All Collections
Connect Technical Set-Up
Using NetBox by Lenel•S2 with Connect
Using NetBox by Lenel•S2 with Connect

Learn more about how Envoy Connect integrates with Netbox to help simplify your security operations.

Updated over a week ago

What is Netbox?

Lenel•S2 develops an array of physical security solutions for large corporations, including access control, video surveillance, event monitoring, digital signage, live Internet-sourced, real-time data and information feeds, mobile applications, and cloud-based services.


  1. You’ll need to be an administrator on your Netbox account to complete this installation. Either become an administrator or ask your admin for help before completing these steps.

  2. For on-premises Netbox instances, Netbox instance must be made externally accessible by NAT, or other methods. For more information, please refer to this article: Envoy and Access Control System Integration Topologies.

  3. The API must be enabled on your Netbox. "System Setup" credentials are needed to authenticate the API requests and are required when using the Netbox endpoints. Additional requirements are detailed below.

  4. In order for the app to work and connect to your Netbox instance, please allowlist the following IP addresses for inbound and outbound communication




  5. Validate the port for your Netbox instance and confirm the port where traffic is expected to flow through is open. The standard secure port will also need to be open (port 443).

How does Netbox work with Envoy Connect?

The Envoy + Netbox app streamlines the process of logging and assigning access cards to visitors. When a visitor signs in, Envoy automatically creates an entry for the visitor in your Netbox activity log. Netbox then assigns the visitor an access card with the appropriate expiration date and access level.

If you use Envoy’s block list feature, you can use the Envoy + Netbox app to kick off security measures when an unwanted visitor tries to sign in. When visitors match keywords on your block list, you can choose to trigger an event in Netbox. You can then configure specific actions, like turning on security cameras or alerting your security team.

How to Configure Envoy Connect with Netbox

Step 1: API

  1. Under Access Control, find S2.

  2. Click “Install.”

In the API step, paste or type your Netbox IP/URL in the “Enter your URL” field, and click “Next step.”

  1. On-premise NetBox must have an accessible public IP/URL for Envoy to connect.

    1. Note: If a custom port is configured for traffic flow, in addition to Port ports 443, the custom port must be appended to the Netbox IP/URL in the “Enter your URL” field. (e.g. https://192.168.XX.XXX:8080)

  2. Enter the administrator username and password

  3. If your Netbox is configured across multiple partitions, enable "Multi-partition Mode".

  4. Select the appropriate timezone for your Netbox

  5. Select the applicable Netbox API version from the dropdown

    1. Version 1 - Netbox 5.5 and lower

    2. Version 2 - Netbox 5.6+

Step 2: Access Levels

On the Access Levels step, you'll choose which Tenant’s Visitors sync to Netbox and their permission levels. To configure the access levels available for Envoy to use, you will need to assign “Events” in Access Levels in Netbox (Configuration -> Access Control -> Access Levels). Once configured in Netbox, those access levels will appear in the dropdown menu(s) underneath “access levels” in the configuration page.

  1. Custom access levels per tenant can be defined here.

  2. Setting an Envoy visitor type to "none — disallow" will prevent the visitor type from being recorded as a person record in Netbox.

  3. Optionally, the Default access level setting can be used to serve as a baseline access level or to serve the same access level to all tenants’ visitors. This setting is located below the “Activity logging” feature and above the “Enable card generation” feature.

Step 3: Badge access duration

For this step, you'll choose the maximum access duration each visitor, regardless of tenant, should have to complete their visit for the day.

Step 4: Custom Configuration

On the Card configuration step, you'll choose the applicable card number format, visitor identifier for your Netbox logs, activity logging, and optional QR code allowance using Wiegand 26-bit card numbers to be used for entry at an unguarded turnstile or any QR code capable reader.

  1. Card number format: Choose the applicable card number format for your environment. If utilizing QR codes, the card number format must be a 26-bit Wiegand format (however that card number format is named in your environment).

  1. Visitor identifier: The Envoy + Netbox integration requires a field on the Netbox Person record to store our visitor identifier. The default field to store this identifier is UDF1. However, through this option you can choose to use a differentl UDF field.

  1. (Optional) Activity logging: Enable this option to record generic activity log information from Connect card modifications in your Netbox activity log.

  1. (Optional) Enable card generation: Enabling this optional feature will perform the following operations after guest check-in:

    1. Automatically assign a card number

    2. Convert the new card number as a QR code to be either printed on a sticky badge for the visitor to use or emailed directly to the visitor (see #5 below for more details).

The minimum and maximum card number can also be set to prevent the QR code from overlapping with an employees' predefined card number.

  1. QR code sharing: The final two toggles are related to step 4 and how you would like to serve the QR code to the visitor for their use. You can enable both features if desired.

    1. Badge QR Code Printing: Enable this option to print the QR code credential on a sticky badge when the visitor checks in.

    2. Share QR Code by Email: If the tenant enters the visitor’s email address when inviting the visitor from their tenant account, the QR code credential will be emailed to the visitor. Learn more here.

Step 5: Complete Setup

Once the app is configured to your liking, click the ‘Complete Setup’ to finalize the configuration for the integration.

How access cards are assigned to Envoy Visitors in Netbox

Assigning access cards to visitors is completed through one of two ways.

  1. If QR code generation is enabled, an unassigned card number within the defined range (Step 4 - #4) will be assigned to that visitor for the access duration as defined in Step 4 - #1.

  2. For configurations without QR code generation, the card number can be assigned manually to the visitor through the Envoy dashboard. Upon check-in, security personnel at the desk can scan or input a card number in the field below. This field automatically appears on the Invite log screen when the visitor checks in.

Netbox required configuration

Note: If you are using an on-premise NetBox, the following configurations must be followed.

  • Ensure the Netbox API feature is enabled on your Lenel•S2 Netbox. The “Enabled” checkbox should be checked in the “API” section, which you can find in your Netbox under the following menus, Configuration -> Site Settings -> Network Controller -> Data Integration.

  • In order for events to show up in the activity log, they need to have at least one action (Configuration -> Alarms -> Events -> Actions) created for an Event (E.g. Envoy visitor)

  • In order for the activity log to function, there should be at least one Network Node. The node does not need to be real (Configuration -> Site Settings -> Network Nodes -> Type: MicroNode)

  • Note: Since there are three static IP addresses that would potentially connect to the NetBox, "No" should be selected for "Limit Session to single IP address" to ensure that Netbox doesn't block one of the two static IP addresses.

  • In the "Data Integration" tab, the "Enabled" box should be checked. In addition, ensure that “Use Authentication” and “Use login username/password for authentication (requires setup privilege) are both enabled.

How to view people created in Netbox through the check in event

In the example below, the visitor Sarah Smith has signed in with Envoy and is now accessible as a Person record.

  • Locate the visitor through Administration -> People Search

Did this answer your question?