Group SSO FAQs
Find answers to common questions about Overleaf Group SSO.
How do I set it up?
If you’re the administrator of an Overleaf Group Professional subscription, group SSO is one of the optional features you can turn on for your group. To set up group SSO your users must be set up in an Identity Provider (IdP) that supports SAML 2.0, and you must be able to add Overleaf as a Service Provider in your IdP. See the Setting up Group SSO guide for the steps to follow.
Do you support Just in Time (JIT) Provisioning of user accounts?
Yes. Overleaf accounts are provisioned by users who receive email invitations to join their account to the group and link to their SSO identity.
Do you support SCIM?
Individual users provision their own Overleaf accounts, System for Cross-domain Identity Management (SCIM), is a standard for automation of user provisioning. Because your system will not be provisioning users in Overleaf, SCIM isn’t supported or required.
Does a user need to be created in our IdP before they create an Overleaf account?
If your subscription has SSO enabled, it’s best to have users created in your IdP before they’re invited to join the subscription. This allows users to create their Overleaf accounts, link to their SSO identity, and join your subscription in one step. However, this is not required, as your team members can link their Overleaf account to their SSO identity at any time.
If I delete a user in my identity system, will their Overleaf account be deleted?
No. Deleting a user in your IdP will not delete their account in Overleaf. Overleaf accounts are deleted in Overleaf by the account owner. This is either the user themselves or the manager of the account (when Managed Users is enabled).
Can SSO be made an exclusive login option?
Yes. If your group uses our Managed Users feature, the managed user accounts will be set to use SSO exclusively. See Linking users to Group SSO. Users will have to create a temporary Overleaf-specific password during the account creation and SSO linking process. For each user, SSO will become exclusive once they have linked their SSO identity to their Overleaf account and accepted the invitation to have their account managed. Administrators can check on the management and SSO status of each account on their group administration page.
I'm seeing an error when I try to log in—what do I do?
Please see Logging in with group single sign-on for troubleshooting suggestions. If you’re still having problems, please notify your group administrator and contact us if the issue cannot be resolved by them.
Last updated
Was this helpful?