Click this link to go to PowerSchool's instructions.
...
On the start page within the PowerSchool SIS Admin portal, choose System Management in the left-hand menu.
System Management will open, and select Security.
Click OIDC Authentication.
Select Add.
In the user dropdown select the user type you want. If all three options are needed repeat steps 5 - 10 for each user dropdown.
Enter https://accounts.google.com for the IDP URL.
Enter the client ID and client secret that was received from Google Cloud during Part 2: Configure the Google Web App.
Enter openid email for the Scopes field.
For Authentication ID / Identifying Claim, enter email.
Check the Enable OIDC Authentication for the personas you need.
Click Submit.
...
On the start page within the PowerSchool SIS Admin portal, choose Data and Reporting in the left-hand menu.
Data and Reporting will open, then select Export.
Under Export click Data Export Manager.
In the Select Columns to Export section:
Choose PowerSchool Data Sets as the Category.
Choose one of the following from Export From. **Note - You will need to run this multiple times if you need to export all users.**
**To get all of your Staff and Teachers you need to run both the Staff Mapping and Teacher Mapping**SSO Staff Mapping
SSO Teacher Mapping
SSO Parent Mapping
SSO Student Mapping
Select the columns to export, it is helpful to also include email or first and last name so it is easier to identify the user in the CSV file.
For Staff and Teacher, User DCID, SSO User Type, Global Identifier are required.
For Parent, Person ID, SSO User Type, Global Identifier are required.
For Student, Student DCID, SSO User Type, Global Identifier are required.
Click Next.
In the Select/Edit Records section, you can use the Built In Filters to narrow the list of records to export, then click Next.
In the Export Summary and Output Options section:
Change the Export File Name extension from .txt to .csv.
Choose Comma as the Field Delimiter.
Choose UTF-8 as the Character Set.
Click Export.
...
Step 6: Test SSO for Personas
**update URLs shared with teachers and staff. you no longer need pw.html https://nwoesc.ps.nwoca.org/teachers/pw.html
After mapping the users from the identity provider to the PowerSchool SIS, test the SSO connection between your identity provider and the PowerSchool SIS as the service provider. To test a persona, enable OIDC authentication and then verify that you can sign in tothe respective portal. Be sure to test each persona in another browser or using an incognito window before ending your current session.
Enabling OIDC authentication for users without also defining Global Identifiers for users will prevent users from being able to sign in.
In PowerSchool SIS for Administrators, navigate to the OIDC Authentication page.
Select Enable OIDC Authentication for the persona you want to test. It is recommended that you first test teachers, then parents, then students, and finally staff.
Click OK.
Click Submit, but do not close the window.
Based on your Step 3 selection, choose the user you want to test.
Open a new private browser window.
Based on your Step 3 selection, enter the URL of your district's PowerSchool SIS Teacher, Student and Parent, or Admin portal and press ENTER or RETURN. The PowerSchool SIS portal should redirect to the IdP's sign-in page.
Sign in with the user's credentials. For teacher, parent, and student, if the PowerSchool SIS portal launches, the setup has been configured properly. For staff, if the PowerSchool SIS Admin portal launches and you are expelled from your first session, as you are only allowed one session at a time, the setup has been configured properly.
For parent, and student, open the PowerSchool Mobile app. Sign in with the user's credentials.
...