Skip to main content

Solution · Identity and access

The right person through the right door, proven.

Identity at the door: mobile credentials as the default, biometric only on the doors that earn it. Multi-site, HR-integrated, and BIPA-aware before any reader ships.

Start the conversation
or reach us directly
Call us855-577-0400
  • NDAA-compliant
  • Platform-agnostic
  • 1,000+ deployments over 15 years

Biometric and mobile-credential access control proves who walked through a door, not just that it opened. Mobile credentials on the phone are the default: revocable, person-controlled, nothing to recover at offboarding. Biometric readers go only on high-stakes interior doors where the assurance is worth a BIPA-compliant consent program. Tec-Tel installs Brivo, Avigilon Alta, Kisi, Genetec, and HID, HR-integrated and multi-site. Book a free consultation.

Mobile-first
the credential on the phone is the default, biometric only where scoped
4 credential types
badge, mobile, PIN, and biometric, matched to the door by policy
BIPA-aware
state-by-state biometric law checked before any reader ships
HR-integrated
access granted and revoked from the same identity event as onboarding

§01  What the solution covers

Identity at the door, matched to the door.

Mobile-first credentials, biometric only where it is scoped and legal, and one identity that grants or revokes every door across every site from the same HR event.

Mobile credentials as the default door The badge moves to the phone. Bluetooth or NFC reads the credential without a tap, so there is no plastic to issue or recover. Avigilon Alta, Brivo, Kisi, and HID Origo all support mobile-first deployments, and the credential is revoked the moment HR offboards the person.
Biometric readers on the doors that earn them Fingerprint, palm, or face on high-stakes interior doors: data centers, clean rooms, cash rooms. Enrolled and consented to the BIPA standard, with a published retention schedule and a deletion process. The default is badge or mobile at the perimeter, biometric only where it is specifically scoped.
One identity, every door, every site A new hire created in Workday or Okta is auto-provisioned across the access platform, with group memberships that map to door schedules. Cloud-native platforms (Brivo, Avigilon Alta, Kisi) run multi-site from one console. On termination, the same identity event revokes every door in seconds.

§02  The outcome

Access that proves who walked through, not just that a door opened.

A metal key proves nothing. It does not say who used it, when, or whether they should have. The outcome a multi-site operator wants is a record: a known person, with a credential they control, granted the right door for the right window, logged and auditable. That is the difference between a lock and access control.

The credential is the lever. A badge in a wallet, a credential on a phone, or a biometric template on a high-stakes door each answers the who with a different level of assurance and a different compliance cost. An integrator's job is to match the credential to the door and the law, not sell one reader everywhere.

§03  Mobile first, biometric where scoped

The phone in the pocket is usually the right credential.

Mobile credentials have become the default for new deployments. The credential lives on the phone the person already carries, reads over Bluetooth or NFC without a tap, and costs nothing to revoke when someone leaves. There is no plastic to issue, no badge to recover at offboarding, and no 125 kHz prox card that clones in seconds at a kiosk. For executives and contractors especially, mobile is the lower-friction, lower-risk answer.

Biometric earns its place on a short list of doors: data centers, pharmaceutical clean rooms, cash rooms, and anywhere a shared or stolen credential is the real threat. A fingerprint, palm, or face template raises assurance because the credential cannot be handed off. It also raises the compliance and cost burden, so Tec-Tel defaults to badge or mobile and routes biometric only to the doors where the assurance is worth the program behind it.

  • Badge (13.56 MHz smart card) for the main perimeter on offices, manufacturing, and healthcare. We upgrade legacy 125 kHz prox to smart cards by default because prox clones easily.
  • Mobile credential for executives, contractors, and any site that wants to stop managing plastic. Supported across Avigilon Alta, Brivo, Kisi, and HID Origo.
  • PIN as a second factor on top of a badge or mobile credential, rarely as the only credential at the perimeter.
  • Biometric only on specific high-stakes interior doors, with a documented consent program behind it.

§04  The biometric law that decides it

Biometric assurance comes with a consent program, not just a reader.

There is no single federal biometric privacy law. Illinois BIPA, Texas CUBI, and Washington's biometric privacy law each require written informed consent before you collect a fingerprint, palm, or face template, plus a published retention schedule and a deletion process. BIPA carries a private right of action and statutory damages of $1,000 per negligent violation and $5,000 per intentional violation, per scan. The class-action exposure is real, so the program around a biometric reader matters as much as the reader.

Before any biometric door goes in, the checklist is the same: written informed consent signed by every employee who will use the reader, a published retention schedule, a deletion process for when someone leaves, and a documented data-handling policy. Tec-Tel does not write the legal policy. We point at the gaps, recommend counsel, and default to badge or mobile unless the customer has a documented, compliant consent program.

§05  How it ties to the rest of the stack

A door that reacts to what the cameras see.

Access control is most useful when it is not an island. The same identity layer that opens a door can drive a reaction from the analytics layer: an after-hours badge read that does not match a scheduled shift, a credential used at two sites within an hour, a door held open past its window. Wired into the video management system, an access event and a camera event become one record instead of two systems nobody reconciles.

This is the identity-and-access lane of the broader intelligence layer. Where the question is who, biometric and mobile credentials answer it at the door. Where the question is whether a face should be matched against a watchlist at all, that is facial recognition, a different posture with its own state-by-state legal test. We scope both, and tell you when the answer is to scope down.

Questions buyers ask us

FAQ

Why default to mobile credentials instead of biometric?
Mobile credentials give you a revocable, person-controlled credential with none of the consent overhead biometric carries. The credential lives on the phone, reads over Bluetooth or NFC, and is revoked the instant HR offboards the person. Biometric raises assurance because the credential cannot be shared, but it brings a written-consent program, a retention schedule, and BIPA-class exposure. We default to mobile or badge and route biometric only to high-stakes interior doors where the assurance is worth the program.
Is biometric access control legal in my state?
It depends on the state. Illinois BIPA, Texas CUBI, and Washington's biometric privacy law require written informed consent, a published retention schedule, and a deletion process before you collect a fingerprint, palm, or face template. BIPA includes a private right of action with statutory damages of $1,000 to $5,000 per scan. We default to badge or mobile unless the customer has a documented, compliant consent program, then route biometric to specific high-stakes interior doors only. Confirm the specifics with counsel; this is a buyer's starting point, not legal advice.
What does an employee opt-in for a biometric reader require?
A compliant program needs written informed consent signed before enrollment, a published retention schedule, a documented deletion process for when an employee leaves, and a data-handling policy. The consent has to specify what is collected, why, how long it is kept, and who it can be disclosed to. Keep signed consent on file per employee and audit it annually. Tec-Tel points at the gaps and recommends counsel; we do not write the policy.
Can one credential cover every site?
Yes, on a cloud-native platform. Brivo, Avigilon Alta, and Kisi were built for multi-site from day one, so one operator console covers every door across every site with role-based admin per site. A single mobile credential or badge identity carries across the portfolio. On-prem systems like Genetec Synergis and HID Mercury federate multi-site through a central server, which fits when bandwidth is constrained or on-site data is a compliance requirement.
Does access control connect to our HR system?
Yes, and it should. Brivo, Avigilon Alta, Kisi, Genetec Synergis, and HID Origo all integrate with Okta, Azure Active Directory, Google Workspace, and Workday for SCIM provisioning. A new hire gets the right doors automatically; termination revokes access in seconds. Without HR integration, credential management becomes a part-time facilities job and offboarding becomes a security gap.
How is this different from the access control product page?
The product page is the infrastructure detail: every credential type, every platform, the cloud-versus-on-prem trade-off, and per-door cost. This page is the solution posture: the outcome of identity at the door and the decision of which credential belongs where. Most buyers read both. Start here for the why, go to the product page for the full vendor and credential breakdown.
Can a door react to a camera event?
Yes, when access control and the video management system are integrated. An analytics event, a person crossing a line after hours, a vehicle in a restricted lane, can trigger a door reaction, and an access event becomes a record alongside the camera that caught it. Wiring the two together turns separate systems into one auditable picture. We scope it during design.

Book a walkthrough

Want the credential mix scoped to your doors?

The free consultation walks your existing credentialing, the HR integration or lack of it, which doors warrant biometric, and where state law decides the answer. We default to mobile and tell you when biometric isn't worth the program.

  • Tell us how many sites you run and what's already in place. We'll show you what a build or upgrade looks like.
  • Straight answers from the team that does the work. We're platform-agnostic, so you get the system that fits your sites, not one brand's catalog.

Since 2010 · 1,000+ deployments nationwide · ISN-accredited

See it on your cameras 855-577-0400

Or send the details

How can we help?

What you're looking for, plus any details. We review it and follow up, usually the same day.

Related from Tec-Tel

Hub

AI & analytics hub

Every detection, footage-search, and identity capability in one place.

Read on Product

Access control

The full credential and platform breakdown: Brivo, Avigilon Alta, Genetec, HID, Kisi.

Read on Solution

Facial recognition & ID

When the question is whether to match a face at all, and where that is legal.

Read on Solution

Visitor & contractor management

Temporary credentials, fixed windows, and a full audit trail for non-employees.

Read on Reference

Compliance quick reference

BIPA, CUBI, HIPAA, NDAA, and PCI mapped to access decisions.

Read on