Empower your employees and visitors with automated access control and employee check-in through Gallagher

Updated over a week ago

How does Gallagher work with Envoy?

The app works with Envoy to streamline access control for employees and visitors. With customization options, you're in control to decide not only which visitor flows receive access but also the level of access they are granted.

Envoy will generate Mobile Credentials for your enabled employees and visitors based on your criteria with automatic expiration, enforced by permission expiration in Gallagher and customization in Envoy. Gallagher emails mobile credentials access to permitted visitor flows based on the email they provide during sign-in.


  • Automatically assign visitors to access groups in Gallagher.

  • Customize your visitors' access by mapping multiple groups to different visitor types in Envoy.

  • Automatically expire visitors' access after a pre-set duration or during sign-out.

  • Restrict access to only invited visitors.

  • Automatically provide employees with building access after they’ve been approved through Workplace.

  • Automatically check-in employees through badge swipes

  • Collect data occupancy analytics through badge swipes per physical location


You will need administrative access to enable and create the API key in Gallagher. Ensure you have sufficient access or work with a local administrator before proceeding with the following steps.

  • API Access needs to be enabled; create a REST API key to enable access.

    • Search 'REST API' on the Configuration Client help center to find the following article.

    • Go to "Configure" -> "Services & Workstations" -> "Command Centre Cloud" -> "Configuration"

      • Checkbox "Enable Gallagher API Gateway"

      • Choose region, this will be important to input during Envoy config

        • Ensure that the Command Centre Cloud has the same division access provided to the REST API Setup.

    • Go to "Configure" -> "Services & Workstations" -> "REST API Setup"

      • Create new "Rest Client" if one does not exist

      • Under "General" choose the division in which the API client will have access

      • Under "API Key" copy the API key for use within the Envoy dashboard configuration

      • Under "Connections" select "Allow connection via Gallagher API Gateway"


        • Envoy does not run Windows servers and client certificate thumbprint is not how Envoy's cloud integration with Gallagher was built to communicate.

        • Utilize "IP Filtering" under "Connections" if applicable.

          • Envoy's IPs to allowlist:




Gallagher + Envoy Setup

Step 1: Create REST API KEY

Create the REST API key noted above in prerequisites and copy for later use. Make note of the region you selected in the configuration.

Step 2: Install the Gallagher app in Envoy

  1. Navigate to Apps > Access Control in the Envoy dashboard.

  2. Search for Gallagher under Access Control.

  3. Click Install.

  4. Authorize the permissions between Gallagher and Envoy.

  5. Input the API key and Remote URL copied from the instructions above.

  6. Select the Division and Reception for the specific location where you want to enable functionality.

    1. Ensure that the Command Centre Cloud has the same division access provided to the REST API Setup.

Step 3: Select your Visitor's options

  1. Select your visitor card type for all visitors

  2. Select your visitor type and access group.

    1. You can add more visitor types as needed based on the sign-in flows you have created in Envoy. Learn more about sign-in flows here.

    2. Visitor flows that do not have access group mappings will not receive credentials.

  3. The "Customization" step allows you to finalize the integration and define basic behavior, this includes the following:

    1. Invite Only: Toggling this option on will restrict permission creation to only visitors with an invite, at time of invite. When this option is toggled off both impromptu visitors and invited visitors receive credential access, based on their Visitor Flow in Envoy.

    2. Access Duration: This is the length of time the permission will work for. After the access duration expires, the permission will be terminated.

    3. Advance Access: This option is intended for invited visitors who may need time prior to the scheduled meeting to navigate to the meeting room. This can extend to areas where visitors may need access to enter a larger building or parking garage.

    4. Create the visit: Toggling this option on will add the visit record into Gallagher's Visit section of their product.


If you would like to sync visitor photos to Gallagher, you will need to to add “headshot” as a PDF (personal data field) and the photo will be added to the Gallagher cardholder profile.

Step 5: Select your Workplace options

If you already have Gallagher setup in Envoy, you can edit your existing settings under the Workplace tab under your Gallagher Configuration. After enabling, go ahead and re-save the app set-up.

Options for Employee Check-in

Complete the following Options:

  1. Envoy Workplace: Check this box if your company has Envoy Workplace (Employees) enabled.

  2. Employee Exclusions: Select any employees that should be excluded from Workplace.

  3. [Not available - upon request] Badge Event - Target Access Point: Select the Access Point to use for badge events on this Envoy location.

  4. Access Management: Choose one of the following options based on your employee sign-in (see image above):

    1. Auto Check-In with Badge Swipe

    2. Register & Check-in Required for Access

  5. Click Complete Setup.

Requirements for Auto check-in with a badge swipe

1. Health check/Registration questions must be disabled. To disable questions, go here, click advanced settings under the Employee reservation flow, and disable the questionnaire.

2. Auto-sign-out must be enabled in Location Settings. If auto-sign-out is disabled, then employees will remain signed in to the workplace and will not be signed in the next day with their badge swipes.

Disclaimer for Registration & Check-in for access:

Gallagher users must start in a suspended state for Envoy to grant them access as they check in. Users (employees) are not suspended by default. Envoy did not want to take on the liability to mass suspend user accounts. To do this on your own, you must set Suspend Access to true to disable your users' access.

Ready to sign up?

Get started in minutes. No credit card required. See plans and pricing →

Did this answer your question?