Single sign-on authentication for administrative users is supported for Unified Talent Applicant Tracking Enterprise using an external identity provider, such as Google or Microsoft.
The following scopes are requested as part of this authentication: openid (indicates that the application is using OIDC), profile (user's information), email.
- The identity provider must be supported. The certified identity providers are Microsoft and Google.
- Support for the OIDC standard. Mobile Apps require Authorization Code PKCE Flow support.
- User accounts must be provisioned for the identity provider.
- The Global ID field in Applicant Tracking Enterprise must match the selected Claim from the identity provider.
Set up Single Sign-On
This procedure is an overview of the steps involved in setting up single sign-on.
- Contact PowerSchool to start setting up SSO.
- PowerSchool will map your user accounts to the global ID you are using with the identity provider.
- PowerSchool will provide the Redirect URI for the application.
- In the identity provider, add the application registration and configure the OIDC application.
- Record the following information as you register the application:
- Client ID
- Client Secret
- Claim used for the Global ID
- Send the information for the application to the PowerSchool Implementation or Support team member so they can configure and enable SSO. Do not include the client ID and client secret in the same email.
- The PowerSchool team member will send you the URL for SSO. Distribute the URL to users so they can start using SSO.
Frequently Asked Questions
When a user signs out, are they signed out of the identity provider?
Single sign-out is not supported at this time. Users are not signed out of the identity provider or other PowerSchool products when they sign out. Refer users to the appropriate location to sign out of the identity provider.