Technical Requirements & Integration
Praxis Navigator is a cloud-native SaaS application that integrates with your Microsoft 365 environment. This page covers authentication, user provisioning, API availability, and setup requirements.
Prerequisites
| Requirement | Detail |
|---|---|
| Microsoft 365 | Microsoft 365 Business Basic or higher. Entra ID P1 or P2 is recommended for full access to audit logs, sign-in logs, and identity protection data. Praxis Navigator detects your license level and adjusts data collection accordingly. |
| Microsoft Entra ID | Required. Included with all Microsoft 365 plans. Entra ID P1 or higher unlocks additional security data (sign-in logs, risk detections, conditional access context). |
| Admin consent | A Microsoft 365 Global Administrator or Application Administrator must grant consent for the required Graph API permissions during setup |
| Browser | Latest versions of Chrome, Edge, Firefox, or Safari |
Authentication (SSO)
Praxis Navigator uses Microsoft Entra ID (formerly Azure AD) for authentication. There are no separate Praxis credentials to manage.
If your users can sign into Microsoft 365, they can sign into Praxis Navigator. Single sign-on is built into the architecture — there is no additional SSO configuration, SAML setup, or identity provider integration required.
| Element | Detail |
|---|---|
| SSO provider | Microsoft Entra ID |
| Protocol | OAuth 2.0 / OpenID Connect with PKCE (Proof Key for Code Exchange) |
| MFA | Praxis Navigator inherits your Entra ID MFA policies. If your organization requires MFA for Microsoft 365 sign-in, it applies to Praxis Navigator automatically. |
| Conditional Access | Entra ID Conditional Access policies apply to Praxis Navigator access. The application is registered as an enterprise application in your tenant, so your existing policies are enforced. |
User Provisioning
Access to the Praxis Navigator dashboard is managed through Microsoft Entra ID security groups.
- To grant access: Add a user to the designated Entra ID security group.
- To revoke access: Remove the user from the group.
This gives you the same automated provisioning and deprovisioning capability that SCIM provides, using the identity infrastructure you already manage. There is no separate user directory to synchronize and no additional integration to configure.
| Element | Detail |
|---|---|
| Provisioning method | Entra ID security group membership |
| Deprovisioning | Remove from Entra ID group → access revoked immediately |
| Automation | Compatible with Entra ID dynamic group rules for automatic provisioning based on department, role, or other attributes |
| Separate SCIM endpoint | Not required. User lifecycle is managed entirely within your Entra ID tenant. |
Access Model
Praxis Navigator is designed to be used by a small number of administrators and stakeholders, not the entire employee population.
| Role | Who | What They Can Do |
|---|---|---|
| Dashboard user | CISO, IT Manager, Compliance Officer, Security Analyst | Full access to dashboards, risk indicators, reports, and report scheduling. Access is controlled by Entra ID security group membership. |
| Report administrator | CISO, IT Manager | Create and manage report templates, schedule automated Stakeholder Brief reports, configure report recipients. |
| Stakeholder (via reports) | Board members, leadership, external auditors | Receive Stakeholder Brief reports via email — no portal access needed |
The Stakeholder Brief module allows administrators to schedule automated reports for recipients who do not need (and should not have) direct access to the Praxis Navigator dashboard. This means leadership and board members receive the insights they need without requiring additional user licenses or access management.
API
Praxis Navigator does not currently offer a public API. Data is accessible through the dashboard and automated Stakeholder Brief reports. A public API is on our product roadmap. Contact us if you have a specific integration need.
Integrations
Current
| Integration | Description |
|---|---|
| Microsoft 365 | Core data source. Behavioral metadata accessed via Microsoft Graph API. |
| Microsoft Entra ID | Authentication, user provisioning, and security group management. |
| Microsoft Marketplace | Subscription management, billing, and distribution. |
Future
Additional integrations are on our product roadmap. If you have a specific integration requirement, contact us.
Setup Process
Praxis Navigator is designed to go from signup to first insights in under 15 minutes. No professional services, implementation consultants, or setup meetings required.
- 1
Subscribe
Via Microsoft Azure Marketplace
- 2
Grant consent
A Microsoft 365 administrator grants read-only Graph API permissions to Praxis Navigator through the standard Microsoft consent flow
- 3
Select data residency
Choose your preferred Azure region for data processing and storage
- 4
Initial data pull
Praxis Navigator retrieves available historic data from your Microsoft 365 tenant (typically 90–160 days of history, depending on your license and data type)
- 5
Dashboard ready
Your first behavioral baselines and Employee Pulse report are available within minutes
What happens during consent
When your administrator grants consent, Praxis Navigator is registered as an enterprise application in your Entra ID tenant. The specific Graph API permissions requested are listed on our Data Handling page. These permissions can be reviewed and revoked at any time from your Entra ID admin portal.
Availability & Reliability
Praxis Navigator is currently in public beta
During the beta period, updates and maintenance may occur during business hours. We aim to minimize disruption, but you should expect occasional downtime as we ship improvements. We notify affected customers in advance when possible.
Praxis Navigator analyzes behavioral trends over days, weeks, and months. Brief periods of dashboard unavailability do not affect data collection or analysis — data continues to be collected in the background and is processed when the service resumes.
| Element | Detail |
|---|---|
| Infrastructure | Azure Functions and Azure API Management, both with platform SLAs of 99.95% |
| Health monitoring | Automated health-check polling across all customer deployments. Internal alerting on failures. |
| Data collection | Runs on scheduled timers independently of the dashboard. Pre-computed analytics views are refreshed for 7-day, 30-day, 90-day, and quarterly time periods. |
| Status page | Planned |
Questions
For technical questions or to schedule a technical review call, contact us.