Setting Up OAuth Resource Server Support (Enterprise Only)

A Resource server is a component of a distributed application architecture that allows users of a computer network to access information and applications through a single user environment. This means that, as part of the OAuth protocol, it will allow the user access management system to authenticate end users of without an additional manual login process.

• A fully licensed instance

• An internally managed authentication service (e.g. Keycloak) that:

  • Issues JSON Web Tokens (JWT) signed by the encryption algorithm RS256.

  • Uses the public keys in the JSON Web Key Set (JWKS) to verify the JSON Web Tokens.

Procedure

1. Go to Instance Settings > Resource server.

2. Click Add new connection.

3. Enter the JWKS public key URL from your authentication service (e.g. Keycloak).

   

4. If you want users to be deleted from NavVis IVION when they are deleted from the identity provider, enable the toggle button.

5. If you want to map external user groups to NavVis IVION, enable the toggle button.

6. Click Add connection.

7. Use the toggle button to enable the Resource server.

End users can then use the following workflow:

1. Log in to the corporate network.

2. Go to the web application that hosts and log in.

3. By logging into the hosting web application you will be automatically logged into NavVis IVION as well.