How to deploy School Data Sync by using Clever Sync

Note: This topic is pre-release documentation and is subject to change in future releases.

Clever is an identity management and rostering solution for education that integrate with School Data Sync (SDS) and Classroom in Office 365. Using Clever Sync allows you to synchronize student, teacher, section, school, and roster information from Clever directly into Microsoft Azure Active Directory using the REST APIs provided by the Clever system.

In this topic:   

Before you get started

Before you start synchronizing with SDS Clever Sync, read the Overview of School Data Sync and Classroom and make sure you meet the following prerequisites:

  • Your Office 365 tenant must be an Office 365 Education tenant.

  • Synced identities must be licensed for SharePoint Online and Exchange Online. Skype for Business licenses aren't required. Note that OneDrive for Business is provided through the SharePoint Online license.

    If a student or teacher doesn't have the required licenses in Office 365, School Data Sync will still create their profile, but Classroom will not finish provisioning properly for them for any apps they aren't licensed to use.

  • The attributes in your Clever SIS marked for sync must not contain any characters shown in this list of invalid characters.

If you are configuring School Data Sync for a tenant which is synchronized from on-premises Active Directory through AADConnect, you may notice an increase in the number of Disconnectors shown in your miisclient. This is a result of Office 365 Group being unable to synchronize back to the AADConnect Metaverse and On Premises Active Directory. These warnings do not have any negative impact on your current AADConnect deployment, and only provide an informational note on the resultant sync failure. You should expect these warnings in AADConnect after enabling sync in SDS, as one O365 Group is created for each class synchronized through SDS.

Note: The data that you provide through School Data Sync may be accessible to third-party application providers through their apps, so you should sync only the data that you want to make available to these third parties.

Set up Clever for SDS

Watch the video: Deploy School Data Sync

Deploy School Data Sync Video

Before School Data Sync can connect to your Clever instance, you must add and authorize the application integration within Clever. Then, follow these steps to complete this process.

  1. Log in to the Clever system as a District Admin at https://schools.clever.com/school.

  2. Open a new tab within the same browser.

  3. Copy and paste the following URL into the new tab:

    https://schools.clever.com/signup/microsoft-school-data-sync

  4. Authorize the Microsoft School Data Sync App:

    1. Check the I authorize Clever to share this information with Microsoft School Data Sync check box.

    2. Choose Authorize App.

      Choose Authorize App to share information with SDS
  5. Set the appropriate Data Sharing scope for your Clever instance. Available options include Share Entire District, Share by School, Share by Section, and Share by Rules.

    • Share Entire District shares the entire district and every school in it.

    • Share by School allows you to select individual schools to share and sync with School Data Sync.

    • Share by Section allows you to select individual sections to share and sync with School Data Sync.

    • Share by Rules allows you to configure custom sharing rules for selectively allowing sync on an object by object basis.

      Set data sharing scope for Clever sync

      Tip: Note: After sharing any scale of data with SDS, it will then be written into Azure AD and stored in that new target location. As a result, later restricting the sharing settings to a more restrictive data set, will not result in the removal of the original data written to Azure AD. It will only stop new data within that sharing scope from being written into Azure AD. This behavior is different than Clever integration with other applications where un-sharing results in the data no longer being present in the target application or directory. Un-sharing with Azure does not follow that same model.

  6. After you’ve selected the appropriate Data Sharing scope, check the confirmation check box listed below the option selected, and then choose Save Changes.

  7. Capture the District ID of Clever for use in the SDS Sync Profile Setup:

    1. Within your Clever instance, on the left pane, navigate to the Data > Browse to display your District within Clever.

      Browse to display your district
    2. Click your district to capture and record the District ID, which is required for the Sync Profile Setup later in this process.

Synchronize your users using the Clever Sync Import method

After you've authorized the app and enabled access to Clever, create a sync profile in Microsoft School Data Sync to synchronize your Clever information.

  1. In your web browser, go to sds.microsoft.com and then enter the global admin credentials for your Office 365 Education tenant.

  2. If it's your first time logging in and setting up a profile, choose Set up School Data Sync to create your first sync profile.

    Choose Set up SIS Sync

    Or, if you've already completed School Data Sync setup, choose Add Profile to create an additional sync profile.

    Choose Add Profile
  3. Type a profile name in the Enter a name for your profile box.

    Enter a name for your profile
  4. In the Data extraction options section, select Clever API in the Select data source drop-down menu.

    Select Clever Api from the Select data source drop-down
  5. Choose Log into Clever to verify your district information.

    Select Clever API
  6. At the web prompt, enter your Clever District Administrator credentials.

    Enter your Clever district administrator credentials
  7. After connectivity to Clever has been verified, select either Create new users or Sync existing users .

    Choose either Create new users or Sync existing users
    • Create new users Select this option if you are not syncing identities from your on-premises Active Directory, or the users in scope for sync are not created within Azure AD already. This option will create new user accounts for the students and teachers in Clever in scope for this sync profile. The scope of users from Clever will be determined on the following page.

    • Sync existing users Select this option if you are syncing identities from your on-premises Active Directory, or the users in scope for sync are already created in Azure AD. This option will not create new user accounts for students and teachers in Clever, in scope for this sync profile. The scope of users from Clever will be determined on the following page.

  8. If you selected the Create new users option, skip this step. If you selected the Sync existing users option, select the appropriate Students and Teachers Identity match options from the available drop-down menu. This is where you must define how to match students and teachers in Clever to the user account in Azure AD.

    • Identity Matching Options - Students

      Identity matching options for students

      Select source property This drop-down menu allows you to select the source property within Clever to be used for Identity Matching. Watch the Identity Matching video to review how source, target, and append domain matching logic works, to help determine the appropriate value to select.

      • Secondary Email Optional attribute field which can be included for sync and may also be used for identity matching. The appropriate formatting for this attribute is a string of alphanumeric characters with no spaces or invalid special characters, followed by an @ symbol, followed by a domain suffix (for example, JohnSmith@contoso.com).

      • Student Number Optional attribute field which can be included for sync and also may be used for identity matching. The appropriate formatting for this attribute is a string of alphanumeric characters with no spaces or invalid special characters (for example, 1234567).

      • Username Required attribute field which must be included for sync and can be used for identity matching. The appropriate formatting for this attribute is either a string of alphanumeric characters with no spaces or invalid special characters (for example, JohnSmith), or could also be included as a string of alphanumeric characters with no spaces or invalid special characters, followed by an @ symbol, followed by a domain suffix. (for example, JohnSmith@contoso.com).

      Select suffix Use this drop-down menu to append a domain suffix to the source property in Clever, if needed to complete your identity matching plan. It will not actually modify the source value in Clever, just append the value being attempted during the SDS match process. This menu also allows you to select the No Suffix Needed option if the source attribute already contains the required domain suffix (for example, Username with domain suffix included) or the target attribute value does not include a domain suffix (for example, mailNickname). Each domain added to the Office 365 tenant will be displayed in the drop-down menu as an available choice, in addition to the No Suffix Needed option previously mentioned. Watch the Identity Matching video in this section to review how source, target, and append domain matching logic works, to help determine the appropriate value to select.

      Select target property This drop-down menu allows you to select the target property within Azure AD to be used for Identity Matching. Watch the Identity Matching video to review how source, target, and append suffix matching logic works, to help determine the appropriate value to select.

      • UserPrincipalName Logon name for the user. The appropriate formatting for this attribute is a string of alphanumeric characters with no spaces or invalid special characters, followed by an @ symbol, followed by a domain suffix (for example, JohnSmith@contoso.com).

      • Mail PrimarySMTPAddress of the user. The appropriate formatting for this attribute is a string of alphanumeric characters with no spaces or invalid special characters, followed by an @ symbol, followed by a domain suffix (for example, JohnSmith@contoso.com). While it is suggested, this attribute is not always the same as the UserPrincipalName attribute.

      • mailNickname Exchange Alias of the user. The appropriate formatting for this attribute is a string of alphanumeric characters with no spaces or invalid special characters (for example, 1234567). While it is recommended, this value is not always unique, so be cautious in selecting this attribute for identity matching and ensure you are always matching to a unique target value.

      Student Identity Matching Matrix:

      In order to match source and target identities, you must select one value from the three choices available in the Select Source drop-down menu, and then define which of the three available target attributes in the Select Target drop-down menu will be an exact match. It is also possible that the source attribute only matches a portion of the target attribute, and requires a domain suffix to be appended to complete the matching logic (for example, JohnSmith source attribute + @contoso.com domain suffix = a match with JohnSmith@contoso.com target attribute).

    • Identity Matching Options - Teachers

      Identity matching options for teachers drop-down

      Select source property This drop-down menu allows you to select the source property within Clever to be used for Identity Matching. Watch the Identity Matching video to review how source, target, and append domain matching logic works, to help determine the appropriate value to select.

      • Secondary Email Optional attribute field which can be included for sync and may also be used for identity matching. The appropriate formatting for this attribute is a string of alphanumeric characters with no spaces or invalid special characters, followed by an @ symbol, followed by a domain suffix (for example, JohnSmith@contoso.com).

      • Teacher Number Optional attribute field which can be included for sync and also may be used for identity matching. The appropriate formatting for this attribute is a string of alphanumeric characters with no spaces or invalid special characters (for example, 1234567).

      • Username Required attribute field which must be included for sync and can be used for identity matching. The appropriate formatting for this attribute is either a string of alphanumeric characters with no spaces or invalid special characters (for example, JohnSmith), or could also be included as a string of alphanumeric characters with no spaces or invalid special characters, followed by an @ symbol, followed by a domain suffix. (for example,JohnSmith@contoso.com).

      Select suffix Use this drop-down menu to append a domain suffix to the source property contained within Clever, if needed to complete your identity matching plan. It will not actually modify the source value in Clever, just append the value being attempted during the SDS match process. This menu also allows you to select the No Suffix Needed option if the source attribute already contains the required domain suffix (for example, Username with domain suffix included) or the target attribute value does not include a domain suffix (for example, mailNickname). Each domain added to the Office 365 tenant will be displayed in the drop-down menu as an available choice, in addition to the No Suffix Needed option previously mentioned. Watch the Identity Matching video to review how source, target, and append domain matching logic works, to help determine the appropriate value to select.

      Select target property This drop-down menu allows you to select the target property within Azure AD to be used for identity matching. Watch the Identity Matching video to review how source, target, and append suffix matching logic works, to help determine the appropriate value to select.

      • UserPrincipalName The logon name for the user. The appropriate formatting for this attribute is a string of alphanumeric characters with no spaces or invalid special characters, followed by an @ symbol, followed by a domain suffix (for example, JohnSmith@contoso.com).

      • Mail PrimarySMTPAddress of the user. The appropriate formatting for this attribute is a string of alphanumeric characters with no spaces or invalid special characters, followed by an @ symbol, followed by a domain suffix (for example, JohnSmith@contoso.com). While it is suggested, this attribute is not always the same as the UserPrincipalName attribute.

      • mailNickname xchange Alias of the user. The appropriate formatting for this attribute is a string of alphanumeric characters with no spaces or invalid special characters (for example,1234567). While it is recommended, this value is not always unique, so be cautious in selecting this attribute for identity matching and ensure you are always matching to a unique target value.

      Teacher Identity Matching Matrix:

      In order to match source and target identities, you must select one value from the three choices available in the Select Source drop-down menu, and then define which of the three available target attributes in the Select Target drop-down menu will be an exact match. It is also possible that the source attribute only matches a portion of the target attribute, and requires a domain suffix to be appended to complete the matching logic (for example, JohnSmith source attribute + @contoso.com domain suffix = a match with JohnSmith@contoso.com target attribute). Watch the Identity Matching video for various examples of matching logic success and failure for sync.

  9. After the Profile Name, Data Extraction Options, and Identity Matching Options are set in place, choose Next.

  10. On the Directory Options page, select the appropriate domain for each drop-down list available. If you selected the Sync existing users option in step 7, you will only need to select the appropriate domain for Schools and Sections because all existing students and teachers already have domains associated with their respective user accounts. This domain will be used as the domain suffix for the Office 365 Group created for each section, unless policy is in place to override this domain setting.

    Directory options when syncing existing users

    If you selected the Create new users option in step 7, you will need to select the appropriate domain for Schools and Sections, in addition to a domain for teachers, and a domain for students, as shown below. This domain will be used as the domain suffix for the user account created by SDS, for each user included in the student and teacher csv files.

    Only one domain can be entered for teachers, and one domain for students within a single sync profile. If you have objects of those types which must be spread across multiple domains, you'll have to create a separate profile for each set of users (one sync profile per domain).

    Directory options when syncing new users
  11. If you selected the Create new users option in step 7, you also must select the appropriate SKU to assign to each of the newly created Teachers and Students using the drop-down menus shown below. Each available SKU in your Office 365 tenant will be present in the list. After each user type is selected, choose Next.

    Select the Office 365 SKU assigned to teachers and students
  12. On the Options to Sync page, select the schools you want to sync using this profile under the Select schools to sync section.

    Select the names of the schools you want to sync
  13. Under the Select properties to sync section, select any optional attributes you would like to sync for each of the various object types. The required attributes are already selected by default under each object type. After you’ve added in any optional attribute you want to sync to Azure, choose Next.

    Select optional proprties to sync to Azure AD
  14. On the Summary page, choose Submit to create the profile.

    The sync process does some data validation before creating the profile. If there are any errors, you'll have to correct them and then wait for the next sync cycle. Sync cycles run every 10 minutes.

  15. After the sync profile is created, select the Enable Sync option to begin syncing the Clever source data to Azure AD.

After all user identities have been synced successfully for the profile, Profile Status changes to Success. If you need to create more profiles, for example, if you have users set up with different domains, repeat these steps for each profile.

Video: How to match source and target attributes for sync

For various examples of matching logic success and failure for sync, watch the Identity Matching video:

Identity Matric Matching video

Switching between sync methods

While you can successfully migrate from one sync method to another, we recommend maintaining the sync method initially deployed indefinitely, due to the difficulty associated with maintaining source anchor values through the switch between sync methods. A source anchor is the attribute SDS uses to identify a synced object in both the source and target directory after the initial sync. This source anchor must always be unique, and must never be changed throughout the lifetime of the synced object.

When an organization enables sync, there are 5 objects types that synchronize through School Data Sync. SDS synchronizes Schools, Sections, Students, Teachers, and Rosters. Once an object is successfully synchronized, SDS must keep the object in sync, to continue to synchronize object attribute level updates from the source directory (CSV, Clever, or PowerSchool) to the target directory (Azure AD). The objects types and their corresponding source anchor attributes are detailed below:

Object Type

Source Anchor Attribute (PowerSchool)

Source Anchor Attribute (Clever)

Source Anchor Attribute (CSV)

School

SIS ID

Clever ID

SIS ID

Section

SIS ID

Clever ID

SIS ID

Teacher

SIS ID

Clever ID

SIS ID

Student

SIS ID

Clever ID

SIS ID

Roster

SIS ID (Section) and SIS ID (User)

Clever ID (Section) and Clever ID (User)

Section SIS ID and SIS ID (User)

Once the source anchor is established upon the initial sync, it cannot be changed for the lifetime of the object. This concept is critical if you are considering switching between sync methods. When transitioning from one SDS sync method to another, the source anchor value must always be persisted, to continue to sync each object under the new sync method. Any deviation or change from the original source anchor value will result in objects failing to sync, and the resultant impact is users are unable to access Microsoft Classroom services dependent upon sync.

Transitioning from Clever Sync or PowerSchool Sync to the CSV File method is generally more feasible, as you can manually manipulate the CSV values for each source anchor attribute, to facilitate the transition. Migrating from CSV Sync to PowerSchool or Clever sync method however is generally much more difficult, as the source anchor attributes in these systems cannot be managed or manipulated to accommodate sync and the source anchor attribute persistence required for SDS to keep syncing objects after the switch.

See Also

Overview of School Data Sync and Classroom

Install the School Data Sync Toolkit

CSV files for School Data Sync

How to deploy School Data Sync by using CSV files

How to deploy School Data Sync by using PowerSchool Sync

How to deploy School Data Sync by using OneRoster CSV files

School Data Sync errors and troubleshooting

Share Facebook Facebook Twitter Twitter Email Email

Was this information helpful?

Great! Any other feedback?

How can we improve it?

Thank you for your feedback!

×