Group SSO FAQs

Overleaf offers a standard SAML-based SSO integration.

If you’re the administrator of an Overleaf Group Professional subscription, group SSO is one of the optional features you can turn on for your group. To set up group SSO your users must be set up in an Identity Provider (IdP) that supports SAML 2.0, and you must be able to add Overleaf as a Service Provider in your IdP. See the Setting up Group SSO guide for the steps to follow.

Yes. Overleaf accounts are provisioned by users who receive email invitations to join their account to the group and link to their SSO identity.

Individual users provision their own Overleaf accounts, System for Cross-domain Identity Management (SCIM), is a standard for automation of user provisioning. Because your system will not be provisioning users in Overleaf, SCIM isn’t supported or required.

If your subscription has SSO enabled, it’s best to have users created in your IdP before they’re invited to join the subscription. This allows users to create their Overleaf accounts, link to their SSO identity, and join your subscription in one step. However, this is not required, as your team members can link their Overleaf account to their SSO identity at any time.

No. Deleting a user in your IdP will not delete their account in Overleaf. Overleaf accounts are deleted in Overleaf by the account owner. This is either the user themselves or the manager of the account (when Managed Users is enabled).

Yes. If your group uses our Managed Users feature, the managed user accounts will be set to use SSO exclusively. See Linking users to Group SSO. Users will have to create a temporary Overleaf-specific password during the account creation and SSO linking process. For each user, SSO will become exclusive once they have linked their SSO identity to their Overleaf account and accepted the invitation to have their account managed. Administrators can check on the management and SSO status of each account on their group administration page.