Remote Work Tools

Hybrid office visitor management requires real-time occupancy tracking, pre-registration workflows, and automated check-in/check-out systems integrated with calendar platforms and access control. Custom solutions can be built with RESTful APIs for visitor registration, WebSocket support for live occupancy updates, and calendar webhook integration for automatic visitor creation from meeting invites. Commercial platforms like Envoy, Proxyclick, and Greet offer enterprise features, but prioritize API flexibility for integrations with internal tools that vendors cannot anticipate.

Core Requirements for Hybrid Office Visitor Management

Before implementing a solution, identify the fundamental capabilities your system needs. Hybrid office visitor management requires more than signing in visitors—it demands real-time tracking, integration with access control systems, and automated notifications.

Real-time occupancy visibility: You need to know current headcount, who is present, and their location within the building. This requires connecting your visitor management system with access control logs, badge scans, and check-in data.

Pre-registration workflows: Visitors should be registered before arrival through calendar integrations or self-service portals. This reduces wait times and provides security teams advance notice.

Automated check-in and check-out: Manual sign-in sheets are insufficient for hybrid offices. Implement QR code scanning, badge taps, or mobile app check-ins that automatically record arrival and departure times.

Integration with existing infrastructure: Your visitor system must connect with badge systems, calendar platforms (Google Workspace, Microsoft 365), Slack or Teams for notifications, and potentially building management systems.

Building a Custom Visitor Management System

For organizations with unique requirements, building a custom solution provides maximum flexibility. Here’s a practical implementation approach using modern web technologies.

Data Model

Start with a visitor record structure that captures essential information:

interface Visitor {
  id: string;
  email: string;
  fullName: string;
  company: string;
  hostEmployeeId: string;
  visitPurpose: string;
  expectedArrival: Date;
  expectedDeparture: Date;
  actualArrival?: Date;
  actualDeparture?: Date;
  badgeId?: string;
  checkInStatus: 'pending' | 'checked-in' | 'checked-out';
  accessZones: string[];
}

API Endpoints for Visitor Operations

A RESTful API enables integration with calendar systems and notification workflows:

// POST /api/visitors - Register a new visitor
app.post('/api/visitors', async (req, res) => {
  const { email, fullName, company, hostEmployeeId, visitPurpose, expectedArrival, expectedDeparture, accessZones } = req.body;

  const visitor = await db.visitors.create({
    email,
    fullName,
    company,
    hostEmployeeId,
    visitPurpose,
    expectedArrival: new Date(expectedArrival),
    expectedDeparture: new Date(expectedDeparture),
    accessZones,
    checkInStatus: 'pending'
  });

  // Send confirmation email with QR code for check-in
  await sendCheckInInstructions(visitor);

  // Notify host employee
  await notifyHost(hostEmployeeId, visitor);

  res.json(visitor);
});

// POST /api/visitors/:id/checkin - Process visitor check-in
app.post('/api/visitors/:id/checkin', async (req, res) => {
  const visitor = await db.visitors.findById(req.params.id);

  visitor.actualArrival = new Date();
  visitor.checkInStatus = 'checked-in';

  // Issue badge if using physical badge system
  if (req.body.badgeId) {
    visitor.badgeId = req.body.badgeId;
    await badgeSystem.issueBadge(visitor.badgeId, visitor.id);
  }

  // Update real-time occupancy
  await updateOccupancyCount();

  // Notify security team
  await notifySecurity(visitor, 'arrived');

  res.json(visitor);
});

Real-Time Occupancy Tracking

For hybrid offices, maintaining an accurate occupancy count requires combining multiple data sources:

// Real-time occupancy aggregation
async function getCurrentOccupancy() {
  const [visitors, employees] = await Promise.all([
    db.visitors.find({
      checkInStatus: 'checked-in',
      actualDeparture: null
    }),
    db.employees.find({
      badgeLastScan: { $gte: getStartOfDay() },
      badgeLastScanOut: { $lte: getLastBadgeScanIn() }
    })
  ]);

  return {
    total: visitors.length + employees.length,
    visitors: visitors.length,
    employees: employees.length,
    byFloor: groupByFloor([...visitors, ...employees]),
    lastUpdated: new Date()
  };
}

// WebSocket for live updates
io.on('connection', (socket) => {
  socket.emit('occupancy-update', getCurrentOccupancy());

  setInterval(async () => {
    socket.emit('occupancy-update', await getCurrentOccupancy());
  }, 30000); // Update every 30 seconds
});

Integrating with Calendar Systems

Most visitor management flows start with calendar invites. Integrating with Google Calendar or Microsoft Graph API automates visitor registration:

// Google Calendar webhook handler
app.post('/api/webhooks/calendar', async (req, res) => {
  const event = req.body;

  if (event.summary?.includes('Visitor:')) {
    const visitorName = event.summary.replace('Visitor: ', '').trim();
    const visitorEmail = event.attendees?.[0]?.email;

    await db.visitors.create({
      email: visitorEmail,
      fullName: visitorName,
      hostEmployeeId: event.organizer.email,
      expectedArrival: event.start.dateTime,
      expectedDeparture: event.end.dateTime,
      visitPurpose: event.description || 'Meeting'
    });
  }

  res.status(200).send('OK');
});

Commercial Solutions Worth Considering

Several established platforms offer visitor management without requiring custom development:

Envoy: Provides visitor registration, badge printing, and integrations with access control systems. Their API enables custom workflows, though pricing scales with visitor volume.

Proxyclick: Offers enterprise-grade features including watchlist screening and NDA management. Strong integration with Microsoft ecosystem makes it suitable for organizations using Microsoft 365.

Greet: Emphasizes touchless check-in with QR codes and mobile credentials. Provides real-time dashboards for occupancy tracking.

When evaluating commercial solutions, prioritize API flexibility—your system will likely need custom integrations with internal tools that vendors cannot anticipate.

Security Considerations

Visitor management systems handle sensitive personal data. Implement these security practices:

Data encryption: Encrypt visitor data at rest and in transit. Visitor PII (personally identifiable information) should never be logged in plain text.

Retention policies: Automatically purge visitor records after a defined period (typically 90 days) unless legally required to retain longer.

Access logging: Maintain audit trails of all system access, including who checked in visitors and when badge assignments changed.

Badge voiding: Implement automated processes to void badges when visitors fail to check out, preventing orphaned access credentials.

Practical Implementation Checklist

Use this checklist when deploying a visitor management system:

Comparing Commercial Platforms in Depth

When budget and timeline favor a commercial solution, the choice between Envoy, Proxyclick, and Greet comes down to specific integration needs rather than feature parity — all three cover the basics competently.

Envoy is the most widely deployed in US tech companies. It handles iPad-based kiosks well and has a polished badge printing flow. The Envoy API is relatively mature and supports webhook events for arrivals and departures. The limitation is pricing: Envoy bills per location and adds per-feature charges for things like capacity management and deliveries, which can make costs unpredictable as hybrid office needs expand.

Proxyclick targets enterprise and regulated industries. It includes built-in watchlist screening against international sanctions lists, NDA digital signature workflows, and ISO 27001 certification. If your organization handles government contracts or financial services clients, the compliance documentation that Proxyclick provides is worth the higher price point. Its Microsoft 365 integration is particularly strong — visitor invites flow directly from Outlook calendar events without custom webhook development.

Greet (from iOFFICE, now part of Eptura) positions itself as part of a broader workplace management suite. If you are already using desk booking or space management software from the same vendor, consolidating into Greet avoids duplicate data models for employee and space records. The touchless QR check-in flow is smooth, though the admin dashboard feels less polished than Envoy’s for day-to-day operations.

For teams under 50 employees at a single location, Envoy’s Starter plan is a practical default. For multi-location enterprises above 500 employees, evaluate Proxyclick if compliance is a priority or Greet if you want to unify workplace software under one vendor.

Handling Edge Cases in Visitor Flows

Production visitor management systems encounter edge cases that simple demos do not cover. Plan for these before launch rather than patching them under pressure.

Walk-in visitors with no pre-registration. Build a separate walk-in registration kiosk flow that captures minimal information quickly. Require name, company, and host employee name. Have the system send an instant Slack or Teams message to the host asking them to approve or deny the visitor. If no response arrives within five minutes, escalate to the front desk.

Group visits. Interview panels, office tours, and vendor demos bring multiple visitors at once. Your API should support batch registration with a shared visitGroupId field. Issue visitors a QR code tied to the group rather than requiring each person to scan individually at the kiosk.

Extended stays. Some contractors or partners visit daily for weeks. Implement a recurring visitor record with a validity window and badge that activates each morning during the window period, rather than requiring re-registration every day.

Failed checkout detection. Visitors who leave without scanning out create inaccurate occupancy counts. Set a time-based fallback: if a checked-in visitor’s expected departure time has passed by two hours with no checkout event, automatically mark them as checked out and void their badge access. Log the discrepancy for the security audit trail.

Notification Workflow Design

Automated notifications make or break the visitor experience. Design notification events for each state transition:

Use a notification service like SendGrid for email and Twilio for SMS alongside your Slack or Teams integration. Visitors outside your corporate network should receive SMS or email rather than Slack messages since they will not have workspace access.

Built by theluckystrike — More at zovo.one

Explore Our Developer Guides

© 2026 theluckystrike Developer Guides