For Navo to work properly, it needs access to your Azure Tenancy. Below you'll find a breakdown of the permissions we request, and what we use them for:


  • Read items in all site collections

    • Lets Navo access basic information about your SharePoint tenancy, like the URL and location of your app catalog.
  • Sign in and read user profile

    • This permission lets us know basic info about the signed in user, such as their email, name, and group memberships. We use this for security trimming Navo.
  • Read directory data

    • By granting us  access to your organization's directory data, we can simplify the sign-up and billing process.
  • Have full control of all site collections

    • Lets us add and remove Navo from sites, as well as keep Navo updated. We never access any information stored on your SharePoint sites except for the version of Navo you're running and site titles.