Aller au contenu

What is Overleaf group single sign-on (SSO)?

Overleaf Group single sign-on (SSO) allows your team members to easily and securely log in to their Overleaf account, authenticating with your Identity Provider (IdP).

It’s available for Overleaf Group Professional subscribers and can be used together with user management features that are also included in the Group Professional plan.

Our group SSO uses SAML 2.0, allowing it to integrate with a wide variety of Identity Providers (IdPs), including Microsoft Entra/Azure, Okta, Shibboleth, Jumpcloud, and many others.

SSO documentation overview

For group administrators

  1. Setting up group single sign-on provides detailed step-by-step instructions on how to configure single sign-on in Overleaf and in your Identity Provider.
  2. Group SSO test troubleshooting supports you with any configuration issues during your SSO setup.
  3. Linking users to group SSO outlines the steps required to get your subscription and your users ready to use single sign-on.
  4. Managing Overleaf group SSO describes how administrators can maintain and make changes to their SSO configuration in Overleaf, and explains common user questions or issues you might face.

For group members

Logging in with group single sign-on provides instructions for members of your group to link their Overleaf accounts to their SSO identities and log in to their accounts.

Group SSO FAQ

What kind of SSO do you support?

Overleaf offers a standard SAML-based SSO integration.

How do I set it up?

If you’re the administrator of an Overleaf Group Professional subscription, group SSO is one of the optional features you can turn on for your group. To set up group SSO your users must be set up in an Identity Provider (IdP) that supports SAML 2.0, and you must be able to add Overleaf as a Service Provider in your IdP. See the Setting up group single sign-on guide for the steps to follow.

Do you support Just in Time (JIT) Provisioning of user accounts?

Yes. Overleaf accounts are provisioned by users who receive email invitations to join their account to the group and link to their SSO identity.

Do you support SCIM?

Individual users provision their own Overleaf accounts, System for Cross-domain Identity Management (SCIM), is a standard for automation of user provisioning. Because your system will not be provisioning users in Overleaf, SCIM isn’t supported or required.

Does a user need to be created in our IdP before they create an Overleaf account?

If your subscription has SSO enabled, it’s best to have users created in your IdP before they’re invited to join the subscription. This allows users to create their Overleaf accounts, link to their SSO identity, and join your subscription in one step. However, this is not required, as your team members can link their Overleaf account to their SSO identity at any time.

If I delete a user in my identity system, will their Overleaf account be deleted?

No. Deleting a user in your IdP will not delete their account in Overleaf. Overleaf accounts are deleted in Overleaf by the account owner. This is either the user themselves or the manager of the account (when Managed Users is enabled).

Can SSO be made an exclusive login option?

If your group uses our Managed Users feature, the managed user accounts will be set to use SSO exclusively. See Linking users to group SSO.

I'm seeing an error when I try to log in—what do I do?

Please see Logging in with group single sign-on for troubleshooting suggestions. If you’re still having problems, please notify your group administrator and contact us if the issue cannot be resolved by them.

Overleaf guides

LaTeX Basics

Mathematics

Figures and tables

References and Citations

Languages

Document structure

Formatting

Fonts

Presentations

Commands

Field specific

Class files

Advanced TeX/LaTeX