
- Edit the SAML Details (screenshot below marked '2') and copy/paste the ACS Identifier into the ACS URL ACCOUNT field (screenshot below marked '3')
Do not enter the full ACS URL into the ACS URL ACCOUNT field. Only enter the final part.
For example, if your ACS URL was: https://auth.digitaltheatreplus.com/sso/saml2/0oa1i3jhiw5N44ZK14x7
Then 0oa1i3jhiw5N44ZK14x7 is the value to enter into the ACS URL ACCOUNT field.
4. Configure attributes
You will need to define the attributes for each type of user that needs to sign into Digital Theatre+ (District Admin, Staff, Student or Teacher).
For example, to send an attribute identifying the School a Teacher is associated with, you may set the SchoolID attribute to contain the SIS ID.
Once you have configured the attributes to be sent, please inform your Digital Theatre+ contact of both the attribute names (e.g. SchoolID), the list of expected values and the Schools that the values relate to.
5. Setup sharing rules
The District Administrator will need to configure sharing rules to allow the Teachers, Staff and Student to sign in using Clever for SSO.
Clever provides an article on sharing rules on their support website.
6. Digital Theatre+ rule configuration
Digital Theatre+ will setup rules to handle users when they sign in and put them into the correct Schools and sub-groups.
7. Test sign in and enable redirection of user sign in based on email domain
You should test that your users can now sign in using the Clever SAML configuration. Once confirmed, Digital Theatre+ will enable redirection for anyone signing in with your email domain to your Clever Identity Provider.
Users can now sign in
Once the above steps are complete, users are able to click on the Digital Theatre Plus Edu application and they will be signed into the Digital Theatre+ website.
They will also be able to go to https://edu.digitaltheatreplus.com, click Sign In, enter their email address, which will redirect them to your Clever Identity Provider to complete sign in.