> ## Documentation Index
> Fetch the complete documentation index at: https://docs.rallied.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# HaloPSA

> Connect HaloPSA to Rallied

## Overview

The HaloPSA integration is a three-part setup that runs in parallel between the **HaloPSA admin UI** and the **Rallied dashboard**. Keep both tabs open while you work through it.

1. **In HaloPSA** — create a dedicated API agent, register an Application against that agent, and copy the Client ID + Client Secret.
2. **In Rallied** — open the HaloPSA integration form, paste the credentials, and save.
3. **In Rallied (post-connect)** — select which HaloPSA clients to import as Rallied clients. Each imported client is provisioned with an agent automatically.

The whole flow takes about 10 minutes.

## Section 1 — Create the API agent in HaloPSA

<Steps>
  <Step title="Sign in to HaloPSA as an administrator">
    Use an account with **Administrator** rights.
  </Step>

  <Step title="Open the Agents list">
    Go to **Configuration → Teams & Agents → Agents** and click **New**.
  </Step>

  <Step title="Configure the new agent">
    Fill in the following (leave other fields at their defaults):

    | Field                 | Value             |
    | --------------------- | ----------------- |
    | Username              | `Rallied Agent`   |
    | Password              | *leave blank*     |
    | Use AD authentication | No                |
    | Roles                 | Administrator     |
    | Is an API-only Agent  | **Yes**           |
    | First Name            | `Rallied`         |
    | Surname               | `Agent`           |
    | Initials              | `RA`              |
    | Default Team          | *No Default Team* |
    | Work Hours            | 24 Hours          |
  </Step>

  <Step title="Save the agent">
    Click **Save**.

    <Frame>
      <img src="https://mintcdn.com/rallied/CwfYHwg1Q8geWL42/images/image.png?fit=max&auto=format&n=CwfYHwg1Q8geWL42&q=85&s=ee2e028471b795f3b2d000e960f90fef" alt="Image" width="3096" height="2597" data-path="images/image.png" />
    </Frame>
  </Step>
</Steps>

<Frame>
  ## Section 2 — Register the Application
</Frame>

The Application is what Rallied uses to call the HaloPSA API.

<Steps>
  <Step title="Open the Applications list">
    Go to **Configuration → Integrations → HaloPSA API → Applications → View Applications** and click **New**.
  </Step>

  <Step title="Configure the application">
    Fill in:

    | Field                 | Value                                      |
    | --------------------- | ------------------------------------------ |
    | Application Name      | `Rallied Agent`                            |
    | Authentication Method | **Client ID and Secret (Services)**        |
    | Login Type            | **Agent**                                  |
    | Agent to log in as    | `Rallied Agent` (the agent from Section 1) |

    HaloPSA generates a **Client ID** and **Client Secret**. Copy both — you'll paste them into Rallied in Section 3. The secret is only displayed once.

    <img src="https://mintcdn.com/rallied/CwfYHwg1Q8geWL42/images/591441961-c6e1d6b1-cc37-49e2-adef-72dd9b170ccf.png?fit=max&auto=format&n=CwfYHwg1Q8geWL42&q=85&s=7fc6459417cccc94a59b4b6dad1148d2" alt="591441961 C6e1d6b1 Cc37 49e2 Adef 72dd9b170ccf" width="3096" height="2597" data-path="images/591441961-c6e1d6b1-cc37-49e2-adef-72dd9b170ccf.png" />
  </Step>

  <Step title="Set the application permissions">
    On the **Permissions** tab, enable the three scopes Rallied needs:

    | Permission       | Purpose                                                           |
    | ---------------- | ----------------------------------------------------------------- |
    | `all:standard`   | Read/write tickets, notes, customers, assets, and users           |
    | `all:teams`      | Access to all Teams regardless of the agent's own team membership |
    | `admin:webhooks` | Lets Rallied register and refresh its own webhook automatically   |

    Leave `all` and `admin` **unchecked** — `all:standard` plus `admin:webhooks` is the least-privileged set that lets the integration work.

    <img src="https://mintcdn.com/rallied/CwfYHwg1Q8geWL42/images/591442127-e5e2572e-388c-468d-831f-3695102af08d.png?fit=max&auto=format&n=CwfYHwg1Q8geWL42&q=85&s=31facc30af641f28d8d6fc46e193ec6a" alt="591442127 E5e2572e 388c 468d 831f 3695102af08d" width="3250" height="1426" data-path="images/591442127-e5e2572e-388c-468d-831f-3695102af08d.png" />
  </Step>

  <Step title="Save the application">
    Click **Save**. Leave the page open — you still need the Client ID and Client Secret in the next section.
  </Step>
</Steps>

## Section 3 — Connect HaloPSA in Rallied

<Steps>
  <Step title="Open MSP Integrations">
    In the Rallied dashboard, navigate to **MSP Settings → Integrations**.
  </Step>

  <Step title="Connect HaloPSA">
    Find the HaloPSA card and click **Connect**. A credentials form appears.
  </Step>

  <Step title="Enter your HaloPSA details">
    Fill in:

    * **Instance URL** — your HaloPSA tenant URL, e.g. `https://yourcompany.halopsa.com` (no trailing slash; HTTPS required)
    * **Client ID** — from the Application in Section 2
    * **Client Secret** — from the Application in Section 2

    Click **Save**. Rallied validates the connection. If the credentials are wrong, you'll see an inline error — re-check the values and re-save.

    <img src="https://mintcdn.com/rallied/CwfYHwg1Q8geWL42/images/591442030-7d3124c8-18bf-4f1a-8934-d8e3f9bc7297.png?fit=max&auto=format&n=CwfYHwg1Q8geWL42&q=85&s=01f761beeb56f7a2d8ea6563484fbd9a" alt="591442030 7d3124c8 18bf 4f1a 8934 D8e3f9bc7297" width="1210" height="1858" data-path="images/591442030-7d3124c8-18bf-4f1a-8934-d8e3f9bc7297.png" />
  </Step>

  <Step title="Select clients to import">
    After saving, the **Select clients to import** post-connect step opens. Pick which HaloPSA clients you want to manage with Rallied. Each one is imported into the dashboard with an agent provisioned automatically.
  </Step>
</Steps>

<Info>
  Rallied registers the webhook in HaloPSA for you and subscribes it to new and updated ticket events. You don't need to add the webhook or notifications manually.
</Info>

## How incoming tickets work

When a new or updated ticket arrives, Rallied matches the ticket's **Client (Customer)** to a Rallied client and wakes that client's agent with the ticket context preloaded — subject, requester, priority, prior notes — and the agent begins diagnosing.

If the learning pipeline has generated active workflows for your MSP and the ticket content matches a known pattern, the relevant workflow is injected into the agent's context to guide resolution.

### Sensitive tickets and identity verification

When the ticket is classified as sensitive — for example, a password or MFA reset — and you have a verification provider like [Traceless](/integrations/traceless) connected, Rallied dispatches an identity verification challenge to the requester before the agent starts work. The agent is paused until the verification resolves, and an internal note is posted on the ticket with the outcome.

## Approval channel

When the agent's plan includes a step that requires technician approval, it creates a HaloPSA **action** on the ticket describing the proposed steps. Technicians see the action in HaloPSA and reply to approve or deny.

The agent reads replies on the same ticket, classifies the intent (approve, deny, or neutral), and proceeds accordingly. Neutral replies such as routine status updates are forwarded to the agent as a normal message without affecting the approval.

Only the ticket's **assigned agent** is treated as a valid approver — replies from anyone else are ignored for approval purposes.

## Voice Agent

If you've enabled the [Voice Agent](/dashboard/voice-agent), HaloPSA is one of the supported PSAs for caller matching and ticket creation. The voice agent searches HaloPSA users as the caller speaks their name, creates a new ticket on the matched user's client, and posts the call transcript as the first ticket note.

## Testing the end-to-end setup

<Steps>
  <Step title="Create a test ticket in HaloPSA">
    Click **New Ticket** at the top of any HaloPSA page. Pick any ticket type, assign it to an imported client, and fill in a short subject and description.
  </Step>

  <Step title="Confirm the webhook fired">
    Go to **Configuration → Integrations → Webhooks**, open the `Rallied (...)` webhook, and check the **Deliveries** tab. You should see a successful delivery for the new ticket.
  </Step>

  <Step title="Confirm the agent picked it up">
    In Rallied, open **Activity** (or the imported client's detail page) — the new ticket should appear with the agent's diagnosis already in progress. If the operating mode is **Plan**, the agent posts an internal note with its plan; in **Execute** mode it begins executing read-only steps and requests approval for write actions.
  </Step>
</Steps>

If the ticket doesn't appear in Rallied, double-check:

* The Instance URL has no trailing slash and uses HTTPS
* The Client Secret hasn't been regenerated since you saved it in Rallied
* The client linked to the test ticket was imported in Section 3

## Policies

You can adjust HaloPSA tool policies from **MSP Settings → Integrations** (open the HaloPSA detail page