Customer Portal · v1

Your data centre,
in your browser.

Every customer of every Navon site gets a self-service portal: live metrics, ticketing, billing, IPAM, alerts, reports, and the compliance paper trail. Sovereign-hosted on the same hardware as your workloads.

Sign in Get a guided tour
36 Capabilities shipped 6 Categories 99.9% Platform SLA target 2 yr Metric retention KE Sovereign-hosted
01 · Identity & access

Sign-in your customer's IT can defend.

Email + password as the floor, magic link for low-friction self-serve, TOTP MFA for sensitive accounts, RBAC across admin / technical / finance, and SAML when the university IdP is the source of truth.

01Live
Email + password
Bcrypt hashes; account lockout after 5 failed attempts; 15-minute window.
02Live
Magic link sign-in
One-click link delivered via Resend; tokens single-use, 10-minute TTL.
03Live
TOTP authenticator MFA
Per-user enrolment with QR; codes verified against drift window of 30s either side.
04Live
Role-based access control
Three seeded roles per org — admin, technical, finance — gated at route + row level.
05Live
Team invites
7-day signed tokens, last-admin protection, accept-invite flow with email-match.
06In prep
SAML SSO for enterprise
node-saml wired; auto-shows on login when the IdP env vars are set.
02 · Real-time operations

Eyes on the rack, from anywhere.

Live dashboards over the last 24 hours, ticketing for remote hands and cross-connects, scheduled-maintenance announcements that put a banner above every page, and an in-app inbox for alerts that hit during the night.

07Live
Real-time dashboard
Power (kW), inlet temperature, bandwidth — Recharts area plots, 96 points / 24h.
08Live
Service request tickets
Remote hands, cross-connect, cabinet, bandwidth, IP — comments + status transitions.
09Live
SLA timers + auto-priority
2 / 8 / 24h windows for urgent / high / normal; due-by surfaced on every ticket.
10Live
Maintenance windows
Admin-scheduled; signal-yellow banner above every page from -48h to end.
11Live
In-app notifications
Bell with unread badge; alert / billing / ticket / system kinds; mark-all-read.
12Live
Email delivery via Resend
Transactional mail for invites, alerts, and maintenance announcements.
03 · Infrastructure inventory

A digital twin of your footprint.

Every site, every cabinet, every device, every cross-connect, every IP — modelled, searchable, and bound together. The truth the Navon ops team works from is the same view your CTO sees.

13Live
Multi-site management
Sites with code, address, country; cabinet counts roll up from each.
14Live
Cabinet inventory
Rack-units (U), power cap (kW), status; A/B feed assumed on every cabinet.
15Live
Device tracking
Vendor, model, serial, role (compute / storage / network / other), U position.
16Live
Cross-connect provisioning
Speed, media (SM / MM / copper), pending → provisioned → decommissioned.
17Live
IPAM (IPv4 ranges)
CIDRs per VLAN with gateway; address validation against the range mask.
18Live
Device → IP binding
Allocations carry a label and link back to the device they're assigned to.
04 · Billing & payments

Statements, exports, M-Pesa.

Monthly invoices in KES with line-items split across power, space, bandwidth, and services. Download the PDF for the finance officer, the CSV for accounting, or pay it now via an STK push to your phone.

19Live
Monthly invoices in KES
Period, due date, status (issued / paid / overdue / void); minor-units for precision.
20Live
Line-item breakdown
Power · space · bandwidth · service · other — quantity × unit-price math is auditable.
21Live
PDF download
Generated server-side via @react-pdf — branded header, MMR-paybill footer.
22Live
CSV export
One row per line, proper escaping; rounds to 2dp in major units for finance import.
23Live
M-Pesa STK push
Customer types phone → Daraja prompt → callback flips invoice to paid.
24Live
Payment status tracking
Initiated / pending / success / failed; Daraja result codes captured for audit.
05 · Insight & analytics

From thresholds to forecasts.

Define what counts as a problem, get pinged the moment it starts, and look back at the period when the next QBR comes round. Audit log captures the boring stuff your auditor cares about; capacity forecast tells you when to upgrade.

25Live
Threshold-based alert rules
Power / temp / bandwidth, gt or lt, sustained-for window from 1 to 60 minutes.
26Live
Email + in-app on alert fire
All admins notified; one-hour suppression window stops noisy duplicate fires.
27Live
Uptime & SLA report
7 / 30 / 90-day window; planned-maintenance hours and event count broken out.
28Live
Capacity forecast
Least-squares fit on 30 days of daily means; projects days-to-cap headroom.
29Live
Append-only audit trail
Every auth, ticket, billing, and admin action — surfaced for admins under Activity.
30Live
IP + UA on every event
Captured at write-time; immutable; supports SOC 2 §CC6 evidence asks.
06 · Integrations & compliance

Wired into your stack, papered for your auditor.

A bearer-token REST API for DCIM and BMS systems to push telemetry. TimescaleDB hypertable underneath, ready for the scale. ISO 27001 Statement of Applicability, SOC 2 Type I, and the Kenya DPA 2019 data map all live in the portal — one place to point procurement at.

31Live
Metrics ingestion REST API
POST /api/metrics, bearer auth, up to 2000 points per call, idempotent on (org, ts).
32In prep
TimescaleDB hypertable
Weekly chunks, hourly + daily continuous aggregates, 2-year retention policy.
33Live
Daraja webhook callback
/api/payments/mpesa/callback consumes STK push results and reconciles invoice.
34Live
Compliance documents
ISO 27001 SoA, SOC 2 Type I, Kenya DPA 2019 data map, sub-processor list.
35Live
Operations runbooks
SLA, change management, incident response, disaster recovery — all surfaced.
36Live
Tenant isolation (RLS)
Postgres row-level security on every tenant table; defence in depth, not just app code.
Roadmap

Where we are.
Where we're going.

This page is the running spec — kept in lockstep with what's in production. When something ships, it moves left.

Live · 36 capabilities

  • Auth, MFA, RBAC, invites Email + password, magic link, TOTP, three roles per org
  • Real-time metrics dashboard Power, temperature, bandwidth · 24h history
  • Tickets, comments, SLA timers Remote hands, cross-connects, bandwidth, IP
  • Sites, cabinets, devices, cross-connects Multi-site digital twin of your footprint
  • IPAM IPv4 ranges, VLAN, gateway, device-bound assignments
  • Threshold alerts + email Per-metric rules with sustained-for windows + suppression
  • Maintenance windows + banner Admin-scheduled, all-member email + in-app
  • Reports — uptime, capacity forecast 7 / 30 / 90-day windows, regression-based projection
  • Billing — PDF, CSV, M-Pesa STK push KES, line-items, Daraja-ready, callback wired
  • Audit trail + activity surface Append-only, IP / UA / metadata captured
  • Knowledge base ISO 27001, SOC 2, Kenya DPA 2019, sub-processors, runbooks
  • Metrics ingestion REST API Bearer-token, idempotent batches, alert eval on ingest

Shipping next

  • SAML SSO production node-saml wired; awaiting first university IdP onboarding
  • TimescaleDB hypertable in prod Migration written; runs on first ≥10k-point ingest
  • Real DCIM / BMS connectors Customer-side scripts that POST to /api/metrics on a 1-min cadence
  • SMS alerts via Twilio Optional escalation channel for urgent thresholds
  • Daraja sandbox-to-production Production shortcode + passkey rotation flow
  • Public status page navonworld.com/status — read-only, no auth
Ready when you are

See your portal.

If you're already a Navon customer, sign in. If you're evaluating, we'll spin up a sandbox tenant for your team within a day.

Sign in Request a sandbox
Last updated · 03 May 2026 Cadence · refreshed when a capability ships or moves status Owner · Navon Customer Success
© Navon World · Sovereign compute, powered by the earth.
Naivasha SEZ · Kenya · Global South, one site at a time.