--- title: "Setting up OAuth Resource Server Support (Enterprise Only)" slug: "mapping-external-user-groups-to-navvis-ivion" description: "Streamline user access with a Resource server using OAuth, enabling seamless authentication and management through JSON Web Tokens in NavVis IVION." updated: 2025-09-23T13:13:15Z published: 2025-09-23T13:13:15Z canonical: "knowledge.navvis.com/mapping-external-user-groups-to-navvis-ivion" --- > ## Documentation Index > Fetch the complete documentation index at: https://knowledge.navvis.com/llms.txt > Use this file to discover all available pages before exploring further. # Setting Up OAuth Resource Server Support (Enterprise Only) A Resource server is a component of a distributed application architecture that allows users of a computer network to access information and applications through a single user environment. This means that, as part of the OAuth protocol, it will allow the user access management system to authenticate end users of without an additional manual login process. - A fully licensed instance - An internally managed authentication service (e.g. an IDP) that: - Issues JSON Web Tokens (JWT) signed by the encryption algorithm RS256. - Uses the public keys in the JSON Web Key Set (JWKS) to verify the JSON Web Tokens. ## Procedure 1. Go to **Instance** **Settings** > Resource server. 2. Click **Add new connection**. 3. Enter the JWKS public key URL from your IDP. ![](https://cdn.document360.io/bf174766-fa1a-4fe1-a4d7-b1db1e7cb996/Images/Documentation/image-1706202746523.png) 4. If you want users to be deleted from NavVis IVION when they are deleted from the identity provider, enable the toggle button. 5. If you want to [map external user groups](https://knowledge.navvis.com/v1/docs/setting-up-openid-connect#mapping-external-user-groups-to-navvis-ivion-enterprise-only-%E2%80%8B) to NavVis IVION, enable the toggle button. 6. Click **Add connection**. 7. Use the toggle button to enable the Resource server. End users can then use the following workflow: 1. Log in to the corporate network. 2. Go to the web application that hosts and log in. 3. By logging into the hosting web application you will be automatically logged into NavVis IVION as well. --- ### FAQ #### What is a Resource server? A Resource server is a component of a distributed application architecture that allows users to access information and applications through a single user environment, facilitating access management without additional manual login processes. #### What is required to set up a Resource server? You need a fully licensed instance and an internally managed authentication service that issues JSON Web Tokens (JWT) signed by the RS256 encryption algorithm. #### How do I add a new connection to the Resource server? To add a new connection, go to Instance Settings > Resource server, click Add new connection, enter the JWKS public key URL from your IDP, and configure the necessary settings before clicking Add connection. #### Can users be automatically deleted from NavVis IVION when removed from the identity provider? Yes, you can enable a toggle button to allow users to be deleted from NavVis IVION when they are deleted from the identity provider. #### Is it possible to map external user groups to NavVis IVION? Yes, you can enable a toggle button to map external user groups to NavVis IVION. #### What is the workflow for end users to access NavVis IVION? End users log in to the corporate network, go to the hosting web application, and by logging in there, they will be automatically logged into NavVis IVION. A resource server is an OAuth 2.0 API server. To secure access-protected resources, it verifies access tokens from your app and authorizes access to your API. It verifies the issuer based on the token signature, validity based on token expiration, and access level based on the scopes in token claims.