How does this app work?
For Envoy Visitors, the integration facilitates seamless Wi-Fi provisioning as visitors sign into the workplace, ensuring they have the necessary access right from the start.
For Workplace, Envoy leverages Wi-Fi sign-in events to automatically track employee attendance. This not only simplifies the process of managing employee presence but also provides real-time data on who is currently in the office, enhancing overall workplace efficiency and security.
PREREQUISTES:
You must be an admin in order to set up this integration.
In order to send Aruba credentials to your visitors, you must use a sign-in flow that captures an email or a phone number
Splash pages must be configured according to the criteria listed in this article. If the splash page is not configured correctly, you will not be able to select splash pages during setup.
Enabling the Aruba Central app in Envoy
Splash Page Requirements:
Create a splash page in Aruba Central under “Guests" → "Splash Pages”
Splash pages must meet the following criteria:
The type must be set to “Authenticated”
“Username/Password” must be toggled on
Self-registration must be toggled off
Choose “Session Timeout” (defaults to 8 hours)
Step 2 (Customization) and 3 (Localization) can be set to your preferences!
Aruba Central + Envoy Configuration
This app is configured per location. If using multiple locations, then the app must be installed at each location.
Navigate to Apps on the Envoy Dashboard and install Aruba Central
Step 1: About
Authorize the app and proceed to step 2 when ready.
Step 2: API Access
Base URL: Envoy needs to know where to send information when we're creating credentials in Aruba Central.
The Base URL can be found in Aruba Central from the Account Home → Organization → API Gateway → APIs. This section will show API urls listed in "All Published APIs". If there is more than one, you can copy and paste either of the URLs into the Base URL field.
Aruba Username:
Enter your admin username
Aruba Password:
Enter your admin password
Aruba Customer ID:
Enter your Customer ID. The Customer ID is found by clicking the person (profile) icon in the top right corner Aruba central web portal.
API Client ID and API Client Secret
This can be found in Account Home → Organization → API Gateway → My Apps & Tokens. You may need to add a new token.
Step 3: Workplace
Envoy offers the convenience of automatically signing in employees when they connect to your workplace's Wi-Fi network. This feature not only simplifies the process of tracking real-time office attendance but also helps provide valuable over-time analytics to monitor employee presence.
By leveraging this capability, organizations can easily understand and analyze patterns of office attendance, ensuring a comprehensive view of who is in the office at any given time and making it easier to optimize workspace utilization and enhance operational efficiency.
Aruba Configuration:
To capture an employee's network connection event successfully, the authorization method for the selected network must use an email that matches an employee in Envoy's directory. We also currently only track events where the client_type = 'WIRELESS'.
For instance, 802.1X RADIUS authentication will capture a username (which must be an email that matches an employee in the Envoy directory). Envoy monitors the network logs and uses that email to sign the employee into the workplace.
This ensures that the network events are properly linked to the corresponding employee in the Envoy system.
Envoy Configuration:
Health check/Registration questions must be disabled. To disable questions, go here, click advanced settings under the Employee reservation flow, and disable the questionnaire.
Auto-sign out must be enabled in Location Settings. If auto-sign out is disabled, then employees will remain signed in to the workplace and will not be signed in the next day with their badge swipes.
There are three ways to configure Envoy for tracking Employees via Wifi Connection.
Network Name
Select the name of the Network you wish to capture sign in events from. Employees that sign into this network(s) will be auto checked-in to Envoy.
Site Name
Track employees by site. Check the site which you wish Envoy to monitor.
Match Network and Site Names
Select both Network and Site Name.
Step 4: Visitor Splash Page
Select your desired splash page from the drop-down of splash pages.
If you see your splash page but cannot select it then this indicates the splash page does not conform to our requirements. You can revisit our "Requirements" section in this article for more information.
Step 5: Visitor Access
Access Duration:
Select a default access duration from the drop-down for Wifi credentials issued for this integration
Default Access Map:
Select the default Aruba access type (Splash Page) to issue to Visitors. Use next section for custom mapping to flow.
Aruba Guest Account to Envoy Flow
This step is optional and will allow you to exempt individual flows from the default Aruba access type or completely exempt from access to Aruba central.
Select the Visitor Types which should receive WiFi credentials upon sign-in / or invite
Select one or multiple visitor flows to receive credentials.
Anonymize Aruba Central username for Envoy visitors
Check this box to anonymize and hide the Aruba Central username for Envoy Visitors
Restrict WiFi access to only visitors which were invited
Wifi access will only be granted if there is an invite created for the Visitor if this box is checked.
Expire WiFi credentials upon sign-out from Envoy.
Wifi credentials will not work after the visitor is signed out if this box is checked.
Credentials viewed in Aruba Central
Credentials generated by Envoy will follow this format, based on the visitor information and configuration set up in Envoy:
Credentials viewed in Envoy:
