Skip to main content
Skip table of contents

Multi-Factor Authentication for PowerSchool SIS

PowerSchool SIS supports Multi-Factor Authentication (MFA) using a Time-Based One-Time Password (TOTP) for Administrators and Teachers when PowerSchool SIS is the Identity Provider (IdP) or when LDAP is in use on PowerSchool SIS versions 25.12.0.0 and higher.

  • Administrators and Teachers can enroll in MFA from their Manage Profile page which can be accessed by clicking the circle icon in the header with the users' initials. This is an optional enrollment.

  • Once an Administrator or Teacher enrolls in MFA they will be prompted to enter their MFA TOTP as part of each login.

  • Administrators can use the AdminMFAEnabled and TeacherMFAEnabled staff searches to determine who has or hasn't setup MFA. These searches can be used to help ensure compliance of district policies.

  • Administrators can disable MFA for a user from the Account Access and Affiliations and Admin Access and Roles pages if they have access to the page. An Administrator disabling MFA for a user will need to provide their TOTP code to prevent accidental disabling of a user's MFA. This allows for Administrators to reset a user's MFA in the event of a lost device.

  • The MFA enrollment options on the Manage Profile page can be hidden using settings on the System Security Settings page. Users who may have already setup MFA will continue to be required to use MFA on login.

TOTP depends on the PowerSchool SIS server time being aligned with a Network Time Protocol (NTP) server, which is aligned with an atomic clock.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close