Integration type
SIS (Student Info System)
What we solve
PowerSchool districts need a secure way to verify the identity of students, staff, and guardians—especially for enrollment, staff provisioning, and sensitive guardian portal actions—across deployments that may lack consistent webhook support. This integration uses a PowerSchool plugin to authenticate via OAuth client credentials, detect new enrollments via polling or event subscriptions, trigger 1Kosmos identity proofing (OIDC for staff; SAML step-up for guardian portal), and write IAL2 verification status back to PowerSchool custom fields so districts can reduce fraud, protect student data, and meet KYC/assurance requirements for high-risk actions.
Integration architecture
PowerSchool integrations are packaged as plugins — signed ZIP archives deployed into the PowerSchool server. The plugin registers OAuth credentials and optional webhook endpoints.
API authentication
Returns a bearer token valid for 3,600 seconds.
Touchpoint 1 — New student enrollment trigger PowerSchool does not natively support outbound webhooks in all deployment tiers. For schools on PowerSchool SIS Cloud (SaaS), the 1Kosmos plugin registers a Data Access Tag (DAT) page that polls for newly enrolled students:
For schools where webhooks are available, the plugin registers an event subscription.
Touchpoint 2 — Identity proofing trigger for staff/high-value actions PowerSchool implements OneRoster 1.1 for roster data. Staff records are accessible via:
For staff onboarding, the plugin reads new staff records and triggers IDV via the 1Kosmos OIDC flow. Results are written back to a custom PowerSchool extension field.
Touchpoint 3 — Parent/guardian KYC PowerSchool's Guardian Portal (web) uses SAML 2.0 for SSO. 1Kosmos acts as a SAML IdP. When a guardian registers a new account or updates financial information, the portal can enforce step-up authentication via a SAML AuthnContext of urn:oasis:names:tc:SAML:2.0:ac:classes:MobileTwoFactorContract mapped to 1Kosmos IAL2.
Data flow
Integration complexity: Medium-High
The plugin framework is well-documented but requires validation through PowerSchool's partner program. Schools on legacy on-premise deployments have limited webhook support, requiring polling-based architectures.
