Skip to main content

HaloPSA idemeum JIT accounts

In this guide we will integrate idemeum just-in-time accounts for Entra ID with Halo PSA. Right from a customer ticket in HaloPSA technicians will be able to request JIT Entra ID accounts and view credentials.

Nik Pot


HaloPSA and idemeum integration leverages embedded iFrame sections. By default idemeum security does not allow cross-domain requests. Therefore, to enable this integration, request idemeum team to allow embedded iFrames for your idemeum tenant.

Configure idemeum session length

This step is optional, but will improve technician experience when accessing just-in-time accounts. By default the idemeum session length is set to 8 hours, meaning you have to re-authenticate with mobile every 8 hours. You can extend this session to 30 days so that you can seamlessly access JIT accounts for any customer tenant right from HaloPSA and you will stay authenticated for 30 days.

  • Navigate to your MSP tenant admin portal
  • Access SettingsGlobal and then define the Session expiration duration

Configure HaloPSA


In HaloPSA you can create a Custom tab that will point to your idemeum tenant. When managing PSA ticket you can click on that tab and get immediate access to your idemeum portal.

You have 2 options for navigation:

  • Navigate to parent MSP idemeum tenant - you can simply specify the URL for your MSP tenant, i.e. <msp name> In this case technicians will access custom tab, MSP idemeum tenant will be loaded, then technician will search for customer tenant, access it, and will request JIT account.
  • Navigate directly to idemeum customer tenant - you can leverage HaloPSA variables to navigate directly to customer idemeum tenant.

Set up HaloPSA variables

We will set up the integration to directly navigate to idemeum customer tenant from PSA ticket.

  • Say we have a customer tenant demo-<msp name> in idemeum. For a customer in HaloPSA we need to choose a variable and populate it with value demo.
  • In this example we will leverage the default variable Client reference
  • We populate this variable with demo value in the customer section by simply editing a customer in HaloPSA
  • We can tag all our customers in the same way in HaloPSA so they are mapped to a customer tenant in idemeum

Set up custom tab

  • Navigate to ConfigurationCustom objectsCustom tabs in HaloPSA
  • Create a custom tab like in the image below. As you can see for URL we are using the URL of MSP idemeum tenant, and we are passing a parameter from the variable $CLIENT_REFERENCE. You can specify the variable that you have chosen for integration.

Test integration

  • Open any ticket in Halo PSA
  • Click on idemeum tab
  • You will be presented with the idemeum user portal for that customer. You can see all workstation and Entra apps to request JIT accounts and view credentials