Skip to main content
Navigara connects to the tools your engineering organization already uses. This page lists every supported integration with setup, required permissions, and common troubleshooting.

At a glance

CategoryProviders
GitGitHub, GitLab, Bitbucket, Bitbucket Server, Azure DevOps
Task managementLinear, Jira
AuthenticationGoogle, GitHub, GitLab, Microsoft, email/password
User provisioningSCIM 2.0 — Okta, Microsoft Entra ID
AI / LLMGoogle Vertex AI, AWS Bedrock, Azure AI Foundry
All integrations are configured under Settings → Integrations unless noted otherwise.

Git providers

Navigara analyses commits, pull requests, and repository activity. Read-only access is sufficient for every provider.

GitHub

Cloud (github.com) and GitHub Enterprise Server. Setup
  1. Settings → Integrations → Connect GitHub.
  2. Install the Navigara GitHub App on the target organization.
  3. Select the repositories to analyse (or grant access to all).
Required permissions
  • Repository contents (read)
  • Pull requests (read)
  • Metadata (read)
Troubleshooting
  • Repos not showing up: the GitHub App needs to be installed at the org level, not a personal account. Re-run the install flow and pick the right target.
  • Enterprise Server: set the instance URL when prompted. The App must be installed on the Enterprise instance, not github.com.

GitLab

GitLab.com and self-hosted (CE/EE). Setup
  1. Settings → Integrations → Connect GitLab.
  2. For self-hosted, enter your GitLab instance URL.
  3. Authorize via OAuth, or provide a personal/group access token.
Required permissions / scopes
  • read_api, read_repository, read_user
Troubleshooting
  • 401 on self-hosted: confirm the instance URL has no trailing path and that the token has read_api.
  • Missing projects: the token or OAuth user must be a member of the projects — group-level tokens only see projects within that group.

Bitbucket

Bitbucket Cloud (bitbucket.org). Setup
  1. Settings → Integrations → Connect Bitbucket.
  2. Create a workspace access token or app password in Bitbucket and paste it.
Required permissions / scopes
  • repository:read, pullrequest:read, account:read
Troubleshooting
  • 403 on pull requests: app passwords require the pullrequest scope explicitly — regenerate with that box ticked.

Bitbucket Server (self-hosted)

Bitbucket Data Center / Server. Setup
  1. Settings → Integrations → Connect Bitbucket Server.
  2. Enter the instance URL and an HTTP access token.
Required permissions
  • Project read + Repository read on each project to analyse.
Troubleshooting
  • TLS errors: ensure the instance certificate chain is trusted by the Navigara deployment. For on-prem, mount your CA bundle.

Azure DevOps

Azure DevOps Services (dev.azure.com). Setup
  1. Settings → Integrations → Connect Azure DevOps.
  2. Authorize via Microsoft Entra ID (recommended) or provide a personal access token.
Required permissions / scopes
  • vso.code, vso.code_status, vso.identity, vso.profile
Troubleshooting
  • Entra ID tenant mismatch: the signed-in user must belong to the same tenant as the Azure DevOps organization. Sign in with a directory user, not a personal Microsoft account.

Task management

Task management integrations power Alignment scoring by correlating commits and PRs with tracked work items.

Linear

Setup
  1. Settings → Integrations → Connect Linear.
  2. Authorize the Navigara OAuth application.
  3. Pick the workspace to sync.
Required permissions / scopes
  • read on issues, projects, and teams
Troubleshooting
  • Issues not linking: Alignment relies on issue identifiers (e.g. ENG-123) appearing in commit messages, branch names, or PR titles.

Jira

Jira Cloud and Jira Data Center / Server. Setup
  1. Settings → Integrations → Connect Jira.
  2. Provide your Jira site URL and an API token (Cloud) or personal access token (Data Center).
  3. Select the projects to sync.
Required permissions
  • Browse projects, View issues on each synced project.
Troubleshooting
  • Cloud 401: tokens are created at id.atlassian.com and must be paired with the account email as the username.
  • Data Center 403: the PAT owner needs at least “Browse Projects” permission on every project you intend to sync.

Authentication

How users sign in to Navigara. Multiple methods can be enabled simultaneously; on-prem deployments pick which ones are exposed.

Google

Setup
  1. Create an OAuth 2.0 client in Google Cloud Console.
  2. Add https://<your-navigara-host>/api/auth/callback/google as an authorized redirect URI.
  3. Set GOOGLE_OAUTH_CLIENT_ID and GOOGLE_OAUTH_CLIENT_SECRET.
Required scopes
  • openid, email, profile

GitHub

Setup
  1. Create an OAuth App under GitHub Developer Settings.
  2. Set the callback URL to https://<your-navigara-host>/api/auth/callback/github.
  3. Set GITHUB_OAUTH_CLIENT_ID and GITHUB_OAUTH_CLIENT_SECRET.
Required scopes
  • read:user, user:email

GitLab

Setup
  1. Create an OAuth application in GitLab (User → Preferences → Applications, or group-level).
  2. Set the redirect URI to https://<your-navigara-host>/api/auth/callback/gitlab.
  3. Set GITLAB_OAUTH_CLIENT_ID and GITLAB_OAUTH_CLIENT_SECRET.
Required scopes
  • read_user, openid, email

Microsoft (Entra ID)

Setup
  1. Register an application in Microsoft Entra ID.
  2. Add https://<your-navigara-host>/api/auth/callback/microsoft as a redirect URI.
  3. Set MICROSOFT_OAUTH_CLIENT_ID and MICROSOFT_OAUTH_CLIENT_SECRET.
Required scopes
  • openid, email, profile, User.Read

Email and password

Disabled by default. Set ENABLE_PASSWORD_AUTH=true in the backend environment to expose the email/password form. Intended for local development and isolated on-prem deployments where SSO is not available.

User provisioning (SCIM)

Keep your contributor directory in sync with your identity provider over SCIM 2.0. Your IdP pushes users to Navigara, and role, seniority, and manager metadata flow onto the matching contributors automatically. Navigara implements standard SCIM 2.0; setup steps are provided for Okta and Microsoft Entra ID. See the dedicated SCIM Provisioning page for token setup, IdP configuration, attribute mapping, and troubleshooting.
SCIM enriches contributor profiles — it does not grant sign-in access. Users still authenticate through SSO or an invite.

AI / LLM

Navigara uses LLMs for commit analysis, summaries, and AI-generated code detection. Any of the backends below works; we recommend Anthropic Claude models (Opus / Sonnet / Haiku) for the best analysis quality. Native integration. Runs Gemini models directly and Anthropic Claude models via Vertex AI Model Garden. Configuration 
LLM_PROVIDER=vertexai
LLM_MODEL=claude-sonnet-4-6          # recommended
# or: gemini-2.5-flash for a Google-only stack
GOOGLE_PROJECT=your-gcp-project
GOOGLE_LOCATION=global
Authentication uses Application Default Credentials — the runtime service account needs roles/aiplatform.user. Claude on Vertex: Anthropic models are only available in specific regions (e.g. us-east5). Navigara handles region routing automatically when a claude-* model is selected.

AWS Bedrock

Connect via Bedrock’s OpenAI-compatible endpoint. Anthropic Claude models are available through Bedrock and are the recommended choice. Configuration 
LLM_PROVIDER=openai
LLM_MODEL=anthropic.claude-sonnet-4-6-v1:0
LLM_API_KEY=<bedrock-api-key>
LLM_API_URL=https://bedrock-runtime.<region>.amazonaws.com/openai/v1
The IAM principal backing the API key needs bedrock:InvokeModel on the target model and must have the model enabled in that region.

Azure AI Foundry

Foundry exposes Claude under the Anthropic Messages API and OpenAI / GPT models under Azure OpenAI. Use the matching provider for each model family. Anthropic Claude on Foundry 
LLM_PROVIDER=anthropic
LLM_MODEL=claude-sonnet-4-6
LLM_API_KEY=<foundry-api-key>
LLM_API_URL=https://<your-resource>.services.ai.azure.com/anthropic
The Anthropic SDK appends /v1/messages to LLM_API_URL — set the URL to the …/anthropic base, not to the full …/anthropic/v1/messages. OpenAI / GPT on Foundry 
LLM_PROVIDER=openai
LLM_MODEL=<your-deployment-name>
LLM_API_KEY=<azure-api-key>
LLM_API_URL=https://<your-resource>.openai.azure.com/openai/responses?api-version=2025-04-01-preview
Navigara detects .openai.azure.com and .cognitiveservices.azure.com URLs and switches to Azure authentication automatically. Create a deployment in Azure AI Foundry and use the deployment name as LLM_MODEL.

Custom API gateways

If your organization fronts LLM providers behind an API management layer (Azure API Management, AWS API Gateway, internal proxies), use LLM_PROVIDER=anthropic for any Anthropic-Messages-API endpoint and LLM_PROVIDER=openai for any OpenAI-compatible endpoint. The model name is opaque — gateways may expose Claude under custom identifiers. 
# Example: Anthropic Messages API behind a custom gateway
LLM_PROVIDER=anthropic
LLM_API_URL=https://api.example.com/foundry/claude-sonnet-4-6
LLM_API_KEY=<gateway-key>
LLM_MODEL=claude-sonnet-4-6
Do not include /v1 in LLM_API_URL — the Anthropic SDK appends /v1/messages itself. A URL ending in /v1 produces /v1/v1/messages and the gateway will return 404.

Troubleshooting

  • 401 / 403: verify the API key, and for Vertex AI confirm the service account has roles/aiplatform.user.
  • 404 on model: the model must be explicitly enabled/deployed in your cloud account (Bedrock model access, Azure deployment, Vertex Model Garden activation).
  • Region errors for Claude on Vertex: Claude models only run in specific Vertex regions. Leave GOOGLE_LOCATION=global and Navigara will route correctly.
  • Slow responses / rate limits: tune MAX_CONCURRENT_TASKS in the backend to stay within your provider’s quota.