Skip to main content
All CollectionsApps [EU]Access Control
Avigilon Alta
Avigilon Alta

Automatically provision visitor access with Envoy and Avigilon Alta.

Updated over a month ago

How does Avigilon Alta work with Envoy?

Build your system from the inside out using Avigilon Alta as your end-to-end access control solution. If you’re solving for spaces with both new and legacy systems, Avigilon Alta can be easily implemented to work with whatever you’ve got.

The Envoy + Alta app streamlines the process of logging and distributing access to visitors. With in-depth customization options, including issuing access on either invites or guest sign-in, Envoy will create temporary Cloud Credentials in Avigilon Alta, which automatically and temporarily grants access to specific parts of your building — including automatic expiration and configurable access. Cloud Credentials are shared with your guests by either e-mail or SMS when a phone number is provided and do not require the Alta app to interact with.

PREREQUISITES

  1. You will need administrative access on your Avigilon Alta ACU to complete this setup. Ensure you have administrative access or work with a local administrator before proceeding with the following steps.

  2. A Premium or Enterprise level plan from Avigilon Alta is required. These are paid plans. Please reach out to Avigilon Alta for more information.

Enabling Envoy + Alta

Pre-Configuration: The Envoy Bot

  1. Begin by creating a role in Alta for the Envoy Bot.

    1. Go to Users > Roles and click “Create New Role.”

    2. Ensure at least read and write permissions are granted for View, and View and Edit users.

    3. Ensure read permissions are granted for Sites, Entry states, and all Other site items.

  2. Create a user for the Envoy Bot.

    1. Navigate to Users and click the "+" in order to add a new user.

    2. The new user will require an email — if you don't have an administrative alias email address, you could consider something like [email protected], where the addition of “+envoybot” will help differentiate the user in Alta.

    3. The new user should have a recognizable “First” and “Last” name, we recommend “Envoy Bot”.

    4. The new user should have the “Status” defined as “Active” and the role created in the previous step is selected.

    5. Ensure “Portal Access” is toggled on for this new user, this will permit Envoy to access the API in order to generate cloud credentials for your visitors.

    6. Under the “Access” tab in the new user view, ensure the new user has access to all of the relevant doors. This access will later be used for mapping visitor types in Envoy to access permissions.

Step 1 and 2: Installing Alta on the Envoy Dashboard.

  1. After creating a user in Alta for Envoy, go to Apps > All Apps in the Envoy dashboard.

  2. Under Access Control, find Avigilon Alta, then click “Install.”

  3. In the API step, enter the administrative credentials created in the first steps and click “Save” to continue. Also, select your region.

  4. On the Org step, select the desired Organization from the drop-down and click “Next Step” to continue.

The drop-down menu on step 2 is automatically populated based on the Orgs the administrative account provided in Step 1 has access to. If you do not see your intended Organization, then you must revisit your permissions within Avigilon Alta.

Step 3: Envoy Visitors + Alta

How to configure Avigilon Alta with Visitors:

  1. Visitor types to Atla entries.

    1. Select which entries you want to permit visitor types to access. The visitor will be given Cloud Credentials according to the entry that is selected.

    2. With the “Add another” button, you can map multiple visitor types to different entries.

  2. You can select several options of customization, including:

    1. Only Allow Invited Guests: Toggling this setting will switch to “Sign In” only Cloud Credential issuance when disabled, and “Invite” based Cloud Credentials when enabled. When this option is disabled the “ADVANCE ACCESS” and “ACCESS DURATION” fields can not be obeyed.

    2. Early Access: This is the length of time the Cloud Credential will work before the invited date and time (e.g., An invite may be for 8 PM on April 13th, but 15 minutes or even 12 hours prior to the meeting can be added to enable to the Cloud Credentials early, allowing visitors to access the facilities for parking or lodgings).

      1. Note: For Early Access, the OpenPath Access email will be sent upon creation of the invite, but access will not be granted until the day of the Visit.

    3. Access Duration: This is the length of time the Cloud Credential will work for. After the access duration expires automatically in Envoy the Cloud Credential will cease to work.

    4. Your Custom Logo (OPTIONAL): This is the logo that is displayed to visitors when they unlock doors with their temporary Cloud Credentials.

    5. Unlock Page Instructions (OPTIONAL): This is the additional instructions / messaging which is displayed to visitors when they unlock doors with their temporary Cloud Credentials.

    6. QR CODE

      1. Minimum and Maximum card ranges in addition to Facility Code, are required to issue credentials in a digital QR code format.

        1. These are card ranges are created and added to the user. The QR code is generated from the card #. The ranges follow the format that Alta has configured, such as Wiegand 26 bit which gives you a range of 0 to 65,535.

How Envoy Visitors entries look in Avigilon Alta

In order to see Visitor Entries, Navigate to Reports > User Activity. Then, you will be able to sort by the bot you created. In this example, we sorted by the user "Envoy Bot Admin"

The information about the cloud credentials will be in the "DETAIL" column. The format for these messages is as follows: Envoy ${eventType} ID ${visitorId}, ${visitorName}

How cloud credentials are assigned to Envoy Visitors in Avigilon Alta

Once successfully configured, the Envoy + Alta app will create Cloud Credentials with the user your configured (e.g., Envoy Bot). This user will display the automatically generated temporary Cloud Credentials created for each visitor.

Below is an example of a Cloud Credential, issued over e-mail via Envoy and accessed on a mobile device:

Possible iterations of access

Uninvited visitor signs in

  • They receive access if entries are assigned to that visitor type.

  • They do not receive access if there are no entries assigned to that visitor type.

  • They do not receive access if the customer has selected “ONLY ALLOW INVITED GUESTS”.

Invite created without advance access

  • Credential link will be emailed and texted once the invitee has signed in.

Invite created with advance access

  • Credential link should be emailed x amount of time before scheduled arrival.

Invite is created with advance access and then the invitee signs in

  • The link will be emailed x amount of time before scheduled arrival.

  • The link will not be emailed on sign-in (no duplicate emails).

  • The link will be texted once the invitee signs in.

Invite created with advance access, but deleted > 24 hours of scheduled arrival

  • A credential will be created and removed, and no link will be emailed.

Invite created with advance access, but deleted on the day of scheduled arrival

  • A credential will be created and removed, but a link may still be emailed (though the access control page informs the user that they do not have access).

Invite is created with a visitor type that has access but updated to a visitor type without access

  • A credential will be created, but on an update, that credential will be removed.

Invite is created with a visitor type without access but updated to a visitor type with access

  • A credential will be created on the update.

Invite is created and then updated with a different arrival time

  • The existing credential will be updated with a new start and expiry time.

On any sign-out

  • If access was granted, access will be revoked during sign out.


Related Articles
About Envoy Visitors
Brivo
Envoy Microsoft Outlook Add-in
Netbox by Lenel•S2
Microsoft Teams
Did this answer your question?