Set Up SAML SSO for Students with PowerSchool SIS as the IDP
With the help of a plugin, you can use the PowerSchool Student Information System (SIS) as an identity provider (IdP) to support Security Assertion Markup Language (SAML). The plugin is an XML file that describes the necessary details for a SAML connection, such as user attributes, Service Provider (SP) Uniform Resource Names (URNs), and more.
Ensure you have completed the steps to prepare SAML single sign-on (SSO) for students.
Save the plugin XML configuration table
Copy and save this XML code as Naviance-Student.xml to a location such as Documents or Desktop.
1 <?xml version="1.0" encoding="UTF-8"?>
2 <plugin xmlns="http://plugin.powerschool.pearson.com"
3 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
4 xsi:schemaLocation='http://plugin.powerschool.pearson.com plugin.xsd'
5 name="Naviance Student SSO"
6 version="1.0"
7 description="Access Naviance via PowerSchool SIS as a Student">
8 <identityAttribute>
9 <entity name="students" attribute="dcid" />
10 </identityAttribute>
11 <saml name="NavianceStudent"
12 entity-id="urn:auth0:hobsons:1000000DUS-student-saml-1"
13 metadata-url="https://accounts.naviance.com/samlp/metadata?connection=1000000DUS-student-saml-1"
14 base-url="https://id.naviance.com/"
15 spec-compliant="true">
16 <links>
17 <link display-text="Naviance Student" title=""
18 path="/samlsso?institutionId=1000000DUS@amp;userType=student">
19 <ui_contexts>
20 <ui_context id="student.header"/>
21 </ui_contexts>
22 </link>
23 </links>
24 </saml>
25 <publisher name="Yanming Zhu">
26 <contact email="yanming.zhu@powerschool.com" />
27 </publisher>
28 </plugin>
Identify the PowerSchool SIS SSO URL
To connect Naviance to the PowerSchool SIS, identify the Single sign-on bindings using this URL template.
https://powerschool.fakeschool.k12.us:443/powerschool-saml-sso/profile/SAML2/Redirect/SSO
Replace powerschool.fakeschool.k12.us with your PowerSchool SIS Public URL, such as powerschool.yourschool.org. Do not remove :443 from the URL
Download the PowerSchool SIS SSO certificate
From the Start Page, choose System under Setup in the Main Menu.
From Server, select System Settings.
Select Digital Certificate Management.
Select the Key Store tab, if needed.
In the List of Certificates with Private Key section, click Export for the PowerSchool certificate key pair you want to export.
PowerSchool recommends using the Default SAML Signing Certificate. However, you can use a different key pair.
The PowerSchool certificate is saved to your Downloads folder when exported.
Create the Naviance SAML connection
Navigate to the gear icon and select Setup.
Select Single Sign-On (SSO) Options.
Select Configure for SAML SSO.
Select Add SAML Connection.
From Step 1 Getting Started:
Enter Naviance PS SIS - Student in Create a Display Name for your SAML Connection.
Select Other from the Select a SAML Connection Type list.
Select Student from Select User Types for this Connection.
Select Next.
From Step 2 Copy Naviance Service Provider Information:
Copy your Entity ID to a text editor or other location for reference. This will be similar to urn:auth0:hobsons:1000000DUS-student-saml-1.
Select Next.
From Step 3 Enter IDP Information:
Enter everything after the @ in your student email addresses in Tenant Domain. For example, if students use LastFirst@fakeschool.k12.us, enter fakeschool.k12.us as the tenant domain.
Enter the PowerSchool SIS SSO URL from the previous sections in SSO URL.
Upload the PowerSchool SIS SSO certificate from the previous sections.
Select Advance Configuration.
Change Choose Federation Type to The NameID field in your IDP will be mapped to federationID field in Naviance.
Select Create Connection.
Select Connect Now.
Copy the Metadata URL to a text editor or other location for reference This will be similar to https://accounts.naviance.com/samlp/metadata?connection=1000000DUS-student-saml-1.
Configure the plugin XML file
Refer to the XML code at the beginning of this page.
Copy the Entity ID from Naviance and replace the placeholder "entity-id" on Line 12 of the Naviance-Student.xml
Copy the Metadata URL from Naviance and replace the placeholder "metadata-url" on Line 13 of the Naviance-Student.xml
Copy your Unique District ID, which is "1000000DUS" in the table, and replace "1000000DUS" after "institutionId=" on Line 18 of the Naviance-Student.xml
Do not remove or alter after the "&" for the rest of the line.
Save the file.
Install and configure the PowerSchool SIS plugin
Install and enable the plugin in the PowerSchool SIS.
Clients can refer to the PowerSchool SIS Administrator Help page for additional information on installing plugins to the PowerSchool SIS.
Select the Naviance Staff SSO from the Plugin List to view the configuration screen.
Select Single Sign-On Settings.
Change Single Sign-On Certificate to the PowerSchool SIS SSO Certificate from the previous sections.
Verify the Entity ID and Metadata URL contain your Unique District ID.
Select Save.
Verify access to Naviance Student
To verify the configuration was successful, test the connection with a test student account or ask a current student to log in to Naviance Student. The student must have their PowerSchool DCID set to the Federation ID Field in their Naviance student folder.
These locations should both be accessible via the PowerSchool SIS Authentication:
Direct from the Application Links Drawer in PowerSchool SIS.
From https://student.naviance.com/ via Student and then Continue with Single Sign-On.