What is Netbox?
Lenel•S2 develops an array of physical security solutions for large corporations, including access control, video surveillance, event monitoring, digital signage, live Internet-sourced, real-time data and information feeds, mobile applications, and cloud-based services.
How does Netbox work with Envoy Connect?
The Envoy + Netbox app streamlines the process of logging and assigning access cards to visitors. When a visitor signs in, Envoy automatically creates an entry for the visitor in your Netbox activity log. Netbox then assigns the visitor an access card with the appropriate expiration date and access level.
If you use Envoy’s block list feature, you can use the Envoy + Netbox app to kick off security measures when an unwanted visitor tries to sign in. When visitors match keywords on your block list, you can choose to trigger an event in Netbox. You can then configure specific actions, like turning on security cameras or alerting your security team.
How to Configure Envoy Connect with Netbox
Step 1: API
Go to Apps > All Apps.
Under Access Control, find S2.
In the API step, paste or type your Netbox IP/URL in the “Enter your URL” field, and click “Next step.”
On-premise NetBox must have an accessible public IP/URL for Envoy to connect.
Note: If a custom port is configured for traffic flow, in addition to Port ports 443, the custom port must be appended to the Netbox IP/URL in the “Enter your URL” field. (e.g. https://192.168.XX.XXX:8080)
Enter the administrator username and password
If your Netbox is configured across multiple partitions, enable "Multi-partition Mode".
Select the appropriate timezone for your Netbox
Select the applicable Netbox API version from the dropdown
Version 1 - Netbox 5.5 and lower
Version 2 - Netbox 5.6+
Step 2: Access Levels
On the Access Levels step, you'll choose which Tenant’s Visitors sync to Netbox and their permission levels. To configure the access levels available for Envoy to use, you will need to assign “Events” in Access Levels in Netbox (Configuration -> Access Control -> Access Levels). Once configured in Netbox, those access levels will appear in the dropdown menu(s) underneath “access levels” in the configuration page.
Custom access levels per tenant can be defined here.
Setting an Envoy visitor type to "none — disallow" will prevent the visitor type from being recorded as a person record in Netbox.
Optionally, the Default access level setting can be used to serve as a baseline access level or to serve the same access level to all tenants’ visitors. This setting is located below the “Activity logging” feature and above the “Enable card generation” feature.
Step 3: Badge access duration
For this step, you'll choose the maximum access duration each visitor, regardless of tenant, should have to complete their visit for the day.
Step 4: Custom Configuration
On the Card configuration step, you'll choose the applicable card number format, visitor identifier for your Netbox logs, activity logging, and optional QR code allowance using Wiegand 26-bit card numbers to be used for entry at an unguarded turnstile or any QR code capable reader.
Card number format: Choose the applicable card number format for your environment. If utilizing QR codes, the card number format must be a 26-bit Wiegand format (however that card number format is named in your environment).
Visitor identifier: The Envoy + Netbox integration requires a field on the Netbox Person record to store our visitor identifier. The default field to store this identifier is UDF1. However, through this option you can choose to use a differentl UDF field.
(Optional) Activity logging: Enable this option to record generic activity log information from Connect card modifications in your Netbox activity log.
(Optional) Enable card generation: Enabling this optional feature will perform the following operations after guest check-in:
Automatically assign a card number
Convert the new card number as a QR code to be either printed on a sticky badge for the visitor to use or emailed directly to the visitor (see #5 below for more details).
The minimum and maximum card number can also be set to prevent the QR code from overlapping with an employees' predefined card number.
QR code sharing: The final two toggles are related to step 4 and how you would like to serve the QR code to the visitor for their use. You can enable both features if desired.
Badge QR Code Printing: Enable this option to print the QR code credential on a sticky badge when the visitor checks in.
Share QR Code by Email: If the tenant enters the visitor’s email address when inviting the visitor from their tenant account, the QR code credential will be emailed to the visitor. Learn more here.
Step 5: Complete Setup
Once the app is configured to your liking, click the ‘Complete Setup’ to finalize the configuration for the integration.
How access cards are assigned to Envoy Visitors in Netbox
Assigning access cards to visitors is completed through one of two ways.
If QR code generation is enabled, an unassigned card number within the defined range (Step 4 - #4) will be assigned to that visitor for the access duration as defined in Step 4 - #1.
For configurations without QR code generation, the card number can be assigned manually to the visitor through the Envoy dashboard. Upon check-in, security personnel at the desk can scan or input a card number in the field below. This field automatically appears on the Invite log screen when the visitor checks in.
Netbox required configuration
Note: If you are using an on-premise NetBox, the following configurations must be followed.
Ensure the Netbox API feature is enabled on your Lenel•S2 Netbox. The “Enabled” checkbox should be checked in the “API” section, which you can find in your Netbox under the following menus, Configuration -> Site Settings -> Network Controller -> Data Integration.
In order for events to show up in the activity log, they need to have at least one action (Configuration -> Alarms -> Events -> Actions) created for an Event (E.g. Envoy visitor)
In order for the activity log to function, there should be at least one Network Node. The node does not need to be real (Configuration -> Site Settings -> Network Nodes -> Type: MicroNode)
Note: Since there are three static IP addresses that would potentially connect to the NetBox, "No" should be selected for "Limit Session to single IP address" to ensure that Netbox doesn't block one of the two static IP addresses.
In the "Data Integration" tab, the "Enabled" box should be checked. In addition, ensure that “Use Authentication” and “Use login username/password for authentication (requires setup privilege) are both enabled.
How to view people created in Netbox through the check in event
In the example below, the visitor Sarah Smith has signed in with Envoy and is now accessible as a Person record.
Locate the visitor through Administration -> People Search