Halo enables Single Sign On (SSO) for Entra ID organisations
Introducing New Single Sign-On (SSO) for The Halo System.
Enterprise-grade access control. Seamless user experience. Stronger compliance by design.
Single Sign-On (SSO) is now available for all Halo System users — built in direct response to customer demand and designed to align with modern security and IT governance standards.
For organisations using Microsoft Entra ID, SSO enables secure, centralised authentication into Halo — removing password risk while strengthening control over user access.
Why SSO Matters for Security Leaders
Security isn’t just about incident response — it’s about identity control.
With SSO enabled, Halo users benefit from:
Centralised User Management
User provisioning, suspension and deletion are managed directly through your organisation’s Microsoft Entra tenant. No duplicated processes. No manual user clean-up. No forgotten accounts.
And when a user leaves your organisation, access to Halo is automatically revoked in line with your identity policies.
Enhanced Security & Compliance
SSO delegates authentication to your secure corporate environment.
- Enforced MFA (Multi-Factor Authentication)
- Conditional access policies
- Centralised password governance
- Audit consistency across applications
This ensures Halo aligns with your wider IT security architecture — not outside it.
Reduced Credential Risk
No additional Halo passwords to manage. Users authenticate through your organisation’s trusted identity provider, significantly reducing:
- Password reuse risk
- Credential sharing
- Weak password exposure
Seamless User Experience
Users log in with their corporate email address via your Microsoft environment. The experience is consistent across:
- Web access
- Mobile app login
- Multi-client environments
For large organisations operating multiple Halo accounts, a single Entra identity can securely access multiple Halo clients where configured.
Built for Real-World Operational Environments
We understand the complexity of control rooms, venues, transport hubs and critical infrastructure environments.
SSO has been designed to support:
- Existing Halo customers transitioning without losing permissions
- Multi-account organisations requiring cross-client access
- Controlled onboarding of new users
- Flexible support for temporary non-SSO users where operationally required
Halo Admins retain visibility and control over configuration — while identity authority remains with your IT team.
What Changes When You Enable SSO?
When SSO is activated:
- User creation, suspension and deletion are managed via Microsoft Entra
- Email addresses become the primary identifier
- Login transitions from username/password to secure identity provider authentication
- Sync occurs automatically (approx. 40-minute interval)
Your Partnerships Manager will support your onboarding to ensure a smooth transition.
Designed By You, Built By Us.
SSO was one of the most requested enterprise features from our customer base.
So we built it.
Not as a bolt-on workaround — but as a secure, properly integrated identity model aligned to modern security best practice.
Ready to Enable SSO?
Strengthen your access control.
Align Halo with your enterprise identity framework.
Reduce credential risk across your organisation.
Speak to your Partnerships Manager today to discuss activating SSO.
SSO FAQs
SSO for the Halo System currently supports integration with Microsoft Entra.
We’ve prioritised Entra due to its widespread adoption across enterprise, public sector and critical infrastructure organisations. We are looking to support other Identity Providers (IdPs) soon.
For existing clients, Halo intelligently matches users by email address to prevent duplication.
– Existing permissions are retained
– Users will log in using their corporate email address
– Authentication is delegated to your Microsoft Entra environment.
Your Partnerships Manager will guide you through transition planning and internal communications to ensure a smooth rollout.
Yes — where operationally required, non-SSO users can still be created by a Halo Admin.
However, for full compliance and identity governance benefits, we recommend managing the majority of users through your SSO connection. Your team can decide the right balance based on operational needs (for example, short-term contractors or event staff).
Yes — SSO is available at £1,250 per year per Halo client (unlimited users).
We’ve taken a transparent approach to pricing this feature. While SSO delivers significant security and compliance value to customers, it also required substantial backend redevelopment, security architecture changes, mobile login updates, and ongoing maintenance to ensure stability and secure synchronisation.
Rather than increasing core licence costs for all customers, we’ve chosen to make SSO an optional enhancement for organisations that require enterprise identity integration.
This allows us to:
– Continue investing in secure infrastructure
– Maintain and support the integration long-term
– Keep our standard Halo pricing competitive for customers who do not require SSO
If SSO aligns with your organisation’s security strategy, your Partnerships Manager can discuss activation and onboarding.
Halo Admins control the SSO configuration within Halo, but user lifecycle management (create, suspend, delete) moves to your Microsoft Entra environment once SSO is enabled.
This ensures:
– Centralised identity governance
– Consistent enforcement of MFA and conditional access
– Automatic removal of access when users leave your organisation
The result is stronger security alignment between Halo and your wider IT architecture.
Your Partnerships Manager will assist you with set-up, and we have a handy guide in our Halo Academy here.
Ready to try it for yourself?
Book a demo and discover how The Halo System can help you achieve safety & security excellence.