navan-security-basics

Featured

Secure Navan API credentials with OAuth 2.0 best practices, SSO/SAML, and SCIM provisioning. Use when hardening a Navan integration, rotating credentials, or configuring identity provider SSO. Trigger with "navan security", "navan sso", "navan credentials", "navan scim".

AI & Automation 2,266 stars 315 forks Updated today MIT

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Navan Security Basics ## Overview Navan holds SOC 1 Type II, SOC 2 Type II, ISO 27001, PCI DSS Level 1, GDPR, CSA, and VSA certifications. Infrastructure runs on AWS with TLS encryption in transit and AES encryption at rest via KMS. Annual penetration testing and OWASP compliance are standard. This skill covers the developer's responsibility: securing OAuth 2.0 credentials, configuring SSO through supported identity providers, setting up SCIM for automated user provisioning, and establishing rotation schedules. ## Prerequisites - Navan admin account with API credential management permissions - Access to Admin > Travel admin > Settings > Integrations for OAuth app creation - Identity provider admin access (Okta, Azure AD, or Google Workspace) for SSO/SCIM setup - Node.js 18+ or Python 3.8+ for credential management scripts ## Instructions ### Step 1: Secure OAuth 2.0 Credential Storage ```bash # Create .env file — NEVER commit this cat > .env << 'EOF' NAVAN_CLIENT_ID=your-client-id NAVAN_CLIENT_SECRET=your-client-secret NAVAN_TOKEN_URL=https://api.navan.com/ta-auth/oauth/token EOF # Ensure .env is gitignored echo '.env' >> .gitignore echo '.env.*' >> .gitignore ``` ```typescript // Load credentials from environment only — never hardcode import { config } from 'dotenv'; config(); async function getAccessToken(): Promise<string> { const { NAVAN_CLIENT_ID, NAVAN_CLIENT_SECRET, NAVAN_TOKEN_URL } = process.env; if (!NAVAN_CLIENT_ID || !NAVAN_CLIENT_SECRET) { throw...

Details

Author
jeremylongshore
Repository
jeremylongshore/claude-code-plugins-plus-skills
Created
7 months ago
Last Updated
today
Language
Python
License
MIT

Integrates with

Anthropic · AI Azure · Cloud OAuth · Auth

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

navan-install-auth

Set up OAuth 2.0 authentication for the Navan REST API. Use when configuring a new Navan integration or rotating API credentials. Trigger with "install navan", "setup navan auth", "navan credentials", "navan oauth".

2,266 Updated today
jeremylongshore
AI & Automation Featured

navan-prod-checklist

Use when validating production readiness for a Navan API integration — credential rotation, alerting, rate limits, SSO, SCIM, and compliance audit trails. Trigger with "navan prod checklist" or "navan production readiness".

2,266 Updated today
jeremylongshore
AI & Automation Featured

navan-reference-architecture

Use when designing a production Navan API integration architecture — API gateway, token management, data sync pipelines, ERP connectors, and monitoring stack. Trigger with "navan reference architecture" or "navan integration architecture".

2,266 Updated today
jeremylongshore
AI & Automation Featured

navan-ci-integration

Use when setting up CI/CD pipelines that validate Navan API integrations, run booking data health checks, or generate automated compliance reports. Trigger with "navan ci integration" or "navan pipeline" or "navan github actions".

2,266 Updated today
jeremylongshore
AI & Automation Featured

navan-deploy-integration

Use when deploying Navan integrations with ERP systems (NetSuite, Sage Intacct, Xero), HRIS platforms (Workday, BambooHR), or identity providers (Okta, Azure AD). Trigger with "navan deploy integration" or "navan erp setup" or "navan sso deployment".

2,266 Updated today
jeremylongshore