How to deploy School Data Sync by using PowerSchool Sync

How to deploy School Data Sync by using PowerSchool Sync


Applies To: Office 365 Admin

Note: This topic is pre-release documentation and is subject to change in future releases.

PowerSchool is a Student Information System (SIS) provider that integrates with School Data Sync (SDS) and Classroom in Office 365. Using the PowerSchool sync method lets you avoid compiling a set of CSV files and manually extracting the data from the SIS databases.

To set up the integration, you sign in to Office 365 and set up a profile using School Data Sync. Then, based on the information in the profile, Office 365 makes a direct connection to the SIS databases using the REST based APIs provided by the PowerSchool SIS System.

In this topic:  

Prerequisites

Before you start synchronizing with SDS using CSV Import, read the Overview of School Data Sync and Classroom and make sure you meet the following prerequisites:

  • Your Office 365 tenant must be an Office 365 Education tenant.

  • Synced identities must be licensed for SharePoint Online and Exchange Online. Skype for Business licenses aren't required. Note that OneDrive for Business is provided through the SharePoint Online license.

    If a student or teacher doesn't have the required licenses in Office 365, School Data Sync will still create their profile, but Classroom will not finish provisioning properly for them for any apps they aren't licensed to use.

  • The attributes in your PowerSchool SIS marked for sync must not contain any characters shown in this list of invalid characters.

Before you create the profile to connect to the SIS databases with PowerSchool School Data Sync, you also need to complete the following initial setup.

Install the REST API plugin for PowerSchool

Before Microsoft School Data Sync can access data from your PowerSchool server, you have to install an application plugin on the PowerSchool server and obtain OAuth credentials by following these steps.

  1. On your local computer, create an XML plugin installation file with following content, and save the file as “plugin.xml”.

    <?xml version="1.0" encoding="UTF-8"?>
    <plugin xmlns="http://plugin.powerschool.pearson.com"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation='http://plugin.powerschool.pearson.com plugin.xsd'
    name="Microsoft School Data Sync"
    version="1.0.0"
    description="Plugin for PowerSchool REST API for Microsoft SDS">
    <oauth></oauth>
    <publisher name="Microsoft Corp.">
    <contact email="sis@microsoft.com" />
    </publisher>
    </plugin>
  2. Sign in to the PowerSchool admin portal website using your System Administrator credentials.

  3. On the start page, choose System from the main menu, then go to System Settings > Plugin Management Configuration > Install.

  4. Enter or select the plugin installation file you just created (plugin.xml), and then choose Install.

    The plugin will appear in the Installed Plugins section on the Plugin Management Dashboard page. Make sure the Plugin is Enabled. If it is not, choose the Enable option on the Plugin Management Dashboard page.

    On the Plugin Management Dashboard page make sure that the plugin is enabled
  5. Choose Data Configuration to view the OAuth credentials that were generated for the plugin:

    Choose Data Configuration to view the OAuth credentials for the plugin
  6. Record the values for the Client ID and Secret so you can enter these credentials when you create your School Information Sync profile.

Make sure the REST endpoints are Internet-accessible

Microsoft School Data Sync must be able to reach your school’s PowerSchool server. To make sure the server is accessible, open ports 80 and 443 from the Internet to your PowerSchool server.

To validate that the endpoints are set correctly, check that you can open the PowerSchool server website pages from the Internet. For example, in your browser, navigate to: https://partner12.powerschool.com/public/ and http://partner12.powerschool.com/public/.

Make sure your Office 365 Azure Active Directory is whitelisted

Microsoft School Data Sync is currently in beta testing, so we are providing access to only a limited set of customers. We do this by whitelisting (allowing access for) your school’s Office 365 Azure Active Directory tenant. If your tenant is not already whitelisted, please check with your business or engineering team contact from Microsoft.

About AADConnect deployment warnings

If you are configuring School Data Sync for a tenant which is synchronized from On Premise Active Directory through AADConnect, you may notice an increase in the number of Disconnectors shown in your miisclient. This is a result of Office 365 Group being unable to synchronize back to the AADConnect Metaverse and On Premise Active Directory. These warnings do not have any negative impact on your current AADConnect deployment, and only provide an informational note on the resultant sync failure. You should expect these warnings in AADConnect after enabling sync in SDS, as one O365 Group is created for each class synchronized through SDS.

Synchronize your users by using the PowerSchool import method

Watch the video: Deploy School Data Sync

After you've installed the plugin and set up access, create a profile in Microsoft School Data Sync to synchronize your users information. The steps here will work for most scenarios. (There are some more unusual cases which will need different setup steps, so if your situation doesn't work with these steps, work with your Microsoft contact.)

To synchronize your users
  1. In your web browser, go to sds.microsoft.com and then enter the global admin credentials for your Office 365 Education tenant.

  2. If it's your first time logging in and setting up a profile, choose Set up School Data Sync to create your first sync profile.

    Choose Set up SIS Sync

    Or if you've already completed School Data Sync setup, choose Add Profile to create an additional sync profile.

    Choose Add Profile
  3. Type a profile name in the Enter a name for your profile box.

    Enter a name for your profile
  4. In the Data extraction options section, select PowerSchool API in the drop-down.

    Select PowerSchool API from the Select data source drop-down
  5. In the PowerSchool Connection Details section, enter the appropriate values for you SIS web access URL, client id, and the client secret. Refer to the Pre-requisites section of this article for instructions for obtaining the appropriate values.

    Enter information for PowerSchool connection details
  6. Once the appropriate values are added, choose Test connection to validate connectivity to the SIS.

    Choose test connection to validate connectivity
  7. Once connectivity to the SIS has been verified, select either the Create new users or the Sync existing users radio button.

    Choose either Create new users or Sync existing users
    • Create new users Select this option if you are not syncing identities from your on premise Active Directory, or the users in scope for sync are not created within Azure AD already. This option will create new user accounts for the students and teachers in PowerSchool, in scope for this sync profile. The scope of users from the SIS will be determined on the following page.

    • Sync existing users Select this option if you are syncing identities from your on premise Active Directory, or the users in scope for sync are already created in Azure AD. This option will not create new user accounts for students and teachers in PowerSchool, in scope for this sync profile. The scope of users from the SIS will be determined on the following page.

  8. If you selected the Create new users option, skip this step. If you selected the Sync existing users option, select the appropriate Students and Teachers Identity match options from the available drop-down menu. This is where you must define how to match students and teachers in PowerSchool to the user account in Azure AD.

    • Identity Matching Options - Students

      Identity matching options for students

      Select source property this drop-down menu allows you to select the source property within PowerSchool to be used for Identity Matching. Watch the Identity Matching video to review how source, target, and append domain matching logic works, to help determine the appropriate value to select.

      • Secondary Email optional attribute field which can be included for sync and may also be used for identity matching. The appropriate formatting for this attribute is a string of alpha numeric characters with no spaces or invalid special characters, followed by an @ symbol, followed by a domain suffix (i.e. JohnSmith@contoso.com).

      • Student Number optional attribute field which can be included for sync and also may be used for identity matching. The appropriate formatting for this attribute is a string of alpha numeric characters with no spaces or invalid special characters (i.e. 1234567).

      • Username required attribute field which must be included for sync and can be used for identity matching. The appropriate formatting for this attribute is either a string of alpha numeric characters with no spaces or invalid special characters (i.e. JohnSmith), or could also be included as a string of alpha numeric characters with no spaces or invalid special characters, followed by an @ symbol, followed by a domain suffix. (i.e. JohnSmith@contoso.com).

      Select suffix this drop-down menu allows you to append a domain suffix to the source property in PowerSchool, if needed to complete your identity matching plan. It will not actually modify the source value in PowerSchool, just append the value being attempted during the SDS match process. This menu also allows you to select the No Suffix Needed option if the source attribute already contains the required domain suffix (i.e. Username with domain suffix included) or the target attribute value does not include a domain suffix (i.e. mailNickname). Each domain added to the Office 365 tenant will be displayed in the dropdown menu as an available choice, in addition to the No Suffix Needed option previously mentioned. Watch the Identity Matching video to review how source, target, and append domain matching logic works, to help determine the appropriate value to select.

      Select target property this drop-down menu allows you to select the target property within Azure AD to be used for Identity Matching.

      • UserPrincipalName the logon name for the user. The appropriate formatting for this attribute is a string of alpha numeric characters with no spaces or invalid special characters, followed by an @ symbol, followed by a domain suffix (i.e. JohnSmith@contoso.com).

      • Mail the PrimarySMTPAddress of the user. The appropriate formatting for this attribute is a string of alpha numeric characters with no spaces or invalid special characters, followed by an @ symbol, followed by a domain suffix (i.e. JohnSmith@contoso.com). While it is suggested, this attribute is not always the same as the UserPrincipalName attribute.

      • mailNickname the Exchange Alias of the user. The appropriate formatting for this attribute is a string of alpha numeric characters with no spaces or invalid special characters (i.e. 1234567). While it is recommended, this value is not always unique, so be cautious in selecting this attribute for identity matching and ensure you are always matching to a unique target value.

      Student Identity Matching Matrix:

      In order to match source and target identities, you must select one value from the 3 choices available in the Select Source drop-down menu, and then define which of the 3 available target attributes in the Select Target drop-down menu will be an exact match. It is also possible that the source attribute only matches a portion of the target attribute, and requires a domain suffix to be appended to complete the matching logic (i.e. JohnSmith source attribute + @contoso.com domain suffix = a match with JohnSmith@contoso.com target attribute).

      For various examples of matching logic success and failure for sync, watch the Identity Matching video.

    • Identity Matching Options - Teachers

      Identity matching options for teachers drop-down

      Select source property this drop-down menu allows you to select the source property within PowerSchool to be used for Identity Matching. Watch the Identity Matching video to review how source, target, and append domain matching logic works, to help determine the appropriate value to select.

      • Secondary Email optional attribute field which can be included for sync and may also be used for identity matching. The appropriate formatting for this attribute is a string of alpha numeric characters with no spaces or invalid special characters, followed by an @ symbol, followed by a domain suffix (i.e. JohnSmith@contoso.com).

      • Teacher Number optional attribute field which can be included for sync and also may be used for identity matching. The appropriate formatting for this attribute is a string of alpha numeric characters with no spaces or invalid special characters (i.e. 1234567).

      • Username required attribute field which must be included for sync and can be used for identity matching. The appropriate formatting for this attribute is either a string of alpha numeric characters with no spaces or invalid special characters (i.e. JohnSmith), or could also be included as a string of alpha numeric characters with no spaces or invalid special characters, followed by an @ symbol, followed by a domain suffix. (i.e. JohnSmith@contoso.com).

      Select suffix this drop-down menu allows you to append a domain suffix to the source property contained within PowerSchool, if needed to complete your identity matching plan. It will not actually modify the source value in PowerSchool, just append the value being attempted during the SDS match process. This menu also allows you to select the No Suffix Needed option if the source attribute already contains the required domain suffix (i.e. Username with domain suffix included) or the target attribute value does not include a domain suffix (i.e. mailNickname). Each domain added to the Office 365 tenant will be displayed in the dropdown menu as an available choice, in addition to the No Suffix Needed option previously mentioned. Watch the Identity Matching video to review how source, target, and append domain matching logic works, to help determine the appropriate value to select.

      Select target property this dropdown menu allows you to select the target property within Azure AD to be used for Identity Matching. Watch the Identity Matching video to review how source, target, and append suffix matching logic works, to help determine the appropriate value to select.

      • UserPrincipalName the logon name for the user. The appropriate formatting for this attribute is a string of alpha numeric characters with no spaces or invalid special characters, followed by an @ symbol, followed by a domain suffix (i.e. JohnSmith@contoso.com).

      • Mail the PrimarySMTPAddress of the user. The appropriate formatting for this attribute is a string of alpha numeric characters with no spaces or invalid special characters, followed by an @ symbol, followed by a domain suffix (i.e. JohnSmith@contoso.com). While it is suggested, this attribute is not always the same as the UserPrincipalName attribute.

      • mailNickname the Exchange Alias of the user. The appropriate formatting for this attribute is a string of alpha numeric characters with no spaces or invalid special characters (i.e. 1234567). While it is recommended, this value is not always unique, so be cautious in selecting this attribute for identity matching and ensure you are always matching to a unique target value.

      Teacher Identity Matching Matrix:

      In order to match source and target identities, you must select one value from the 3 choices available in the Select Source drop-down menu, and then define which of the 3 available target attributes in the Select Target drop-down menu will be an exact match. It is also possible that the source attribute only matches a portion of the target attribute, and requires a domain suffix to be appended to complete the matching logic (i.e. JohnSmith source attribute + @contoso.com domain suffix = a match with JohnSmith@contoso.com target attribute). Watch the Identity Matching video for various examples of matching logic success and failure for sync.

  9. Once the Profile Name, Data Extraction Options, and Identity Matching Options are set in place, choose Next.

  10. On the Directory Options page, select the appropriate domain for each drop down list available. If you selected the Sync existing users option in step 7, you will only need to select the appropriate domain for Schools and Sections, since all existing students and teachers already have domains associated with their respective user accounts. This domain will be used as the domain suffix for the Office 365 Group created for each section, unless policy is in place to override this domain setting.

    Directory options when syncing existing users

    If you selected the Create new users option in step 7, you will need to select the appropriate domain for Schools and Sections, in addition to a domain for teachers, and a domain for students, as shown below. This domain will be used as the domain suffix for the user account created by SDS, for each user included in the student and teacher csv files.

    Only one domain can be entered for teachers, and one domain for students within a single sync profile. If you have objects of those types which must be spread across multiple domains, you'll have to create a separate profile for each set of users (1 sync profile per domain).

    Directory options when syncing new users
  11. If you selected the Create new users option in step 7, you also must select the appropriate SKU to assign to each of the newly created Teachers and Students using the drop-down menus shown below. Each available SKU in your Office 365 tenant will be present in the list. Once selected for each user type, choose Next.

    Select the Office 365 SKU assigned to teachers and students
  12. On the Options to Sync page, select the schools you want to sync using this profile by choosing them under the Select schools to sync section.

    Select the names of the schools you want to sync
  13. Under the Select properties to sync section, select any optional attributes you would like to sync for each of the various object types. The required attributes are already selected by default under each object type. Once you’ve added in any optional attribute you want to sync to Azure, choose Next.

    Select optional proprties to sync to Azure AD
  14. On the Summary page, choose Submit to create the profile.

    The sync process does some data validation before creating the profile. If there are any errors, you'll have to correct them and then wait for the next sync cycle. Sync cycles run every 10 minutes.

  15. Once the sync profile is created, select the Enable Sync option to begin syncing the PowerSchool source data to Azure AD.

After all user identities have been synced successfully for the profile, Profile Status changes to Success. If you need to create more profiles, for example, if you have users set up with different domains, repeat these steps for each profile.

Video: How to match source and target attributes for sync

For various examples of matching logic success and failure for sync, watch the Identity Matching video:

SIS data in Office 365 will change when sync'd

After you complete the first SIS sync, data in your Office 365 SIS will be changed, based on the sync'd information. Changes might be related to a student, teacher, section, or any of the other attributes and objects types set up with School Data Sync. Changes may happen on a daily basis. To make sure changes in the SIS are reflected in School Data Sync and Classroom, data must be updated through the sync process.

All additions are processed and updates made whenever there is a sync, but deletions and certain changes do not occur automatically. This includes the following:

  • If a student is removed from a class in the SIS , the student is also removed from the class Unified Group in Classroom.

  • If a teacher is removed from a class, no change occurs in Classroom.

  • If a new teacher is added to a class, that teacher becomes the group owner, and that teacher is allowed to remove the other teacher, if needed.

  • If a student is deleted in the SIS, the sync does not delete the Azure Active Directory account for that student.

  • If a student is deleted in the SIS, the sync does not remove the student from the School’s Azure Active Directory.

  • If classes or schools are deleted in the SIS or removed from the sync profile, the sync does not delete the Class or School group in Azure Active Directory.

If you are syncing directly through PowerSchool SIS, changes are synced automatically on a continuous basis. All you need to do is update the data in your SIS and validate that changes are synced during the next sync cycle, with the exception of the deletes and changes mentioned in the previous list. Currently PowerSchool Sync occurs repeatedly. That is, after one sync completes, the next starts immediately and looks for any changes to sync.

School Data Sync Deployment Guidance

  1. Overview of School Data Sync and Classroom
  2. CSV Files for School Data Sync
  3. School Data Sync required attributes for PowerSchool Sync
  4. How to deploy School Data Sync by using CSV files
  5. How to deploy School Data Sync by using PowerSchool Sync
  6. How to deploy School Data Sync using Clever Sync
  7. School Data Sync errors and troubleshooting
  8. School Data Sync - One Roster
  9. School Data Sync Toolkit
  10. My Power School Connection Fails
  11. What SISes and MISes does School Data Sync support?
  12. What is School Data Sync?
  13. What is the rostering schema?
  14. How do I deploy School Data Sync?
  15. What apps work with School Data sync?
  16. Where is School Data Sync available?
  17. How does School Data Sync protect student information?
  18. Why doesn't my Customer Preview promo code link work?
  19. I received a 403 error when uploading CSV file using the Sync tool. How do I fix this?
  20. I received error 404 when running the School Data Sync Toolkit cmds. How do I fix this?
  21. Can I store and/or upload my CSV files if they are in a ZIP file format?
  22. Are the header names within the CSV files case sensitive?
  23. What are the requirements for accessing the SDS portal, and managing Sync?
  24. What happens with sync when my data changes in my SIS, or within my CSV files?
  25. Adding a Secondary Teacher
  26. Is there a character limitation for the SIS ID in the Section CSV file?
  27. Do I need to create more than 1 sync profile if my teachers and students are associated with different domains?
  28. Can I use both alpha and numeric characters for the School SIS ID?
  29. Why are Teachers or Students missing in the Organization tab?
  30. What attributes are synced with SDS?
  31. How can we export data from the SIS to Microsoft’s required CSV format?
  32. Can the SIS ID field for Sections contain spaces?
  33. What is the proper format for the Term StartDate and Term EndDate?
  34. Can I include optional attributes for sync if only some objects have a value populated for that attribute?
  35. Can I include empty columns in my CSV files?
  36. Do I need to remove the FirstName, LastName, and Password column if I’m not creating users through SDS?
  37. Does Microsoft provide extractor tools for my SIS data?
  38. Can a teacher sync if they are assigned to multiple schools?
  39. Can we export the sync issues/errors?
  40. Can we hide Sections from the GAL? If so, how?
  41. Will the standard welcome email be generated when users are synced/added to each sections/groups through SDS?
  42. If a class is set to inactive status manually through Classroom, will SDS change that status on the next sync if the CSV or SIS is different?
  43. Will SDS automatically sync student changes or do we have to restart sync on a regular basis?
  44. If we remove a user or section from Classroom will they reappear when we sync again?
  45. Why is there a character limitation on email addresses in SDS?
  46. How to sync objects with a sis id or attribute value less than 3 characters, or are less than 3 characters and start with a 0.
  47. Object limitations when synchronizing with SDS

Feedback and Knowledge Base