How does Gallagher work with Envoy?
The app works with Envoy to streamline access control for employees and visitors. With customization options, you're in control to decide not only which visitor flows receive access but also the level of access they are granted.
Envoy will generate Mobile Credentials for your enabled employees and visitors based on your criteria with automatic expiration, enforced by permission expiration in Gallagher and customization in Envoy. Gallagher emails mobile credentials access to permitted visitor flows based on the email they provide during sign-in.
Benefits
Automatically assign visitors to access groups in Gallagher.
Customize your visitors' access by mapping multiple groups to different visitor types in Envoy.
Automatically expire visitors' access after a pre-set duration or during sign-out.
Restrict access to only invited visitors.
Automatically provide employees with building access after they’ve been approved through Workplace.
Automatically check-in employees through badge swipes
Collect data occupancy analytics through badge swipes per physical location
PREREQUISITES
You will need administrative access to enable and create the API key in Gallagher. Ensure you have sufficient access or work with a local administrator before proceeding with the following steps.
Determine your Australian or US Gateway Region, depending on your Gallagher instance:
API Access needs to be enabled; create a REST API key to enable access.
Search 'REST API' on the Configuration Client help center to find the following article.
Go to "Configure" -> "Services & Workstations" -> "Command Centre Cloud" -> "Configuration"
Checkbox "Enable Gallagher API Gateway"
Choose region, this will be important to input during Envoy config
Ensure that the Command Centre Cloud has the same division access provided to the REST API Setup.
Go to "Configure" -> "Services & Workstations" -> "REST API Setup"
Create new "Rest Client" if one does not exist
Under "General" choose the division in which the API client will have access
Under "API Key" copy the API key for use within the Envoy dashboard configuration
Under "Connections" select "Allow connection via Gallagher API Gateway"
ENVOY DOES NOT SUPPORT CLIENT CERTIFICATE THUMBPRINT
Envoy does not run Windows servers and client certificate thumbprint is not how Envoy's cloud integration with Gallagher was built to communicate.
Utilize "IP Filtering" under "Connections" if applicable.
Envoy's IPs to allowlist:
18.204.164.109
52.6.210.64
52.86.90.108
To use the integration, Envoy requires an email to be added as an accessible personal data field. This field is required because Envoy uses email as the unique identifier to sync visitor information to Gallagher.
The operator that is the owner of the REST API client also needs to have sufficient privileges to the divisions, access groups, cardholders, and card types.
Envoy requires 4 API licenses currently, we are working with them to migrate this to a single part number in the future. Please reach out to Gallagher to acquire this.
Visitors
RESTCardholders
VisitorManagement.
Workplace
REST Create (Auto Check-in)
CreateEvents (Check in required for access)
Gallagher + Envoy Setup
Step 1: Create REST API KEY
Create the REST API key noted above in prerequisites and copy for later use. Make note of the region you selected in the configuration.
Step 2: Install the Gallagher app in Envoy
Navigate to Apps > Access Control in the Envoy dashboard.
Search for Gallagher under Access Control.
Click Install.
Authorize the permissions between Gallagher and Envoy.
Input the API key and Remote URL copied from the instructions above.
Select the Division and Reception (optional) for the specific location where you want to enable functionality.
Ensure that the Command Centre Cloud has the same division access provided to the REST API Setup.
Reception field should only be configured if you are using Gallagher's VMS.
Step 3: Select your Workplace options
If you already have Gallagher setup in Envoy, you can edit your existing settings under the Workplace tab under your Gallagher Configuration. After enabling, go ahead and re-save the app set-up.
Options for Employee Check-in
Complete the following Options:
Envoy Workplace: Check this box if your company has Envoy Workplace (Employees) enabled.
Employee Exclusions: Select any employees that should be excluded from Workplace.
[Not available - upon request] Badge Event - Target Access Point: Select the Access Point to use for badge events on this Envoy location.
Access Management: Choose one of the following options based on your employee sign-in (see image above):
Auto Check-In with Badge Swipe
Register & Check-in Required for Access
Click Complete Setup.
Requirements for Auto check-in with a badge swipe
1. Health check/Registration questions must be disabled. To disable questions, go here, click advanced settings under the Employee reservation flow, and disable the questionnaire.
2. Auto-sign-out must be enabled in Location Settings. If auto-sign-out is disabled, then employees will remain signed in to the workplace and will not be signed in the next day with their badge swipes.
Disclaimer for Registration & Check-in for access:
Gallagher users must start in a suspended state for Envoy to grant them access as they check in. Users (employees) are not suspended by default. Envoy did not want to take on the liability to mass suspend user accounts. To do this on your own, you must set Suspend Access to true to disable your users' access.
Step 4: Select your Visitor's options
Select your visitor card type for all visitors
Select your visitor type and access group.
You can add more visitor types as needed based on the sign-in flows you have created in Envoy. Learn more about sign-in flows here.
Visitor flows that do not have access group mappings will not receive credentials.
The "Customization" step allows you to finalize the integration and define basic behavior, this includes the following:
Invite Only: Toggling this option on will restrict permission creation to only visitors with an invite, at time of invite. When this option is toggled off both impromptu visitors and invited visitors receive credential access, based on their Visitor Flow in Envoy.
Access Duration: This is the length of time the permission will work for. After the access duration expires, the permission will be terminated.
Advance Access: This option is intended for invited visitors who may need time prior to the scheduled meeting to navigate to the meeting room. This can extend to areas where visitors may need access to enter a larger building or parking garage.
Create the visit: Toggling this option on will add the visit record into Gallagher's Visit section of their product.
Photos:
If you would like to sync visitor photos to Gallagher, you will need to to add “headshot” as a PDF (personal data field) and the photo will be added to the Gallagher cardholder profile.
Ready to sign up?
Get started in minutes. No credit card required. See plans and pricing →