Skip to main content

Advanced Visitor Approvals

Learn how to create conditional workflows to support complex entry requirements.

Updated today

Overview

Advanced visitor approvals are a comprehensive system that provides greater control and flexibility for organizations with sophisticated visitor management needs. Unlike standard approval workflows, advanced approval leverages Policies to create intelligent, conditional approval paths that adapt based on visitor information, approver availability, and organizational requirements.

Capabilities

  • Sequential approval workflows: Create multi-stage approval chains (A → B → C) where each step must be completed before proceeding to the next

  • Conditional approval routing: Implement intelligent branching logic (if nationality = non-US → trade compliance team; else → standard approval)

  • SCIM group and multi-individual approvers: Restrict approval authority to designated personnel only, eliminating mis-approval risk through integration with your identity management system

  • Approval reasons with full auditability: When a policy is active, an optional reasoning window appears after approval decisions, allowing approvers to log their rationale for compliance and audit purposes

Policies

A Policy is a configurable container that houses conditional rules and approval logic for visitor requests. Think of it as the brain of your approval workflow – it defines who needs to approve what, under which circumstances, and in what order. Each policy can contain multiple approval paths, conditional branches, and designated approver groups, all working together to ensure the right people review the right visitors at the right time.

How Policies work

Policies work alongside your existing sign-in flows through a simple three-step process:

  1. Create a draft policy using the provided policy builder tools

  2. Publish the policy to make it available for association

  3. Associate the policy with sign-in flows – once associated, the policy becomes enforced for all invites that go through those sign-in flows

Policies also support versioning, allowing you to maintain different published versions and track changes over time. This ensures continuity and provides rollback options when needed.

Policies are currently integrated into the invitation phase. The process begins when a host creates an invite, then the invite goes through the policy workflow. Once all required approvals are obtained, the invite email is sent to the visitor (if selected during invite creation). Should any approval step result in a denial, the entire invite is denied, requiring the host to create a new invitation.

Creating a Policy

Policies are comprised of three main components:

  • Policy fields: These are pieces of information about a visit, which are then used to determine the appropriate actions for the visit.

  • Approval steps: These are the steps where someone approves or denies an invitation. Individuals, as well as SCIM groups, can be responsible for approving.

  • Conditions: Steps that create intelligent routing based on visitor responses.

To begin creating your new policy:

  1. Navigate to Global overview > Visitors > Policies. Click Create policy.

  2. Give your policy a Name and Description. Since these policies are global, it's a good idea to keep names concise and descriptions straightforward. Click Create.

  3. After creation, you should be taken into your new policy to start building.

✨Tip: You can change the name and description of your policy after creation by clicking into the title text box. ✨

Policy Fields

Policy fields are the information that hosts/inviters must provide when creating a visitor invite. Only dropdown selections can be used for policy fields. These fields are automatically inserted into the invite form.

as seen on an invite using the associated visitor sign-in flow

Based on the dropdown selections made, you can create routing branches that connect to different approval steps by building corresponding approval paths.

  1. Under Policy Fields, click + Add field.

    1. If you don't see this option, you might need to click the caret to open the dropdown.

  2. This process is similar to creating a sign-in field in a sign-in flow. Add your field name and dropdown options.

    1. To add more options, click + Add option.

    2. To reorder options, click and drag the toggle.

    3. To delete an option, click the trashcan.

  3. Click Create to complete.

  4. Now that you have a policy field, you can use it within the policy builder to define conditions.

Conditions

Conditions are steps that determine the flow of a visit through the workflow.

  1. Within the Policy builder, click Condition to add a new step to the workflow builder.

  2. Click on the new condition to select. The condition details will open in the right-hand side panel.

  3. Here, you can define the outcomes of an invite based on your policy fields. Each outcome will create a new node, on which actions can be built.

    1. The IF condition requires an IS or IS NOT correlation to an option.

    2. The ELSE condition captures the other answers to the policy field.

  4. Each node can now be used to create a new branch. You can click and drag the node to create branches in your workflow.

Approval Step

Approval steps allow designated admins to approve or deny visits.

  1. Within the Policy builder, click Approval to add a new step to the workflow builder.

  2. Click on the new approval to select. The approval details will open in the right-hand side panel.

  3. Begin by giving your approval step a descriptive name, such as 'Security Review' or 'Executive Approval.' This label will show in the workflow builder.

  4. Define who will be responsible for approving this visit. Currently, this is limited to Global and Location admins.

    1. Multiple approvers listed: You can select multiple approvers. When any one of them approves, the visit advances to the next step in the workflow. This option does not require each admin listed to approve.

    2. SCIM groups: If you use SCIM to manage your directory, you can create groups within your IDP to use as potential approvers.

  5. Once approvers are added, the step will be saved automatically and will be ready for use within the workflow.

Assembling your policy workflow

Now that all the basic components have been created, we can begin piecing together the policy and creating the workflow branches. You can include as many steps as needed in your workflow to ensure all visits meet your security standards.

The visual interface shows how different conditions and approvals interact to create a comprehensive approval system.

You can click and drag on any step to rearrange its position within the workflow.

To connect steps, click and drag a node to create a branch.

You can delete branches or steps by clicking them and pressing the Delete key on your keyboard.

Any issues with your workflow will be listed in the top right-hand corner of the page, next to the publish button.

The associated steps will have a caution symbol shown in the workflow builder.

Once your workflow is complete and all steps are connected, click Publish at the top of the page.

Using your policy with a sign-in flow

Any sign-in flow used with our Policies functionality will be automatically hidden from the iPad Kiosk. It cannot be shown until the policy is removed.

Additionally, admins will not be able to sign in visitors using your policy-assigned visitor types.

Once your policy is published, it's ready for use!

  1. Navigate to Global Overview > Visitors > Policies.

  2. Click on View, then select the current version to open the policy.

  3. Click on Manage Sign-in flows.

  4. Use the search function to select sign-in flows to use with this policy. Once you've added your sign-in flows, click Link.

  5. The flows will be added. To remove a flow, click the X.

  6. Once you've finished associating flows, click Done.

You can associate one or more sign-in flows with each policy. Once the association is complete, any upcoming invitations processed through those sign-in flows will automatically follow the defined approval workflow.

Moving Sign-in Flows Between Policies

You can transfer sign-in flows from one policy to another by navigating to the destination policy, searching for the desired sign-in flow, and creating the new association.

Any pending invitations created before the policy change will continue to be governed by the previous policy, while new invitations will be subject to the current policy.

Approving an invite

The designated approver will receive an email notifying them of a new approval. They can click the link in the email to open the invite, or view it in their invite log and approvals log.

The approval step will be listed in the right-hand side of the invite. From here, admins can approve or deny as needed.

Approval/denial reasons

When completing this step, a text box will open for an additional note for the approval/denial reason. This is separate from the Private notes field and cannot be edited or deleted.

Invitation process

Employees will be able to follow the same process for invites, but any newly added policy fields are marked as required.

After sending their invite, employees can check its progress by viewing it in the invite log.

Once an invite is approved, the employee will receive an email confirmation of the visit, and the invitation will be sent (if selected).

Related Articles
Sign-in flow Rules
Invite Approvals
Connect Visitor Walk-In Approvals
Visitor Assessments
Walk-up Visitor Approvals
Did this answer your question?