Skip to main content
essentry is a fully automated visitor management solution that integrates seamlessly into existing access control systems to grant guests the physical access they need and are allowed to. The following describes the process from the point of view of employees / hosts and guests:
  1. Employees invite guests (either through the essentry Dashboard or a pre-processor system) and can assign access profiles to these guests. The employee can also specify if their guests can move around by themselves or if they must be escorted by the host.
  2. essentry sends an invitation email to the guests with a QR code that they can use to check-in at the essentry Kiosk when they arrive at the facility. The email can also contain other information and guide the guest through an Online Check-in to save time during the check-in or to report a wrong spelling of their name.
  3. When the guest checks in at the essentry self-service Kiosk and their identity is successfully verified, the Kiosk dispenses an RFID card. Thanks to the access control system integration the card holds the access profiles that the host specified during the invitation process as described under Integration and Synchronization.
  4. The host is informed about the guest’s arrival via email.
  5. If the host has specified that the guest must be escorted, the RFID card will not be activated yet until the host has confirmed the pick-up. The host pick-up process is not described in this document.
  6. The host and the security personnel can still add or remove access profiles afterward in the essentry Dashboard in case a permission was forgotten during the invitation (see screenshot below).
  7. When the guest is checked out, the RFID card will be deactivated, and all access profiles will be removed.
Open image-20240522-125656.png image-20240522-125656.png

Integration and Synchronization

essentry’s access control integrations offer a two-way-synchronization:
  1. Every door/lock and every access profile (a group of doors/locks) are loaded from the access control system and synchronized into the essentry system. This information is automatically kept up to date. This allows employees and security personnel to select these profiles easily from the essentry Dashboard or the Outlook integration.
  2. When a guest has successfully checked-in, essentry creates the person inside the access control system, assigns them the correct RFID card (that was dispensed at the Kiosk), and attaches the access profiles that were specified during the invitation. essentry can also update, disable, or remove the records from the access control system if they get updated in the essentry Dashboard or the guest has been checked out.
The advantage of this approach is that every piece of data does only need to be managed in one place. Once a new door or lock is added to the facility and the access control system, it automatically appears in the essentry Dashboard as well. On the other side, assigned access profiles, and cards, are primarily managed within essentry and manual changes to the access control system are automatically overridden so that there is no discrepancy between the data. Administrators can add filters to select which access profiles should be displayed or if all guests should get a default profile (like “Visitors”). The self-service Kiosk itself does not grant access permissions to guests. When the Kiosk dispenses an RFID card, it either reads the serial number of the card or reads a number inside an encrypted segment on the card and sends this number to the essentry servers. The essentry servers combine this information with the assigned access profiles and send this information to the access control system that itself verifies whether a door can be opened. The following diagram shows how this process works: Open image-20240522-125721.png image-20240522-125721.png

Multiple Access Control Systems

essentry can work with multiple access control systems and can offer a unified interface to all systems for employees and security personnel. The basic integration and synchronization work as described above. Depending on how the administrator has configured the access profile filters, employees and security personnel have the option to attach the following to their guests: A door/lock (“Gate 5”) or an access profile (“Event Space”) that are managed in the access control system An access profile that is managed in essentry (“Visitors”). essentry manages the assignment of all access profiles and synchronizes them to the corresponding access control system that they belong to.

Card Management

essentry offers two approaches to how cards can be managed. For each integrated access control system, this mode can be configured. In both cases, there must be a globally shared pool of card numbers. If you have a leading access control system that manages all available RFID cards, then essentry can synchronize them as well and make sure that only those cards can be assigned by the self-service Kiosks and the security personnel. If you have no leading access control system and there is no centralized service yet where RFID cards are managed, then essentry can fulfill that role. By default, the self-service Kiosk will dispense every card that is recognized as a customer-card (based on the type). If the card has never been used before then it will be created in the access control systems and assigned to the guest. If the security personnel manually assign a card to a guest, they can choose an existing unassigned card or enter the number of a new card which will also be created. We recommend that the administrator configures a pre-defined set (or range) of card numbers in the essentry Dashboard to avoid dispensing or choosing cards that are assigned to employees.

Connectivity

Most access control systems run behind a firewall within the corporate network, and essentry needs to transfer the information about guests (that are stored in the essentry cloud) to these systems. There are two ways to accomplish this (illustrated in the diagram below): The ACS servers need to be exposed to the internet with a public IP address so that essentry can connect to it directly from the internet. This is something we do not recommend for security reasons unless the servers are already reachable from the internet. essentry offers a small Windows program, the “essentry Cloud Connector”, that can run on a server inside the customer’s on-premises network that loads all information from the essentry Cloud (just like a normal web browser would) and writes the information to the access control system via the internal corporate network. Open image-20240522-125814.png image-20240522-125814.png