Help

Power School OIDC

Moshe
Rookie

Power School OIDC

Good Day Everyone,

 

Am struggling to configure power school single sign-on (Open ID Connect), am configuring this through Azure Active Directory. the authentication process goes through but it lend to a PowerSchool page that says its unauthorized all the time

HTTP Status 401 – Unauthorized (powerschool.com)

 

Moshe_0-1629884289939.png

 

13 Replies
Moshe
Rookie

I have been trying to get in touch with support team for help with SSO, can I please get help from support team

MuskanS
Prodigy

Hi! @Moshe 

 

To provide better assistance, would you please share more details on the difficulties that you are experiencing with SSO?


Muskan Sehar

PowerSchool Community Moderator


Remember to give Kudos to suggestions that help you! If a suggestion solves your issue, please select Accept As Solution on the post so others can see the solution, too!
Community Moderator
Moshe
Rookie

@MuskanS Good Day,

 

Thanks for your response, I have configured Power School to use Open ID Connect through Azure Active Directory.

When a user go to our FQDN, they are redirected to a Microsoft logon page where they can authenticate using their O365 credentials.

 

It authenticate successfully, however instead of taking the user to PowerSchool after authenticating it then take them to an authorized page

BishalG
Ninja

Hi @Moshe 

 

Thank you for providing more details.

 

A common reason that can cause the HTTP 401 error is the mismatch of credentials between the Provider and PowerSchool SIS.

 

You can learn more about it here.

 

If you continue to face difficulty, please report the issue to a Designated Support Contact in the organization.  They can work with PowerSchool SIS support to determine the cause of the issue.



Bishal G.
PowerSchool Community Support Expert
Say Thanks by clicking the thumbs up icon in a post!
If a suggestion helps solve your issue, please select Accept As Solution on the post so others can see the solution, too!
TroyH1
Journeyman

Hi Moshe,

Did you ever get a resolution to this?  We are seeing this based on Google credentials using Cisco Duo as our authentication provider.

 

HTTP Status 401 – Unauthorized (powerschool.com)

 

TroyH1_0-1696953623123.png

 

 

Reshma
Community Support Expert
Community Support Expert

Hi @TroyH1,

 

I see that you are already working with support through a case and recommend continuing to work with them. I also would like to share these troubleshooting steps as well so that others can refer.

 

 

 

 



Reshma
PowerSchool Community Support Expert

Remember to give Kudos to suggestions that help you!
If another user helps solve your issue, please select Accept As Solution on their post so others can see the solution, too!
RolandP
Hobbyist

I ran into this issue and support showed me the solution in my case.

 

Find the teacher that is having this issue and click on their account. This should open a URL something like:

 

/admin/faculty/home.html?frm=1234

 

Change the URL to be the following by replacing frn= with mcr=

 

/admin/faculty/home.html?mcr=1234

 

This displays the teacher's record in the database. Check to make sure TeacherLDAPEnabled is set to 1. If it is set to 0, then use DDA to update the record and set TeacherLDAPEnabled to 1.

 

This solved the issue for me.

 

FranciscoV
Journeyman

Tks RolandP

I was facing the same problem but with Google. The cause of the problem Error 401 for Teachers , was the same. Just setting teacher field :TeacherLDAPEnabled =1 Fixed the error.

Thanks for share..!

KevinS11
PowerSchool Champion
PowerSchool Champion

I was so hopeful when I read this post.  We've been down for over a week since OS patching and a VM restart.  We've used OIDC with students and teachers for two years without issues until now.  I did discover that TeacherLDAPEnabled was set to 0 for our users, unfortunately changing it to 1 did not fix the issue in our case.

amandaw33
Journeyman

@KevinS11 

 

Did you find a fix for issue? suddenly we're seeing this as well - users can get on OK but after 2 hour timeout they get 401 error. So far the only way I've found to get them back on is to revoke MFA sessions so they get fresh sign in. It's like their 2 hour timeout PS pushes suddenly can't re-auth users properly and/or present sign in page.

WilliamG3
Journeyman

Kevin: did you find a solution? We just started experiencing this in October and came across your message. 

Moshe
Rookie

Am trying to authenticate power school through Azure Active Directory SSO, I don't know where to find the Signature hash key (SHA1) for android and Bundle Id for Ios

CindyOp
Community Support Expert
Community Support Expert

Hi @Moshe,

 

The setup directions for PowerSchool SIS using Azure as OIDC IDP should provide you with all the steps for the setup. Signature HASH keys should be exchanged in the app on OIDC handshake and be needed for the setup.

 

Hope this helps with your setup.


Did your issue get resolved? Please remember to give Kudos and/or select Accept As Solution on helpful posts to thank the author and help others find the solution.

Cindy
PowerSchool Community Support