navan-deploy-integration
Use when deploying Navan integrations with ERP systems (NetSuite, Sage Intacct, Xero), HRIS platforms (Workday, BambooHR), or identity providers (Okta, Azure AD). Trigger with "navan deploy integration" or "navan erp setup" or "navan sso deployment".
Best use case
navan-deploy-integration is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Use when deploying Navan integrations with ERP systems (NetSuite, Sage Intacct, Xero), HRIS platforms (Workday, BambooHR), or identity providers (Okta, Azure AD). Trigger with "navan deploy integration" or "navan erp setup" or "navan sso deployment".
Teams using navan-deploy-integration should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/navan-deploy-integration/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How navan-deploy-integration Compares
| Feature / Agent | navan-deploy-integration | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Use when deploying Navan integrations with ERP systems (NetSuite, Sage Intacct, Xero), HRIS platforms (Workday, BambooHR), or identity providers (Okta, Azure AD). Trigger with "navan deploy integration" or "navan erp setup" or "navan sso deployment".
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
ChatGPT vs Claude for Agent Skills
Compare ChatGPT and Claude for AI agent skills across coding, writing, research, and reusable workflow execution.
SKILL.md Source
# Navan Deploy Integration
## Overview
Navan connects to enterprise systems through multiple integration methods: direct REST API with OAuth 2.0, SCIM for user provisioning, SFTP for batch file exchange, SAML/OIDC for SSO, and webhooks for real-time events. There is no SDK — all integrations use Navan's REST endpoints or admin console configuration. This skill provides deployment checklists for the three most common integration categories: ERP expense sync, HRIS user provisioning, and identity provider SSO.
## Prerequisites
- **Navan Admin** account with integration management permissions
- **OAuth 2.0 credentials** — `client_id` and `client_secret` from Admin > API Settings
- **Target system admin access** — NetSuite/Sage Intacct/Xero admin, Workday/BambooHR admin, or Okta/Azure AD admin
- API base URL: `https://api.navan.com/v1`
## Instructions
### Category A — ERP Expense Sync (NetSuite, Sage Intacct, Xero, QuickBooks)
**Deployment Checklist:**
1. **Create OAuth credentials** in Navan Admin > API Settings
2. **Configure GL code mappings** — Map Navan expense categories to your chart of accounts
3. **Set cost center mappings** — Align Navan departments with ERP cost centers
4. **Enable expense export** via REST API:
```bash
# Fetch approved expenses ready for ERP sync
curl -s -X GET "https://api.navan.com/v1/expenses?status=approved&limit=50" \
-H "Authorization: Bearer ${ACCESS_TOKEN}" \
-H "Content-Type: application/json"
# Response includes fields for ERP mapping:
# {
# "uuid": "exp_abc123",
# "amount": 245.50,
# "currency": "USD",
# "category": "meals_entertainment",
# "cost_center": "engineering",
# "gl_code": "6200",
# "receipt_url": "https://api.navan.com/v1/receipts/exp_abc123",
# "approved_at": "2026-03-20T14:30:00Z"
# }
```
5. **Set up sync schedule** — Navan supports daily or real-time export via webhooks
6. **Validate with test expenses** — Submit 3-5 test expenses through the full approval flow
7. **Enable in production** — Switch from sandbox to production OAuth credentials
### Category B — HRIS User Provisioning (Workday, BambooHR, ADP)
**SCIM Provisioning Setup:**
1. **Enable SCIM** in Navan Admin > Integrations > User Provisioning
2. **Configure SCIM endpoint** in your HRIS:
- SCIM Base URL: `https://api.navan.com/scim/v2`
- Authentication: OAuth 2.0 Bearer Token
3. **Map user attributes:**
| HRIS Field | Navan SCIM Attribute | Required |
|------------|---------------------|----------|
| Email | `userName` | Yes |
| First Name | `name.givenName` | Yes |
| Last Name | `name.familyName` | Yes |
| Department | `urn:navan:department` | Recommended |
| Manager | `urn:navan:manager_email` | Recommended |
| Cost Center | `urn:navan:cost_center` | Optional |
4. **Test provisioning** — Create a test user in HRIS and verify they appear in Navan within 15 minutes
5. **Test deprovisioning** — Deactivate the test user and confirm Navan access is revoked
6. **Verify via API:**
```bash
# Check provisioned users
curl -s "https://api.navan.com/v1/users?provisioning_source=scim&limit=10" \
-H "Authorization: Bearer ${ACCESS_TOKEN}" | jq '.[] | {email, status, provisioned_at}'
```
### Category C — SSO Deployment (Okta, Azure AD)
**SAML Configuration:**
1. **Create SAML application** in your IdP (Okta or Azure AD)
2. **Configure Navan SAML settings** in Admin > Security > SSO:
- Entity ID: `https://app.navan.com/saml/metadata`
- ACS URL: `https://app.navan.com/saml/acs`
- Name ID Format: `emailAddress`
3. **Map SAML attributes:**
```
email → user.email (Required)
firstName → user.firstName (Required)
lastName → user.lastName (Required)
department → user.department (Optional — enables policy routing)
```
4. **Upload IdP metadata XML** to Navan Admin console
5. **Enable JIT provisioning** (optional) — Auto-create Navan accounts on first SSO login
6. **Test with a pilot group** — Assign 5-10 users before org-wide rollout
7. **Enforce SSO** — After pilot validation, enable "SSO Required" to disable password login
## Output
Each integration deployment produces:
- **Connection validation** confirming data flows between systems
- **Field mapping documentation** for ongoing maintenance
- **Test results** from pilot user group
- **Rollback instructions** if issues arise post-deployment
## Error Handling
| HTTP Code | Meaning | Resolution |
|-----------|---------|------------|
| `400` | Invalid field mapping or malformed request | Review GL code / attribute mappings |
| `401` | OAuth token expired or invalid | Rotate credentials in Navan Admin |
| `403` | Integration not enabled for your plan | Verify Navan plan includes this integration (Enterprise required for some) |
| `409` | Duplicate user in SCIM provisioning | Check for existing user with same email |
| `422` | Validation error on expense export | Verify required fields (amount, currency, category) are present |
| `429` | Rate limited | Reduce sync frequency or implement exponential backoff |
## Examples
**Automated daily expense export to NetSuite:**
```bash
#!/usr/bin/env bash
# scripts/navan-netsuite-sync.sh
set -euo pipefail
# Authenticate
TOKEN=$(curl -sf -X POST https://api.navan.com/ta-auth/oauth/token \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials&client_id=${NAVAN_CLIENT_ID}&client_secret=${NAVAN_CLIENT_SECRET}" \
| jq -r '.access_token')
# Fetch yesterday's approved expenses
YESTERDAY=$(date -d "yesterday" +%Y-%m-%d)
curl -s "https://api.navan.com/v1/expenses?status=approved&approved_after=${YESTERDAY}T00:00:00Z" \
-H "Authorization: Bearer $TOKEN" \
-o /tmp/navan-expenses.json
EXPENSE_COUNT=$(jq length /tmp/navan-expenses.json)
echo "Exporting $EXPENSE_COUNT expenses to NetSuite"
```
## Resources
- [Navan Help Center](https://app.navan.com/app/helpcenter) — Integration setup guides
- [Navan Integrations Directory](https://navan.com/integrations) — Full list of supported connectors
- [SCIM Protocol Spec (RFC 7644)](https://datatracker.ietf.org/doc/html/rfc7644) — SCIM provisioning standard
- [Navan Pricing](https://navan.com/pricing) — Plan comparison for integration availability
## Next Steps
- Add `navan-observability` to monitor integration health post-deployment
- Add `navan-webhooks-events` for real-time event-driven sync instead of polling
- See `navan-security-basics` for credential rotation and access controlRelated Skills
running-integration-tests
Execute integration tests validating component interactions and system integration. Use when performing specialized testing. Trigger with phrases like "run integration tests", "test integration", or "validate component interactions".
research-to-deploy
Researches infrastructure best practices and generates deployment-ready configurations, Terraform modules, Dockerfiles, and CI/CD pipelines. Use when the user needs to deploy services, set up infrastructure, or create cloud configurations based on current best practices. Trigger with phrases like "research and deploy", "set up Cloud Run", "create Terraform for", "deploy this to AWS", or "generate infrastructure configs".
workhuman-deploy-integration
Workhuman deploy integration for employee recognition and rewards API. Use when integrating Workhuman Social Recognition, or building recognition workflows with HRIS systems. Trigger: "workhuman deploy integration".
workhuman-ci-integration
Workhuman ci integration for employee recognition and rewards API. Use when integrating Workhuman Social Recognition, or building recognition workflows with HRIS systems. Trigger: "workhuman ci integration".
wispr-deploy-integration
Wispr Flow deploy integration for voice-to-text API integration. Use when integrating Wispr Flow dictation, WebSocket streaming, or building voice-powered applications. Trigger: "wispr deploy integration".
wispr-ci-integration
Wispr Flow ci integration for voice-to-text API integration. Use when integrating Wispr Flow dictation, WebSocket streaming, or building voice-powered applications. Trigger: "wispr ci integration".
windsurf-ci-integration
Integrate Windsurf Cascade workflows into CI/CD pipelines and team automation. Use when automating Cascade tasks in GitHub Actions, enforcing AI code quality gates, or setting up Windsurf config validation in CI. Trigger with phrases like "windsurf CI", "windsurf GitHub Actions", "windsurf automation", "cascade CI", "windsurf pipeline".
webflow-deploy-integration
Deploy Webflow-powered applications to Vercel, Fly.io, and Google Cloud Run with proper secrets management and Webflow-specific health checks. Trigger with phrases like "deploy webflow", "webflow Vercel", "webflow production deploy", "webflow Cloud Run", "webflow Fly.io".
webflow-ci-integration
Configure Webflow CI/CD with GitHub Actions — automated CMS validation, integration tests with test tokens, and publish-on-merge workflows. Use when setting up automated testing or CI pipelines for Webflow integrations. Trigger with phrases like "webflow CI", "webflow GitHub Actions", "webflow automated tests", "CI webflow", "webflow pipeline".
vercel-deploy-preview
Create and manage Vercel preview deployments for branches and pull requests. Use when deploying a preview for a pull request, testing changes before production, or sharing preview URLs with stakeholders. Trigger with phrases like "vercel deploy preview", "vercel preview URL", "create preview deployment", "vercel PR preview".
vercel-deploy-integration
Deploy and manage Vercel production deployments with promotion, rollback, and multi-region strategies. Use when deploying to production, configuring deployment regions, or setting up blue-green deployment patterns on Vercel. Trigger with phrases like "deploy vercel", "vercel production deploy", "vercel promote", "vercel rollback", "vercel regions".
veeva-deploy-integration
Veeva Vault deploy integration for REST API and clinical operations. Use when working with Veeva Vault document management and CRM. Trigger: "veeva deploy integration".