Combining Active Directories and Access Control for Better Visitor Management

There’s a distinct challenge in using access control for visitor management. Designers of access systems may focus only on those who need permanent access, as they consider visitor management a separate issue entirely. Many enterprises choose to segregate their visitor management and access control protocols, but this can lead to more work for employees and more risk for the business. Alternately and to greater effect, enterprises can choose to combine visitor management with access control by making a few strategic changes.

This process starts with making better use of active directories. Creating a centralized hub for managing personnel makes it easier to control access both on a permanent and temporary basis. It also eliminates steps in the process which can cause oversights.

Why Access Control Should Connect to Active Directories

Access control systems come with their own credentialing software which is tempting to use. Most organizations see this and don’t believe there is a need to tie in any external databases. They assume they’ll be able to manage their access control systems on their own manually.

In one instance with a healthcare client we assisted, we saw how manual management causes significant database bloat. Their access control system had 5000 names, but they only had 1500 employees. This meant that about 70% of their directory was outdated, which put their security at substantial risk. Out of 3500 credentials which should have been revoked, more than a few likely belonged to disgruntled former employees who’d be willing to use them to harm the hospital.

An existing employee could also have taken one of these cards to use it for nefarious means like accessing controlled substances or PHI without it coming back to them. As long as they were active when they shouldn’t have been, these cards presented a major potential for breach.  Anyone could have taken them, used them inappropriately and avoided all accountability for it.

The primary cause for all these expired credentials was lack of time. Busy medical providers didn’t have the time they needed to delete old employees manually. The problem compounded until it presented a serious security risk. Had the healthcare facility made use of an active directory to manage their access control, they likely would not have had this problem.

Active directories feed into all enterprise systems and permissions databases. When using one to manage access control, enterprises automate database management. The moment that HR changes an employee’s work status from “full time” to “fired,” as an example, their access credentials are immediately void. This process doesn’t just work in the case of those with permanent access, either. It also manages foot traffic from visitors.

The Benefits of Using Access Control for Visitor Management

Once access control is correctly tied to the enterprise’s active directory, it can also become a tool for managing temporary access. Enterprises will deal with regular visits from clients, vendors, temporary employees and more every day. Often, visitor management is a less sophisticated paper sign-in program which presents risks and inconveniences. Using an integrated access control system, enterprises can:

  • Match visitors to sponsors. Any visitor will have a point of contact at the enterprise. Through access control, the enterprise can match that visitor to the employee. This step creates accountability for the employee in the event the visitor does something wrong.
  • Issue temporary credentials. When enterprises do issue credentials to temporary guests, it’s often just an unassigned general key card. Through an integrated system, enterprises can use a camera to take a photo of that visitor and issue temporary credentials tied to their name. This makes it much easier to track visitors as they move through the building.
  • Revoke access remotely. Temporary visitors may forget to return key cards when they leave. When the visitor has credentials specific to them, access is revocable remotely. Issuing temporary sticker badges or app-based credentials also eliminates the cost of replacement key cards in these instances.  
  • Eliminate the need for consistent monitoring. Often, visitors are onsite to complete a specific job which doesn’t require employee oversight. Consider a contractor visiting to fix an issue with the building’s A/C. They may need to access several areas, which would require an escort. Integrated access control, surveillance, magnetic locks, and credentials give them the freedom to travel where they need while limiting their access to specific areas.
  • Easily manage repeat visitors. It’s not uncommon for visitors to be recurring guests of a company. Rather than add them every time, the integrated access control system can pull up that individual’s information and reissue access and credentials as needed.

Integrated electronic security streamlines visitor management. Individuals can travel where they need to unimpeded while enterprises can protect assets. Such programs leverage active directories for minimizing database bloat and saving employees time. It’s possible to automatically manage foot traffic building-wide when using an integrated electronic security system.