PowerSchool ERP supports single sign-on (SSO) authentication for administrative users and teachers using PowerSchool SIS.
- PowerSchool ERP version 126.96.36.199 and later.
- PowerSchool SIS v188.8.131.52 or higher.
- PowerSchool SIS and PowerSchool ERP are integrated.
- All users who need to sign in to PowerSchool ERP and Employee Access Center must also be defined in PowerSchool SIS.
The SSO Identifier field in PowerSchool ERP must store the linked account information in the format of $SISURL/uri/admin/$Account DCID where $SISURL represents the school district's URL for PowerSchool SIS, admin represents the persona, and Account DCID represents the user's unique ID in the PowerSchool SIS. For example
Set up Single Sign-On
This procedure is an overview of the steps involved in setting up single sign-on.
- Contact PowerSchool to start setting up SSO.
- PowerSchool provides the plugin to set up SSO for PowerSchool ERP.
- Install and enable the plugin in PowerSchool SIS. To install the plugin, navigate to System > System Settings > Plugin Management Configuration.
- Map your user accounts to the global ID you are using from the identity provider using the SSO Identifier field. First export a spreadsheet of user accounts by running the Export Users for SSO. Update the spreadsheet to enter the user's unique identifier. Then, use the Import Global Users utility to map the data file and upload values to the GLOBAL_USER_SSO_MAPPING table to assign the SSO Identifier values for users.
- Retrieve the OAuth credentials from the PowerSchool ERP plugin from PowerSchool SIS. The required credentials are:
- Client ID
- Client Secret
- SIS URL
- Configure and enable SSO for PowerSchool ERP. The application server will need to be restarted after SSO is enabled.
- For districts that run eSchoolPlus on Cloud, contact PowerSchool to enable SSO. Provide the required credential information you recorded. Do not include the client ID and secret in one email.
- For districts that run PowerSchool ERP on premise, use Environment Maintenance to define the AppSwitcher SSO Settings. Refer to the Single Sign-On help topic in the PowerSchool ERP System Administration help.
Manage OAuth Credentials for PowerSchool ERP from PowerSchool SIS
- In PowerSchool SIS, select System > System Settings > Plugin Management Configuration.
- Locate the Subscription Manager plugin.
- Ensure the plugin is enabled.
- Click on Subscription Manager.
- To retrieve the OAuth credentials, click on Data Provider Configuration.
- Highlight and copy the Client ID.
- Highlight and copy the Client Secret.
- Copy the SIS URL from the address bar. For example, highlight and copy the SIS URL (e.g., https://powerschool.district.com).
Frequently Asked Questions
When a user logs out, are they logged out of the identity provider?
Single sign-out is not supported at this time. Users are not signed out of the identity provider or other PowerSchool products when they sign out. Refer users to the appropriate location to sign out of the identity provider.