Skip to main content
Skip table of contents

Tenant Information Window

There are two tenant types that can be defined. 

  • SSO / App Switcher - You can add multiple tenants of this type to specify the SSO and AppSwitcher settings.
  • PowerSchool Services - This tenant is used to connect to PowerSchool services such as the Data Exchange Cloud.

Different fields display based on the tenant type you are viewing.

SSO / App Switcher Tenants

On this window, define the tenant for the district, the identity provider, and/or the App Switcher ID. You must enter a Name and the Tenant ID. Then, you can enter SSO or App Switcher ID values. It is valid to use SSO without App Switcher, and vice versa.

An identity provider is a trusted provider that manages user credentials so you can use single sign-on (SSO) to access eSchoolPlus applications.

Note that tenant information is stored in the Task database. When you make changes to a Tenant record or to the Tenant selected for an application, you must open the configuration file on other servers so you can keep settings in synch. Refer to Define Tenants for Applications.



Enter a name that uniquely identifies the tenant for the school district. This value is used to select the tenant for an application on the District Information window and is included in the entry page URL for single sign on. Include text that identifies the school district. Avoid spaces and characters that would be encoded inside a URL. Required.

If this value is changed after the tenant is associated with an application, then a warning displays telling you that the tenant name will be modified for all district/applications where it is used. The entry page URL used for the district and application will also change as the name is part of the URL.

Identity ProviderSelect the identity provider. Other fields on this window will be populated with default values based on the selected identity provider. The valid options are: None, Google, Microsoft Azure, Microsoft AD FS, or Other.
Mobile "Sign in with" Friendly NameTo display a friendly name for the options users should use to sign in, enter the text to display. Otherwise, the value selected in the Identity Provider field displays.
Tenant ID

Unique identifier for the tenant. Required.

If you are configuring SSO with Microsoft, set this value to the GUID that can be found on the App Registration page on the Azure Active Directory portal.

Otherwise, It is recommended that you use a utility like to create a new tenant ID. This value must be unique across all tenants.


The URL to the identity provider. This URL is generated when configuring the identity provider. It must be a valid URL and must use HTTPS.

  • For Google, this is always:
  • For Microsof Azuret, this is<guid>/v2.0 where <guid> is the "Directory (tenant) ID configured in Azure Active Directory.

To validate the URL, a call is made to the following endpoint of the entered URL to verify the identity provider can be reached: .well-known/openid-configuration

Global ID Claim

Enter the claim name that identifies the user within the identity provider.

  • For Google, the claim name is "email"
  • For Microsoft Azure, the claim name is "oid"

After a user is signed in with the identity provider and is authorized to access the application, the identity provider will provide a list of claims that contain data associated with the user (for example, first name, last name, email). One of the claims identifies the user within the identity provider. In eSchoolPlus, this is referred to as the user's Global ID.


Enter the list of scopes required when redirecting a user to an identity provider for authorization. Separate the list of scopes with a single space. This list of scopes must include the following items as a minimum openid, profile, and email.

Web Application

If you entered identity provider values in the fields above, you must enter a Client ID and Client Secret for Web Application.

Client IDEnter the Client ID or Application ID generated by your identity provider for the application. To allow users to log in using an identity provider, you have to register the application. The process to register the application varies based on the identity provider. During the process, the identity provider will generate a unique identifier, usually called Client ID or an Application ID.
Client SecretEnter the Client Secret generated by your identity provider. This value is required to complete the process for authorizing access to applications.

Native Applications

The fields in this sub-section only need to be completed if the district uses one of the eSchoolPlus mobile apps or the Master Schedule Whiteboard. For these applications, you need to register a "public" application with the identity provider. "Public" applications are required because of their inability to effectively secure a client secret. 

Client IDEnter the Client ID generated by your identity provider for the public application.
Client SecretEnter the Client Secret generated by your identity provider for the public application. If Microsoft is the identity provider, leave this field blank as Microsoft does not provide a client secret when registering for a public application.
Redirect URI

Enter URI that the Identity Provider's authorization endpoint shall redirect to once the authorization is completed. When a Client ID is entered, the Redirect URI defaults based on format for the selected identity provider.

This field is not applicable to the Whiteboard.

Whiteboard Port RangeThe port range to use when Whiteboard authenticates a user with the identity provider.

App Switcher

In this section, enter the Client GUID generated for the district in PowerSchool's District Client Setup for the administrator and teacher personas. For district administrators who manage the District Configuration Utility, this information must be provided by PowerSchool.

You can configure either one client or use two separate clients (one for administrators and another for teachers). Enter the appropriate Client GUID in the App Switcher ID field for the persona.

PowerSchool Services Tenant

The PowerSchool Services tenant is currently used to set up a connection to the Data Exchange Cloud which is only supported for Delaware.

For the PowerSchool Services tenant, the values in the General section are pre-populated and should not be changed. 

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.