Overview
Advanced visitor approvals are a comprehensive system that provides greater control and flexibility for organizations with sophisticated visitor management needs. Unlike standard approval workflows, advanced approvals leverage Policies to create intelligent, conditional approval paths that adapt based on visitor information, approver availability, and organizational requirements.
Once you've created a Policy, you'll be able to assign it to sign-in flows across your visitors locations.
Capabilities
Sequential approval workflows: Create multi-stage approval chains (A → B → C) where each step must be completed before proceeding to the next
Conditional approval routing: Implement intelligent branching logic (if nationality = non-US → trade compliance team; else → standard approval)
SCIM group and multi-individual approvers: Restrict approval authority to designated personnel only, eliminating mis-approval risk through integration with your identity management system
Data Collection: Collect structured, decision-critical information from designated reviewers as part of the approval process, separate from what the host or visitor fills in.
Global approval policies with location overrides: Apply a single policy company-wide, while allowing different approvers per location.
Approval reasons with full auditability: When a policy is active, approvers can leave optional comments, allowing them to log their rationale for compliance and audit purposes.
Walk-up coverage: Extend a policy beyond invited visitors so walk-ups are routed through the same conditions, approvers, and audit trail.
Getting started
Setting up Advanced Visitor Approvals for the first time works best in stages:
Stage 1: Build your first policy. Create a policy, add your policy fields, configure conditions, assign approvers, add any concurrent or data collection steps, and publish.
Stage 2: Test with a dedicated sign-in flow. Create a new sign-in flow specifically for testing and associate it with your policy. Walk through the full approval experience with other admins before going live.
Stage 3: Move to active sign-in flows. When you're confident in the workflow, associate your policy with your production sign-in flows.
Stage 4: Expand to global flows. Associate your policy with a global sign-in flow and configure location overrides to enforce requirements across all locations.
Policies
A Policy is a configurable container that houses conditional rules and approval logic for visitor requests. Think of it as the brain of your approval workflow – it defines who needs to approve what, under which circumstances, and in what order.
Policies support versioning, so you can maintain different published versions and roll back when needed. Publishing creates a new version. Sign-in flows associated with a previous version continue to use that version until you bump them to the new one.
To start, see Creating a Policy: Fields, Conditions, and Approval steps. After configuring these basic fields, you can move on to Complex Policy steps: Concurrent approvals, Location overrides, and Risk intel.
Assembling your policy workflow
Once all the basic components have been created, you can begin piecing together the policy and creating the workflow branches. You can include as many steps as needed in your workflow to ensure all visits meet your security standards.
The visual interface shows how different conditions and approvals interact to create a comprehensive approval system.
You can click and drag on any step to rearrange its position within the workflow. To connect steps, click and drag a node to create a branch.
See Building your policy for assembly instructions.
Approving an invite
Much like approvals via third-party screeners or rules, assigned admins will receive emails notifying them of pending invites or entries.
The approval step will be listed in the right-hand side of the invite. From here, admins can approve or deny as needed.
See Approving visits, Data Collection, and Invitation Experience for a complete tutorial.
Invitation process
Employees will be able to follow the same process for invites, but any newly added policy fields are marked as required.
After sending their invite, employees can check its progress by viewing it in the invite log.
Once an invite is approved, the employee will receive an email confirmation of the visit, and the invitation will be sent (if selected).
What to know before enabling a policy
Advanced Approval works with individual and group invites. For group approvals, use Group Invite and select Send direct invites to specific people. The "Create a signup link for self-registration" option is not available yet for flows managed by a policy. Bulk Invite is a legacy feature; use Group Invite instead.
Repeat invites are not currently supported on sign-in flows linked to a policy. This is coming in a future release.
Advanced Approval works alongside other screeners. Blocklist and Visitor Compliance and other screening still apply. Advanced Approval is an additional layer, not a replacement.
Update kiosks before enabling walk-ups
Make sure your iPad kiosks are on Envoy Visitors 5.62.0 or higher before turning on walk-ups for a policy. On 5.62.0 and above, invited guests won't see the policy field data the admin already submitted in their invite, keeping the sign-in flow secure. Walk-up guests can submit their own responses on any version.
Ready to get started? See Creating a Policy: Fields, Conditions, and Approval steps to begin building your policy.