Skip to main content
Skip table of contents

Enrollment Single Sign-on with PowerSchool SIS as IdP

Enrollment supports single sign-on (SSO) authentication for administrative users using PowerSchool SIS as an OpenID 2.0 provider.

Users can self-register their Enrollment account from PowerSchool SIS. The first time they attempt to access Enrollment from the AppSwitcher or Applications tray in PowerSchool SIS, the user will be prompted to sign in to Enrollment. After they sign in with their Enrollment credentials, those credentials are linked to the user's PowerSchool account.

Prerequisites

  • PowerSchool SIS v20.4.0.0 or higher.
  • PowerSchool SIS and Enrollment are integrated.

  • The Global Identifier field in Enrollment must store the linked account information in the format of $SISURL/oid/admin/$Account DCID where $SISURL represents the school district's URL for PowerSchool SIS, admin represents the persona, and Account DCID represents the user's unique ID in the PowerSchool SIS. For example https://powerschool.district.com/oid/admin/12345.  When users self-register for Enrollment from PowerSchool SIS, their Enrollment global identifier is updated.

Set up Single Sign-On

This procedure is an overview of the steps involved in setting up single sign-on.  

  1. Contact PowerSchool to start setting up SSO. 
  2. PowerSchool provides the plugin to set up SSO for Enrollment. Note that there are different plugins for Canada and the United States.
  3. Install and enable the plugin in PowerSchool SIS. To install the plugin, navigate to System > System Settings > Plugin Management Configuration.
  4. Retrieve the OAuth credentials for the API from PowerSchool SIS. The required credentials are:
    • Client ID
    • Client Secret
    • SIS URL
  5. Send the information for the application to the PowerSchool Implementation or Support team member so they can configure and enable SSO. Do not include the client ID and client secret in the same email.
  6. PowerSchool enables external API Configuration with Admin SSO and configures PowerSchool SIS as the identity provider. 
  7. The PowerSchool team member will send you the URL for SSO. Distribute the URL to users so they can start using SSO.

Retrieve OAuth Credentials from PowerSchool SIS

  1. In PowerSchool SIS, select System > System Settings > Plugin Management Configuration.
  2. Locate the PowerSchool Registration Signature plugin.
  3. Ensure the plugin is enabled.
  4. Click on PowerSchool Registration Signature.
  5. Click on Data Provider Configuration.
    1. Highlight and copy the Client ID.
    2. Highlight and copy the Client Secret.
  6. Copy the SIS URL from the address bar. For example, highlight and copy the SIS URL (e.g., https://powerschool.district.com).

Frequently Asked Questions

When a user logs out, are they logged out of the identity provider?

Single sign-out is not supported at this time. Users are not signed out of the identity provider or other PowerSchool products when they sign out. Refer users to the appropriate location to sign out of the identity provider. 


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close