Single Sign-On (SSO)
This page describes setups and functionality for using Single Sign-On (SSO) for PowerSchool ERP and related applications.
SSO Configuration
Follow the procedures below to complete the configuration for SSO. Also, complete steps to assign SSO Identifiers to users.
Add PowerSchool District GUID
- Click the circle with your initials in the toolbar.
Select Environment Maintenance.
Only specific users will have permission for this menu.- Select the Business Entity that needs to be SSO enabled.
- In the Additional Links panel, select AppSwitcher SSO Setup.
- On the PowerSchool District GUID page, select Add to add a new GUID.
- Complete the fields on the Single Sign-On Setup page and select Save.
Fields need to be completed for PowerSchool ERP and for each application that needs to be configured for SSO.
Fields
PowerSchool District GUID Configuration
PowerSchool District Application GUID | Character string is provided by PowerSchool. |
Environment | Enter the Environment type: Test, Production, or other type used by the district |
Single Sign-On Configuration
Identity Provider Name | Enter one of the following as used by the district:
|
Claim Identifier | Enter the applicable identifiers for Single Sign-On services, matched to the Identity Provider Name:
|
Identity Provider URL | Enter one of the following URLs, matched to the Identity Provider Name:
|
Identity Provider Scopes | This field automatically populates with openid, email, or profile. Do not edit. |
PowerSchool ERP IDP Credentials
Client ID | Enter Client ID provided by the identity provider. |
Client Secret | Enter the Client Secret provided by the identity provider. |
Core Redirect URI | Enter one of the following URLs, matched to the Identity Provider Name:
On the URLs above, enter your PowerSchool District Application GUID in the URL part labeled <PS GUID>. |
Employee Access Center IDP Credentials
Client ID | Enter Client ID provided by the identity provider. |
Client Secret | Enter the Client Secret provided by the identity provider. |
EAC Redirect URI | Enter one of the following URLs, matched to the Identity Provider Name:
On the URLs above, enter your PowerSchool District Application GUID in the URL part labeled <PS GUID>. |
Employee Timesheet IDP Credentials
Client ID | Enter Client ID provided by the identity provider. |
Client Secret | Enter the Client Secret provided by the identity provider. |
ETS Redirect URI | Enter one of the following URLs, matched to the Identity Provider Name:
On the URLs above, enter your PowerSchool District Application GUID in the URL part labeled <PS GUID>. |
Cognos IDP Credentials
Client ID | Enter Client ID provided by the identity provider. |
Client Secret | Enter the Client Secret provided by the identity provider. |
ETS Redirect URI | Enter the URL provided by Cognos. |
Vendor Punchout IDP Credentials
Client ID | Enter Client ID provided by the identity provider. |
Client Secret | Enter the Client Secret provided by the identity provider. |
VPO Redirect URI | Enter one of the following URLs, matched to the Identity Provider Name:
On the URLs above, enter your PowerSchool District Application GUID in the URL part labeled <PS GUID>. |
Enable Single Sign On for a Profile
- Click the circle with your initials in the toolbar.
Select Environment Maintenance.
- Select a Business Entity.
- Select the profile that needs to be SSO enabled.
On the Profile Details page, select the Enable Single Sign-On checkbox for the applications for which you want to use SSO.
Cognos uses SSO if SSO is enabled for PowerSchool ERP.- Select the PowerSchool District Application GUID for the profile.
- Select Save.