<style>p { margin: 0; }span.fr-emoticon.fr-emoticon-img { background-repeat: no-repeat !important; font-size: inherit; height: 1em; width: 1em; min-height: 20px; min-width: 20px; display: inline-block; margin: -0.1em 0.1em 0.1em; line-height: 1; vertical-align: middle; } span.fr-emoticon { font-weight: normal; font-family: "Apple Color Emoji", "Segoe UI Emoji", "NotoColorEmoji", "Segoe UI Symbol", "Android Emoji", "EmojiSymbols"; display: inline; line-height: 0; } blockquote { border-left: solid 2px #5e35b1; color: #5e35b1; margin-left:0; padding-left:5px;}blockquote blockquote{ border-color: #00bcd4; color: #00bcd4;}blockquote blockquote blockquote{ border-color: #43a047; color: #43a047;} table.grid{ border-collapse: collapse;} table.grid td, table.grid th { border: 1px solid #ddd;} .fr-fic.fr-dib{ display: block; margin: 5px auto;}.fr-fic.fr-dib.fr-fir{ text-align: right; margin: 5px 0 5px auto;}.fr-fic.fr-dib.fr-fil{ text-align: left; margin: 5px auto 5px 0;}.fr-fic.fr-dii{ float: none; margin: 5px auto;}.fr-fic.fr-dii.fr-fil{ float: left; margin: 5px auto;}.fr-fic.fr-dii.fr-fir{ float: right; margin: 5px auto;}img.fr-dib.fr-fir { margin-right: 0; text-align: right;}img.fr-dib.fr-fil { margin-left: 0; text-align: left;}img.fr-dib { margin: 5px auto; display: block; float: none;}img.fr-bordered { box-sizing: content-box; border: solid 5px #CCC;}img.fr-shadow { box-shadow: 10px 10px 5px 0px #cccccc;}img.fr-rounded { border-radius: 10px; -moz-border-radius: 10px; -webkit-border-radius: 10px; -moz-background-clip: padding; -webkit-background-clip: padding-box; background-clip: padding-box;}</style><style> p { margin: 0; } span.fr-emoticon.fr-emoticon-img { background-repeat: no-repeat !important; font-size: inherit; height: 1em; width: 1em; min-height: 20px; min-width: 20px; display: inline-block; margin: -0.1em 0.1em 0.1em; line-height: 1; vertical-align: middle; } span.fr-emoticon { font-weight: normal; font-family: "Apple Color Emoji", "Segoe UI Emoji", "NotoColorEmoji", "Segoe UI Symbol", "Android Emoji", "EmojiSymbols"; display: inline; line-height: 0; } blockquote { border-left: solid 2px #5e35b1; color: #5e35b1; margin-left: 0; padding-left: 5px; } blockquote blockquote { border-color: #00bcd4; color: #00bcd4; } blockquote blockquote blockquote { border-color: #43a047; color: #43a047; } table.grid { border-collapse: collapse; } table.grid td, table.grid th { border: 1px solid #ddd; } .fr-fic.fr-dib { display: block; margin: 5px auto; } .fr-fic.fr-dib.fr-fir { text-align: right; margin: 5px 0 5px auto; } .fr-fic.fr-dib.fr-fil { text-align: left; margin: 5px auto 5px 0; } .fr-fic.fr-dii { float: none; margin: 5px auto; } .fr-fic.fr-dii.fr-fil { float: left; margin: 5px auto; } .fr-fic.fr-dii.fr-fir { float: right; margin: 5px auto; } img.fr-dib.fr-fir { margin-right: 0; text-align: right; } img.fr-dib.fr-fil { margin-left: 0; text-align: left; } img.fr-dib { margin: 5px auto; display: block; float: none; } img.fr-bordered { box-sizing: content-box; border: solid 5px #CCC; } img.fr-shadow { box-shadow: 10px 10px 5px 0px #cccccc; } img.fr-rounded { border-radius: 10px; -moz-border-radius: 10px; -webkit-border-radius: 10px; -moz-background-clip: padding; -webkit-background-clip: padding-box; background-clip: padding-box; } </style><p><strong><span style="font-size: 12pt;">What is Single Sign on B2C?&nbsp;</span></strong></p><p>Single sign on B2C allows your agents and users to sign in to Halo using credentials from various accounts. It also allows unknown users to sign up to access your Halo portal using credentials from existing accounts.</p><p><br></p><p><strong><span style="font-size: 12pt;">Who can use SSO B2C?</span></strong></p><p>B2C SSO is typically used by organisations using HaloCRM, as they will not have a fixed user list and will want to make sign up for users as easy as possible.&nbsp;</p><p><br></p><p>Organisations using HaloPSA and HaloITSM will use B2B SSO as all the users and agents that will be logging in already exist in your Azure tenant or one of the Azure tenants you manage (fixed list).&nbsp;</p><p><br></p><ul><li style="font-weight: bold;"><a data-fr-linked="true" href="https://usehalo.com/haloitsm/guides/2322/" id="isPasted" target="_blank" rel="noopener noreferrer"><strong>Single Sign On B2B (SSO) For Entra/CSP Users and Agents</strong></a></li></ul>

<style>p { margin: 0; }span.fr-emoticon.fr-emoticon-img { background-repeat: no-repeat !important; font-size: inherit; height: 1em; width: 1em; min-height: 20px; min-width: 20px; display: inline-block; margin: -0.1em 0.1em 0.1em; line-height: 1; vertical-align: middle; } span.fr-emoticon { font-weight: normal; font-family: "Apple Color Emoji", "Segoe UI Emoji", "NotoColorEmoji", "Segoe UI Symbol", "Android Emoji", "EmojiSymbols"; display: inline; line-height: 0; } blockquote { border-left: solid 2px #5e35b1; color: #5e35b1; margin-left:0; padding-left:5px;}blockquote blockquote{ border-color: #00bcd4; color: #00bcd4;}blockquote blockquote blockquote{ border-color: #43a047; color: #43a047;} table.grid{ border-collapse: collapse;} table.grid td, table.grid th { border: 1px solid #ddd;} .fr-fic.fr-dib{ display: block; margin: 5px auto;}.fr-fic.fr-dib.fr-fir{ text-align: right; margin: 5px 0 5px auto;}.fr-fic.fr-dib.fr-fil{ text-align: left; margin: 5px auto 5px 0;}.fr-fic.fr-dii{ float: none; margin: 5px auto;}.fr-fic.fr-dii.fr-fil{ float: left; margin: 5px auto;}.fr-fic.fr-dii.fr-fir{ float: right; margin: 5px auto;}img.fr-dib.fr-fir { margin-right: 0; text-align: right;}img.fr-dib.fr-fil { margin-left: 0; text-align: left;}img.fr-dib { margin: 5px auto; display: block; float: none;}img.fr-bordered { box-sizing: content-box; border: solid 5px #CCC;}img.fr-shadow { box-shadow: 10px 10px 5px 0px #cccccc;}img.fr-rounded { border-radius: 10px; -moz-border-radius: 10px; -webkit-border-radius: 10px; -moz-background-clip: padding; -webkit-background-clip: padding-box; background-clip: padding-box;}</style><style> p { margin: 0; } span.fr-emoticon.fr-emoticon-img { background-repeat: no-repeat !important; font-size: inherit; height: 1em; width: 1em; min-height: 20px; min-width: 20px; display: inline-block; margin: -0.1em 0.1em 0.1em; line-height: 1; vertical-align: middle; } span.fr-emoticon { font-weight: normal; font-family: "Apple Color Emoji", "Segoe UI Emoji", "NotoColorEmoji", "Segoe UI Symbol", "Android Emoji", "EmojiSymbols"; display: inline; line-height: 0; } blockquote { border-left: solid 2px #5e35b1; color: #5e35b1; margin-left: 0; padding-left: 5px; } blockquote blockquote { border-color: #00bcd4; color: #00bcd4; } blockquote blockquote blockquote { border-color: #43a047; color: #43a047; } table.grid { border-collapse: collapse; } table.grid td, table.grid th { border: 1px solid #ddd; } .fr-fic.fr-dib { display: block; margin: 5px auto; } .fr-fic.fr-dib.fr-fir { text-align: right; margin: 5px 0 5px auto; } .fr-fic.fr-dib.fr-fil { text-align: left; margin: 5px auto 5px 0; } .fr-fic.fr-dii { float: none; margin: 5px auto; } .fr-fic.fr-dii.fr-fil { float: left; margin: 5px auto; } .fr-fic.fr-dii.fr-fir { float: right; margin: 5px auto; } img.fr-dib.fr-fir { margin-right: 0; text-align: right; } img.fr-dib.fr-fil { margin-left: 0; text-align: left; } img.fr-dib { margin: 5px auto; display: block; float: none; } img.fr-bordered { box-sizing: content-box; border: solid 5px #CCC; } img.fr-shadow { box-shadow: 10px 10px 5px 0px #cccccc; } img.fr-rounded { border-radius: 10px; -moz-border-radius: 10px; -webkit-border-radius: 10px; -moz-background-clip: padding; -webkit-background-clip: padding-box; background-clip: padding-box; } </style><p><strong>In this guide we will cover:</strong></p><p><strong>- B2B vs B2C single sign on</strong></p><p><strong>- How to configure SSO for B2C</strong></p><p><br></p><p><br></p><p><strong><span style="color: rgb(235, 107, 86); font-size: 12pt;">Microsoft is now depreciating B2C licencing. From 15 March 2026 B2C will be depreciated for everyone on P2 tier licencing. Your B2C tenant will remain but your Azure AD B2C P2 licence will no longer function. For everyone on P1 premium tier licencing existing B2C will be supported until May 2030. Users are now directed to use Microsoft&#39;s Entra External ID platform instead (this replaces B2C). Single sign on with Halo using Entra External ID for external user authentication is now available. For information on how to set this up checkout: &quot;<a data-fr-linked="true" href="https://usehalo.com/haloitsm/guides/2667" id="isPasted" target="_blank" rel="noopener noreferrer">Single Sign-On in Halo</a>&quot;.</span></strong></p><p><br></p><p>For more information on Microsoft Entra External ID checkout: <a data-fr-linked="true" href="https://learn.microsoft.com/en-us/entra/external-id/external-identities-overview" id="isPasted" target="_blank" rel="noopener noreferrer">Introduction to Microsoft Entra External ID</a>.</p><p><br></p><p><br></p><p><strong><span style="font-size: 14pt;">B2B vs B2C single sign on</span></strong></p><p>Single sign on allows users and/or agents in your Halo to log in to their Halo account using existing credentials they have for other accounts. Halo obtains authentication from the third party the account is with.</p><p><br></p><p>B2B single sign on stands for &#39;Business to Business&#39;. This method of single sign on only allows users who exist in your Azure tenant (or a tenant you have access to) to sign up or sign in to your Halo with their Microsoft (work) credentials. This is typically used when a business is providing services to another business, as you will have a pre-defined set of users that will be allowed access to your Halo. These users will either be in your Azure tenant, or you will have access to their Azure tenant through the partner centre, therefore when using this method of SSO in Halo you must be using either the Entra ID or CSP integration. HaloPSA and HaloITSM customers typically use the B2B method of single sign on.&nbsp;</p><p><br></p><p>B2C single sign on stands for &#39;Business to Customer&#39;. This method of single sign on allows agents and/or users to be able to sign up and sign in to your Halo portal using various accounts, such as their Google, Microsoft and social accounts. Whereas B2B only allows users to sign in &nbsp;using their work account. B2C is typically used when the users you would like to access your portal are not in your Azure tenant, so when they are external consumers however, you can restrict who can sign up/in to your portal when using B2C. HaloCRM customers typically use this method of single sign on.&nbsp;</p><p><br></p><p>In this guide we will only cover the setup of B2C single sign on (SSO) using Azure, we have a separate guide on B2B SSO for Azure/Microsoft <a data-fr-linked="true" href="https://usehalo.com/halopsa/guides/2322" target="_blank" rel="noopener noreferrer"><strong>here</strong></a>. For information on B2B single sign on for Google accounts see our guide <a data-fr-linked="true" href="https://usehalo.com/halopsa/guides/1126/" target="_blank" rel="noopener noreferrer"><strong>here</strong></a>.&nbsp;</p><p><br></p><p><br></p><p id="isPasted"><strong><span style="font-size: 14pt;">How to configure SSO for B2C</span></strong></p><p><em>Pre-requisites&nbsp;</em></p><ul><li style="font-style: italic;"><em>You must have a B2C Azure tenant</em></li><li style="font-style: italic;"><em>If on a Halo version prior to v2.182 the B2C tenant must have a domain name ending &quot;.com&quot;</em></li></ul><p><br></p><p>To get started head to configuration &gt; integrations &gt; Microsoft Entra ID &gt; single sign-on B2C tab. Here is where you will configure the SSO connection in Halo.&nbsp;</p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImE2M2U3Mjg2LWM3OTEtNDM1ZC05OWYwLTcyMWFiYzFjODA4NyJ9.ChbFVwpVtFf3hTsDckkL16K2iYl_EuRgs0ca15TIF5k" class="fr-fic fr-fil fr-dib" width="1435" style="width: 1437px; height: 654.777px;" height="655"></p><p><strong><span style="font-size: 10pt;">Fig 1. B2C SSO configuration</span></strong></p><p><br></p><p><strong><span style="font-size: 12pt;">Create Azure application</span></strong></p><p>First you will need to create an Azure application for your B2C Azure tenant. This application should be of type &#39;Accounts in any identity provider or organizational directory (for authenticating users with user flows)&#39;, set the platform to be &#39;Web&#39; and have the redirect URI present on the SSO setup page in Halo (figure 1). This URI follows the format <a data-fr-linked="true" href="https://YOURHALODOMAIN/auth/account/azureb2cresponse">https://YOURHALODOMAIN/auth/account/azureb2cresponse</a></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImE2ZTc2NGIyLWI1ZjktNDVhMi1iOWYyLTE5YWFhNTNjN2E2NiJ9.SXeaCIsFQS1vBUQLXgmZQvcbrBNmfBxYmdCrqjkBHE4" class="fr-fic fr-fil fr-dib" width="650" style="width: 652px; height: 160.767px;" height="161"></p><p><strong><span style="font-size: 10pt;">Fig 2. Account type for azure application</span></strong></p><p><br></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjM4ODVlM2YwLWE3YjMtNGRmOC05ZTM5LTAxNmViNjI0NGE4OCJ9.iVjjvWx1TzGS2aXIovvyKdG6rbcTx1FYJd0EjeBQiEk" class="fr-fic fr-fil fr-dib" width="788" style="width: 790px; height: 322.152px;" height="322"></p><p><strong><span style="font-size: 10pt;">Fig 3. Azure application</span></strong></p><p><br></p><p><strong><em>Note: If you have two re-direct URIs visible on your SSO configuration page add both redirects to the application.&nbsp;<br></em></strong></p><p><br></p><p>Now you will need to add the following permissions to this application:</p><ul><li>openid (Delegated)&nbsp;</li></ul><p>You will also need to enable ID tokens (used for implicit and hybrid flows). This is enabled under the &#39;Authentication&#39; tab under the application</p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjEzZmU1MmE1LTgyNTgtNDViOC1iMGRhLWU4MThlZDlkZDZjMyJ9.ek1jfSiIiZy4qm-upka1kRUWeAFv5ROiQKeC3hWFfhc" class="fr-fic fr-fil fr-dib" width="948" style="width: 950px; height: 556.12px;" height="556"></p><p><strong><span style="font-size: 10pt;">Fig 4. Enable ID tokens</span></strong></p><p><br></p><p>You will now need to assign a user flow to your application to determine how users are authenticated. You may wish to create your own custom user flow, or use one of the standard user flows such as the &#39;sign up and sign in&#39; user flow.&nbsp;</p><p>&nbsp;</p><p>For more information on creating user flows see Microsoft&#39;s article here: <a data-fr-linked="true" href="https://learn.microsoft.com/en-us/azure/active-directory-b2c/tutorial-create-user-flows?pivots=b2c-user-flow" id="isPasted">https://learn.microsoft.com/en-us/azure/active-directory-b2c/tutorial-create-user-flows?pivots=b2c-user-flow</a></p><p><br></p><p id="isPasted">Now you will need to ensure you have the correct application claims against your B2C policy, the following claims will need to be added:</p><ul><li>Identity provider access token</li><li>User&#39;s Object ID</li></ul><p>These can be added under Home &gt; Azure Ad B2C &gt; select policy &gt; Application claims.</p><p><img data-fr-image-pasted="true" src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjhlYTA4NTY0LTVjNDAtNDAyZC05OWFjLTE4ZTI1M2Y2ZTViZSJ9.AjyrPoyA9mwcFDuJBhMGOqgIHqjeQANghJbqmxPO20A" width="1040" style="box-sizing: inherit; border-style: none; cursor: pointer; padding: 0px 1px; user-select: none; text-align: left; color: rgb(0, 0, 0); font-family: sans-serif; font-size: 13.3333px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: normal; background-color: rgb(255, 255, 255); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; width: 1042px; height: 491.215px; max-width: none !important;" id="isPasted" class="fr-fil fr-dib" height="491"><strong><span style="font-size: 10pt;">Fig 5. Add application claims&nbsp;</span></strong></p><p><br></p><p>Now your application setup is complete head back to the Halo configuration page.&nbsp;</p><p><br></p><p><strong><span style="font-size: 12pt;">Halo Configuration&nbsp;</span></strong></p><p>Enter your tenant and application ID into the relevant fields.&nbsp;</p><p><br></p><p><strong>Domain Name</strong> - Here enter the domain name of your Azure AD B2C tenant, if your domain is contoso.onmicrosoft.com the tenant name will just be &quot;contosco&quot;.</p><p><strong>User Flow Name</strong> - Here enter the name of the User Flow assigned to your application (this must be exact).</p><p><strong>Top-level domain name</strong>- You only need to complete this field if your tenant domain name does not end in &quot;.com&quot;. Here enter the region for your domain name so if your domain name is contoso.onmicrosoft.us enter &quot;.us&quot; in here.</p><p><br></p><p>Now complete the additional settings on the page</p><p>&nbsp;</p><p><strong>Allow Single Sign-On for Agents and/or Users</strong> - Choose who SSO is allowed for, agent and/or users.</p><p><strong>Automatically create unmatched users that login with Azure AD but aren&#39;t present in Halo</strong> - When this is enabled new users can be created using SSO. If a user logs into the Halo portal with a login that does not currently exist against a user account in Halo, a new Halo user account will be made for them. If this is enabled an <strong>additional option to choose the site users are created under will appear.&nbsp;</strong></p><p><strong>Automatically redirect Agents and Users to Azure without showing the Halo login screen&nbsp;</strong>- When enabled users will not see the Halo Login screen when accessing the Halo portal, they will automatically be re-directed to the SSO login page.&nbsp;</p><p><br></p><p>When you are happy with your configuration enable the SSO functionality using the &#39;Publish&#39; setting.&nbsp;</p><p><br></p><p><strong>Enable SSO to show on your portal</strong></p><p>Once you have setup SSO this will now be available as an additional authentication option against your portal application. To start using this you will need to set this option to be visible.&nbsp;</p><p><br></p><p>Head to configuration &gt; integrations &gt; HaloAPI &gt; applications &gt; select your &#39;halo-user-portal&#39; application&#39;. Here, edit the page and edit the tile for &#39;Azure B2C SSO&#39;, here set the tile to be visible.&nbsp;</p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImZiM2M0ZDlmLTg1ZDMtNDIzMS04MTU2LWNmNTk1Zjk2MTI0NiJ9.r6CcXyduFTRFdKuVRyMjzbQnODcEngeRP8LAHVfLwTw" class="fr-fic fr-fil fr-dib" width="933" style="width: 935px; height: 267.77px;" height="268"></p><p>Fig 6. Edit B2C tile&nbsp;</p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImJkNzkwMmEzLTU1YzEtNDJjYS04MjcwLTVhYjg5OGRiZDUzNyJ9.lDUrrGVU__Qr3Ez4UXtPL7VgNcgCXq9qzhIQqfyGn18" class="fr-fic fr-fil fr-dib" width="643" style="width: 645px; height: 292.351px;" height="292"></p><p>Fig 7. Set B2C SSO to show</p><p><br></p><p>You can also choose a new label for the button here as well, this will override the label &#39;Azure B2C SSO&#39;.</p><p><br></p><p><strong><em>Note: If you have multiple portals ensure this is done for each of your portals, or only the portals you would like to use SSO for.&nbsp;</em></strong></p><p><br></p><p><strong><span style="font-size: 14pt;">Additional Settings for SSO&nbsp;</span></strong></p><p><strong><span style="font-size: 12pt;">Remember agent/user logins</span></strong></p><p>To streamline the log in process you can allow agents and users to have their login details &#39;remembered&#39; so they need not enter their password to log in each time. To enable this functionality head to configuration &gt; advanced settings and enable &#39;Remember Me when using a SSO method&#39;.&nbsp;</p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjY1MGY3MjU0LThmYjAtNDQyOC04Y2RlLTBjNWFlZDBhMWM2MSJ9.iYgkDxMSIlxT7R6t1bjGTOq8R2EHN2-cx776flpdHSM" class="fr-fic fr-fil fr-dib" width="638" style="width: 640px; height: 341.27px;" height="341"></p><p><strong><span style="font-size: 10pt;">Fig 8. Setting to have login details remembered</span></strong></p><p><br></p><p>When enabled, a &#39;remember me&#39; setting will appear on the login screen so agents/users can choose to have their login details remembered for next time.&nbsp;</p><p><br></p><p><strong><span style="font-size: 12pt;">Bypass 2FA for SSO</span></strong></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImNiMmJhOGFhLWFiNGEtNDAzMi05YTg3LTg0ODJjYjRkMWRlZiJ9.Px8u8bRRgL2p69eKIl9vSCOdWA_x42wqrO9kXVidYu8" class="fr-fic fr-fil fr-dib" width="758" style="width: 760px; height: 324.604px;" height="325"></p><p><strong><span style="font-size: 10pt;">Fig 9. Setting to allow Halo 2FA to be bypassed</span></strong></p><p><br></p><p>When enabled 2FA procedures will be automatically bypassed when agents/users are using SSO to log in.&nbsp;</p><p><br></p><p>To allow agents/users using SSO to bypass Halo 2FA head to configuration &gt; advanced settings and enable &#39;Bypass Halo 2FA if logging in with Single Sign-On&#39;.&nbsp;</p><p><br></p><p><strong><span style="font-size: 12pt;">Don&#39;t ask for 2FA again when using SSO</span></strong></p><p>When using 2FA with Halo login credentials agents/users will have an option to check &#39;Don&#39;t ask again&#39; when completing 2FA so they need not complete 2FA again when logging in with the same device. This functionality is compatible when users/agents are signing in with SSO.&nbsp;</p><p><br></p><p>To enable this first ensure you have enabled Halo 2FA procedures (this can be forced for everyone or enabled per agent). You will also need to enable the &#39;Don&#39;t ask again&#39; option, enabled under configuration &gt; advanced settings.&nbsp;</p><p><br></p><p>Once setup you will need to enable &#39;Allow Halo 2FA if logging in with Azure Single Sign-On&#39; under configuration &gt; advanced settings.&nbsp;</p><p>&nbsp;<img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjIyNWIzMDIxLWZkMzktNDAyNC1iYjg4LWNkNzVlM2E1OGVjNyJ9.cLwVmYoJ6wx2qxeoz_cy81uBGChT900-uV3gmdorlSY" class="fr-fic fr-fil fr-dib" width="703" style="width: 705px; height: 340.345px;" height="340"></p><p><strong><span style="font-size: 10pt;">Fig 10. Setting to allow &#39;don&#39;t ask again&#39; functionality to work when using SSO</span></strong></p><p><br></p><p>When this is enabled an additional cookie will be stored to allow agents/users to skip 2FA if they have checked &#39;Don&#39;t ask again&#39; when logging in previously.&nbsp;</p>