HaloPSA Connection Guide

A step-by-step guide to getting your Halo PSA account connected with Gradient MSP.


Here are the minimum requirements for on-premise environments.

  1. Fully Chained SSL Certificate.
  2. The latest stable version of Halo PSA.
  3. If your Halo instance restricts access based on IP, our IPs are &

Note: On-premise users can populate the Tenant field by typing in the words Not set.

Note: Setting All permissions on step 10 will cause authentication to fail.

  1. Upon initial registration of your new Gradient MSP account, you will select Halo PSA and click Next. You will then be presented with a connection checklist. Please gather these items before progressing to the next page. Let's head over to Halo PSA.
  2. Login to HaloPSA.
  3. Navigate to Configuration > Integrations > HaloPSA API > View Applications.
  4. Click New in the top right.
  5. On the Details tab, populate "Application Name" with Gradient MSP.
  6. Set the "Authentication Method" to Client ID and Secret (Services) and Record the Client ID and Client Secret.
  7. Set the Login Type to Agent.
  8. Select an Agent to log in as. Ensure the Agent has a Role with the following permissions.
    1. Customers Access Level - Read Only
    2. Invoices Access Level - Read and Modify
    3. Customer Agreement Access Level - Read and Modify
    4. Products Access Level - Read and Modify
  9. Keep a record of the Client ID and Client Secret.
  10. Press Save
  11. On the Permissions tab, enable the following permissions:
    1. read: customers
    2. read and edit: contracts
    3. read and edit: items
    4. read and edit: invoices
  12. Ensure Feature Access is enabled for Clients Access Level. image (35)
  13. Save the Gradient MSP API Application.
  14. Within Halo PSA, navigate to Configuration > Integrations > HaloPSA API
  15. Record the Resource Server, Authorization Server and Tenant.
  16. Return to Gradient, select HaloPSA and insert the following information.
    1. Client ID
    2. Client Secret
    3. Resource Server
    4. Authorization Server
    5. Tenant (On-premise users can populate the Tenant field by typing in the words Not set).
  17. Select Save and Test to confirm that the integration is configured properly.

        Warning: Authorization Server requires a forward slash "/" at the end of the URL https://domain.halopsa.com/auth/

        Congratulations, you've successfully connected your PSA!