PowerSchool ERP System Administration
PowerSchool ERP System Administration
Breadcrumbs

Multi-Factor Authentication (MFA) - Prerequisites

Ensure that the following prerequisites are met:

  • Ensure that your environment is running on one of the following PowerSchool ERP versions:

    • Version 23.10.31.0 or newer

    • Version 25.7.10.0 or newer

  • Ensure that your environment supports Simple Mail Transfer Protocol (SMTP).

  • Ensure that SSO is not currently enabled for the module or profile where you plan to enable MFA.

Email Address Requirements

Since MFA codes are delivered by email, users need the correct email address on file, and it must be working.

  • For active employees, a valid email ID must be present in the Email field on the Employment tab of the Employee Information page.

  • For previous employees accessing the Employee Access Center (EAC), a valid email ID must be present in the Personal Email field on the Employment tab of the Employee Information page.

If the user's email field is empty or missing when they reach the MFA verification page, the system displays the following message: "The Multi-Factor Authentication process cannot be completed at this time. The current user does not have an email address associated with their account in the [profile name] database. Please contact your district help desk for assistance."

Simple Mail Transfer Protocol (SMTP) Configuration

MFA depends on outbound email to deliver verification codes. SMTP handling depends on whether your district is Cloud-Hosted or On-Premises:

Cloud-Hosted Customers

Cloud-Hosted customers do not have direct access to Environment Maintenance. If any configuration changes are needed, including SMTP setup, contact PowerSchool Support for assistance.

On-Premises Customers

On-Premises customers can configure SMTP directly. There are two ways to set this up, depending on your district's needs:

One SMTP Server for All Business Entities

If all your Business Entities use the same outbound mail server, you need to configure it only once.

  1. Click the circle with your initials in the toolbar. Select Environment Maintenance.

  2. In the Other Catalog Information section, select SMTP Configuration.

  3. Refer to the Field descriptions and enter valid SMTP settings.

  4. Select Save.

Any Business Entity without its own SMTP configuration will automatically use these global settings.

Different SMTP Servers for Specific Business Entities

If certain Business Entities need their own outbound mail server, configure them individually.

  1. Click the circle with your initials in the toolbar. Select Environment Maintenance.

  2. In the Business Entities section, select an entity.

  3. In the Additional Links section, select SMTP Configurations.

  4. Refer to the Field descriptions and enter valid SMTP settings.

  5. Select Save.

  6. Repeat these steps for other entities that need their own configuration.

You can use both options together. Set up global SMTP as the default, then configure per-entity SMTP only for entities that require different configurations. Any entity without its own SMTP settings will automatically fall back to the global configuration.

Field descriptions

The following table describes the fields on the SMTP Configuration page.

Field

Description

Use Local Host

Indicates whether to route outgoing email through the local server rather than an external SMTP server.

When selected, the Server Address, Server Port, Use SSL, Login ID, Login Domain, and Password fields are not enabled.

The application automatically uses the local machine name and port 25.

Server Address

The hostname or IP address of the external SMTP mail server used to send system emails.

This field is not enabled when Use Local Host is selected.

Server Port

The port number on which the SMTP server accepts connections.

Common values:

  • 25 (standard SMTP)

  • 465 (SSL)

  • 587 (TLS)

Must not be 0 when a Server Address is entered.

This field is not enabled when Use Local Host is selected.

Use SSL

Indicates whether to use SSL/TLS encryption for the connection to the SMTP server.

This field is not enabled when Use Local Host is selected.

Login ID

The username used to authenticate with the SMTP server.

Leave this field blank if the SMTP server does not require authentication.

This field is not enabled when Use Local Host is selected.

Login Domain

The domain name used for SMTP authentication, if required by the mail server.

This field is not enabled when Use Local Host is selected.

Password

The password associated with the Login ID for SMTP authentication.

This field is not enabled when Use Local Host is selected.

Use Generic From

Indicates whether to send all outgoing system emails from a single shared sender address instead of individual user email addresses.

When selected, the Generic From Address, Generic From Name, and Generic Reply Allowed fields are enabled.

Generic From Address

The email address that appears in the From field of all outgoing system emails when Use Generic From is selected.

Must be a valid email address.

This field is enabled when Use Generic From is selected.

Generic From Name

The display name that appears alongside the Generic From Address in the From field of outgoing emails (for example, PowerSchool ERP Notifications).

This field is enabled when Use Generic From is selected.

Generic Reply Allowed

Indicates whether recipients are allowed to reply to outgoing system emails sent from the Generic From Address.

When not selected, outgoing emails are sent as no-reply.

This field is enabled when Use Generic From is selected.