How much does commercial access control cost per door?

It depends on the deployment model and the door hardware. Cloud-native systems like Brivo or Avigilon Alta carry a lower hardware cost plus a recurring per-door subscription. On-prem panels like Genetec Synergis or HID Mercury cost more upfront and carry an annual maintenance contract instead. Per-door cost includes the reader, the controller share, the strike or maglock, the cabling, the labor, and year-one software. The free consultation prices your doors before the proposal.

Is biometric access control legal?

It depends on the state. Illinois BIPA, Texas CUBI, and Washington's biometric privacy law require written informed consent, a published retention schedule, and a deletion process before you collect a biometric template. Class-action exposure on BIPA non-compliance is real and expensive. We default to badge or mobile credential unless the customer has a documented BIPA-compliant consent program, then route biometric to high-stakes interior doors only.

Does access control integrate with HR and identity systems?

Yes, that is table stakes for any modern platform. Brivo, Avigilon Alta, Kisi, Genetec Synergis, and HID Origo all integrate with Okta, Azure Active Directory, Google Workspace, and Workday for SCIM provisioning. A new hire gets the right doors automatically. Termination revokes access in seconds. Without HR integration, badge management becomes a part-time job for facilities staff, and offboarding is a security risk.

Can one system manage multiple sites?

Yes. Cloud-native platforms (Brivo, Avigilon Alta, Kisi) were built for multi-site from day one. One operator console covers every door across every site, with role-based admin per site. On-prem systems (Genetec Synergis, HID Mercury) federate through a central server. Multi-site is the use case that makes cloud worth the subscription cost. Tec-Tel is trusted by multi-site operators including Bridgestone, ORBIS Corporation, TreeHouse Foods, and Menasha Packaging.

What about offline doors when the network drops?

Modern access control does not fail open or fail shut on a network drop. Door controllers cache the last 5,000 to 50,000 credentials locally and keep granting access against the cached list while the network recovers. Events queue and sync when the link returns. The exception is wireless locks at remote sites with no controller, which fall back to a local schedule. We confirm offline behavior site by site so it is not a surprise during an outage.

Can I replace one vendor without replacing every door?

Sometimes. Wiegand and OSDP-compatible readers can be swapped one at a time. Door controllers from HID Mercury are compatible with multiple management platforms including Genetec, LenelS2, and Software House. Cloud-only platforms like Brivo, Avigilon Alta, and Kisi tie the reader, the controller, and the cloud together, so swapping vendors usually means swapping every door. We design for portability when it is a stated priority.

How long does it take to deploy access control across a site?

It depends on door count, deployment model, and how many doors already have power and network. Cloud-native installs (Brivo, Avigilon Alta, Kisi) move faster than on-prem panel installs (HID Mercury, Genetec Synergis), which add panel staging, certification, and HR system integration. The longest line item is almost always running cable to door positions with no network drop. The free consultation scopes the timeline against your doors.

What about visitor management and contractor access?

Most modern platforms include visitor management as a module. The visitor pre-registers, gets a temporary mobile credential or QR code, and the door grants access for a fixed window only. Genetec Synergis and Brivo also tie visitor records to the access log for an audit trail. For contractors, we recommend mobile credentials with hour-by-hour scheduling rather than a permanent badge.

How much does commercial access control cost per door?

It depends on the deployment model and the door hardware. Cloud-native systems like Brivo or Avigilon Alta carry a lower hardware cost plus a recurring per-door subscription. On-prem panels like Genetec Synergis or HID Mercury cost more upfront and carry an annual maintenance contract instead. Per-door cost includes the reader, the controller share, the strike or maglock, the cabling, the labor, and year-one software. The free consultation prices your doors before the proposal.

Is biometric access control legal?

It depends on the state. Illinois BIPA, Texas CUBI, and Washington's biometric privacy law require written informed consent, a published retention schedule, and a deletion process before you collect a biometric template. Class-action exposure on BIPA non-compliance is real and expensive. We default to badge or mobile credential unless the customer has a documented BIPA-compliant consent program, then route biometric to high-stakes interior doors only.

Does access control integrate with HR and identity systems?

Yes, that is table stakes for any modern platform. Brivo, Avigilon Alta, Kisi, Genetec Synergis, and HID Origo all integrate with Okta, Azure Active Directory, Google Workspace, and Workday for SCIM provisioning. A new hire gets the right doors automatically. Termination revokes access in seconds. Without HR integration, badge management becomes a part-time job for facilities staff, and offboarding is a security risk.

Can one system manage multiple sites?

Yes. Cloud-native platforms (Brivo, Avigilon Alta, Kisi) were built for multi-site from day one. One operator console covers every door across every site, with role-based admin per site. On-prem systems (Genetec Synergis, HID Mercury) federate through a central server. Multi-site is the use case that makes cloud worth the subscription cost. Tec-Tel is trusted by multi-site operators including Bridgestone, ORBIS Corporation, TreeHouse Foods, and Menasha Packaging.

What about offline doors when the network drops?

Modern access control does not fail open or fail shut on a network drop. Door controllers cache the last 5,000 to 50,000 credentials locally and keep granting access against the cached list while the network recovers. Events queue and sync when the link returns. The exception is wireless locks at remote sites with no controller, which fall back to a local schedule. We confirm offline behavior site by site so it is not a surprise during an outage.

Can I replace one vendor without replacing every door?

Sometimes. Wiegand and OSDP-compatible readers can be swapped one at a time. Door controllers from HID Mercury are compatible with multiple management platforms including Genetec, LenelS2, and Software House. Cloud-only platforms like Brivo, Avigilon Alta, and Kisi tie the reader, the controller, and the cloud together, so swapping vendors usually means swapping every door. We design for portability when it is a stated priority.

How long does it take to deploy access control across a site?

It depends on door count, deployment model, and how many doors already have power and network. Cloud-native installs (Brivo, Avigilon Alta, Kisi) move faster than on-prem panel installs (HID Mercury, Genetec Synergis), which add panel staging, certification, and HR system integration. The longest line item is almost always running cable to door positions with no network drop. The free consultation scopes the timeline against your doors.

What about visitor management and contractor access?

Most modern platforms include visitor management as a module. The visitor pre-registers, gets a temporary mobile credential or QR code, and the door grants access for a fixed window only. Genetec Synergis and Brivo also tie visitor records to the access log for an audit trail. For contractors, we recommend mobile credentials with hour-by-hour scheduling rather than a permanent badge.

Product · Access control and credentialing

The right people through the right doors, across every site.

Badge, mobile, PIN, and biometric on the doors that need it. Multi-site, HR-integrated, and BIPA-aware from day one.

Talk to our team

or reach us directly

Call us855-577-0400

NDAA-compliant
Platform-agnostic
1,000+ deployments over 15 years

Commercial access control replaces metal keys with electronic credentials. Door controllers, readers, and a management console decide who unlocks which door, and when. Badge, mobile credential, PIN, and biometric are the four credential types. Tec-Tel installs Brivo, Avigilon Alta (formerly Openpath), Genetec Synergis, HID Mercury, and Kisi. Cloud, on-prem, or hybrid. Mobile-first or badge-first. BIPA-aware on biometric. Free consultation.

§01 What a Tec-Tel access control install covers

Every layer of the door, not just the reader.

Access control is not a reader bolted to a wall. It is the credential policy, the hardware, the HR integration, the multi-site console, and the runbook that keeps offboarding from becoming a security gap.

→

Credential selection by policy Badge, mobile, PIN, and biometric matched to the door and the compliance posture. Most multi-site customers run two or three types in parallel. We pick by policy, not vendor preference.

→

Door hardware and controllers Reader, controller share, strike or maglock, cabling, and labor. Cloud-native or on-prem panel-based, depending on bandwidth, compliance, and controller features.

→

HR and identity integration SCIM 2.0 or REST integration with Okta, Azure Active Directory, Google Workspace, and Workday. New hires provisioned automatically. Termination revokes access in seconds.

→

Multi-site management console One operator console, every site, every door. Role-based admin per region. Cloud platforms built for it from day one. On-prem federated through a central server.

→

Visitor and contractor access Temporary mobile credentials or QR codes, fixed time windows, and a full audit trail tied to the access log. Contractor access scoped to hour-by-hour scheduling.

→

Compliance documentation BIPA-aware on biometric. NDAA-compliant vendor matrix. Audit logs tamper-evident and exportable for SOC 2 and HIPAA reviews.

→

Service-level agreement Critical service response same day. Non-critical next business day. Tec-Tel-managed install and service teams, one company to call.

§02 Credential types

Four credential types, each for a different situation.

Most multi-site customers run two or three credential types in parallel: a badge for the main perimeter, a mobile credential for executives and contractors, and PIN or biometric on specific interior doors.

Badge (proximity or smart card) is the default for offices, manufacturing, and healthcare. Card sits in the wallet, employee taps the reader, door unlocks. HID iCLASS and HID Signo dominate the high-security side. 125 kHz prox is still common but cloned easily, so we upgrade legacy sites to 13.56 MHz smart cards by default.

Mobile credential puts the badge on the phone. Bluetooth or NFC reads the credential without the employee tapping anything. Avigilon Alta, Brivo, Kisi, and HID Origo all support mobile-first deployments. Lower replacement cost when an employee leaves, with no plastic to recover.

PIN code is a numeric keypad on the reader. Used as a second factor on top of a badge or mobile credential, or as the only credential on lower-stakes interior doors. Easy to share, easy to forget, so it is rarely the only credential at the perimeter.

Biometric (fingerprint, palm, face) captures a template and matches against an enrolled database. Used for high-stakes interior doors: data centers, pharmaceutical clean rooms, cash rooms, gun safes. Illinois BIPA, Texas CUBI, and Washington biometric privacy law require written informed consent and a published retention schedule before enrollment. We default to badge or mobile unless biometric is specifically scoped.

§03 Platforms we install

Cloud-native for fast rollouts. On-prem when compliance demands it.

Cloud-native for fast multi-site rollouts. On-prem when bandwidth, compliance, or specific controller features demand it. Hybrid is increasingly the default. Vendor capability and NDAA Section 889 status come from each vendor's own compliance statement.

Brivo is cloud-native, multi-site by default, mobile credential supported, open API for HR and identity integration. Headquartered in the United States (Bethesda, MD). NDAA Section 889 self-certified.

Avigilon Alta (formerly Openpath) is cloud-native, mobile credential supported, open API. Headquartered in the United States (Culver City, CA). NDAA Section 889 self-certified.

Kisi is cloud-native, mobile credential supported, open API. Headquartered in the United States (New York, NY). NDAA Section 889 self-certified.

Genetec Synergis is cloud-native plus on-prem option, mobile credential supported, open API. Headquartered in Canada (Montreal). NDAA Section 889 self-certified.

HID Global is cloud-native plus on-prem option, mobile credential supported, open API. Headquartered in the United States (Austin, TX). NDAA Section 889 self-certified.

→ Cloud-native platforms (Brivo, Avigilon Alta, Kisi) were built for multi-site from day one. One operator console covers every door across every site.
→ On-prem systems (Genetec Synergis, HID Mercury) federate multi-site through a central server. Better fit when bandwidth is constrained or when CMMC/HIPAA controls require on-site data.
→ Wiegand and OSDP-compatible readers can be swapped one at a time on open platforms. Cloud-only platforms typically require replacing every door when switching vendors.

§04 HR and identity integration

Onboarding and offboarding run automatically.

Modern access control is not a standalone database of badge numbers. It is wired into the identity ecosystem so onboarding, role changes, and termination flow automatically. The platforms we install integrate with Okta, Azure Active Directory, Google Workspace, and Workday over SCIM 2.0 or REST.

A new hire is created in Workday or Okta, then auto-provisioned in the access platform with the right group memberships. Group memberships map to door schedules. The badge or mobile credential issues automatically. On termination day, the same identity event revokes all door access in seconds.

Without that integration, badge administration becomes a part-time job for facilities, and offboarding turns into a security risk every time someone forgets to file the paperwork. We scope HR integration as a default line item on every multi-site proposal.

§05 BIPA and biometric implications

Biometric compliance is a legal question before a technology one.

Illinois BIPA, Texas CUBI, and Washington's biometric privacy law each require written informed consent before you collect a fingerprint, palm scan, or face template. BIPA includes a private right of action and statutory damages of $1,000 per negligent violation and $5,000 per intentional violation per scan. Class-action exposure is real.

Compliance steps before any biometric reader goes in: written informed consent signed by every employee who will use the reader, a published retention schedule, a deletion process when an employee leaves, and a documented data-handling policy. Tec-Tel does not write the policy. We point at the gaps and recommend counsel.

The default Tec-Tel recommendation: badge or mobile credential at the perimeter, biometric only on high-stakes interior doors with a documented consent program. The full breakdown is on the compliance quick reference.

§06 Cost bands

Realistic cost ranges by door type and deployment model.

Per-door installed cost is driven by the deployment model and the door hardware, not a flat per-unit price. The all-in number covers the reader, controller share, strike or maglock, cabling, labor, and year-one software. Cloud subscriptions are a separate recurring line. The drivers below shape where a door lands.

→ Cloud-native doors carry a lower hardware cost plus a recurring per-door subscription.
→ On-prem panel-based doors (HID Mercury, Genetec Synergis) cost more upfront and carry an annual maintenance contract instead of a subscription.
→ Biometric readers (palm or face) add cost per door over a base reader, plus the compliance program biometric requires.
→ The longest cost line on most jobs is running cable to door positions that have no network drop.
→ Multi-site rollouts add HR integration and a central or cloud console on top of the per-door cost.
→ Per-vertical, per-site-size benchmarks are on the install cost benchmarks reference.

Questions buyers ask us

FAQ

How much does commercial access control cost per door?: It depends on the deployment model and the door hardware. Cloud-native systems like Brivo or Avigilon Alta carry a lower hardware cost plus a recurring per-door subscription. On-prem panels like Genetec Synergis or HID Mercury cost more upfront and carry an annual maintenance contract instead. Per-door cost includes the reader, the controller share, the strike or maglock, the cabling, the labor, and year-one software. The free consultation prices your doors before the proposal.
Is biometric access control legal?: It depends on the state. Illinois BIPA, Texas CUBI, and Washington's biometric privacy law require written informed consent, a published retention schedule, and a deletion process before you collect a biometric template. Class-action exposure on BIPA non-compliance is real and expensive. We default to badge or mobile credential unless the customer has a documented BIPA-compliant consent program, then route biometric to high-stakes interior doors only.
Does access control integrate with HR and identity systems?: Yes, that is table stakes for any modern platform. Brivo, Avigilon Alta, Kisi, Genetec Synergis, and HID Origo all integrate with Okta, Azure Active Directory, Google Workspace, and Workday for SCIM provisioning. A new hire gets the right doors automatically. Termination revokes access in seconds. Without HR integration, badge management becomes a part-time job for facilities staff, and offboarding is a security risk.
Can one system manage multiple sites?: Yes. Cloud-native platforms (Brivo, Avigilon Alta, Kisi) were built for multi-site from day one. One operator console covers every door across every site, with role-based admin per site. On-prem systems (Genetec Synergis, HID Mercury) federate through a central server. Multi-site is the use case that makes cloud worth the subscription cost. Tec-Tel is trusted by multi-site operators including Bridgestone, ORBIS Corporation, TreeHouse Foods, and Menasha Packaging.
What about offline doors when the network drops?: Modern access control does not fail open or fail shut on a network drop. Door controllers cache the last 5,000 to 50,000 credentials locally and keep granting access against the cached list while the network recovers. Events queue and sync when the link returns. The exception is wireless locks at remote sites with no controller, which fall back to a local schedule. We confirm offline behavior site by site so it is not a surprise during an outage.
Can I replace one vendor without replacing every door?: Sometimes. Wiegand and OSDP-compatible readers can be swapped one at a time. Door controllers from HID Mercury are compatible with multiple management platforms including Genetec, LenelS2, and Software House. Cloud-only platforms like Brivo, Avigilon Alta, and Kisi tie the reader, the controller, and the cloud together, so swapping vendors usually means swapping every door. We design for portability when it is a stated priority.
How long does it take to deploy access control across a site?: It depends on door count, deployment model, and how many doors already have power and network. Cloud-native installs (Brivo, Avigilon Alta, Kisi) move faster than on-prem panel installs (HID Mercury, Genetec Synergis), which add panel staging, certification, and HR system integration. The longest line item is almost always running cable to door positions with no network drop. The free consultation scopes the timeline against your doors.
What about visitor management and contractor access?: Most modern platforms include visitor management as a module. The visitor pre-registers, gets a temporary mobile credential or QR code, and the door grants access for a fixed window only. Genetec Synergis and Brivo also tie visitor records to the access log for an audit trail. For contractors, we recommend mobile credentials with hour-by-hour scheduling rather than a permanent badge.

See it live

Get a clear read on your access control.

The free consultation covers your existing credentialing, the HR integration (or lack of it), where biometric is and is not legal, and where the multi-site picture has gaps.

Tell us how many sites you run and what's already in place. We'll show you what a build or upgrade looks like.
Straight answers from the team that does the work. We're platform-agnostic, so you get the system that fits your sites, not one brand's catalog.

Since 2010 · 1,000+ deployments nationwide · ISN-accredited

Book a demo 855-577-0400

Or send the details

How can we help?

What you're looking for, plus any details. We review it and follow up, usually the same day.

Related from Tec-Tel

Product