Overleaf docs
Plans and pricingTemplatesUser docsGo to Overleaf
Groups
Groups
  • Welcome
  • Getting started
    • How to create a group
    • Accessing your admin settings
  • User management
    • How to add and remove users
    • Roles and permissions
    • Managed Users
  • Overleaf Group single sign-on
    • Setting up Group SSO
      • Plan for success
      • Step 1: Add Overleaf to your Identity Provider
      • Step 2: Configure your SSO settings with IdP metadata
      • Step 3: Verify the connection between your IdP and Overleaf
        • Group SSO test troubleshooting
      • Step 4: Enable SSO for your team
    • Linking users to Group SSO
    • Maintaining Group SSO
    • Group SSO FAQs
  • Subscription management
    • Renewing a subscription
    • Switching plans
    • Updating billing information
    • Accessing invoices and receipts
  • Troubleshooting and support
    • FAQs
    • Overleaf user docs
    • Contact support
Powered by GitBook
LogoLogo

Discover Overleaf

  • Home
  • Features

Solutions

  • Plans and pricing
  • For universities
  • For business
  • For government

Resources

  • Templates
  • User docs and LaTeX learning
  • Blog

© Overleaf

On this page

Was this helpful?

Export as PDF
  1. Overleaf Group single sign-on
  2. Setting up Group SSO

Step 2: Configure your SSO settings with IdP metadata

PreviousStep 1: Add Overleaf to your Identity ProviderNextStep 3: Verify the connection between your IdP and Overleaf

Last updated 7 months ago

Was this helpful?

With the information from your IdP gathered in , you will be able to configure the Overleaf side of the trust relationship and identify the attributes that your IdP will be sending Overleaf when your team members log in.

The group administrator can configure and enable SSO on an Overleaf Professional subscription.

The SSO configuration page is accessible from the group administrator’s subscription page in their Overleaf account: .

Please provide information from your IdP on the Edit SSO configuration page.

Field
Description

Redirect URL

The Redirect URL is an endpoint provided by your IdP. This is sometimes called the Single Sign On Service HTTP-Redirect location. This might be a generic endpoint that is used for all services, or it may be one that is specifically generated by your IdP for Overleaf. This can usually be found in your IdP’s SAML metadata XML file. This URL is sometimes called the “SAML Endpoint” or “SSO URL”.

Unique Identifier

The Unique Identifier is an attribute or claim that you release to Overleaf which allows us to identify each user. The values sent for this attribute must be unique, persistent, and non-reassignable. You should be able to find the name of this attribute as a released claim in your IdP under the Overleaf service definition.

User first name attribute

The optional first name attribute will be used to initialize the Overleaf account for users who register through SSO. If the user has already provided this data to Overleaf, the attribute values sent will not be used. Users can update their first name in their Overleaf Account Settings. You should be able to find the name of this attribute as a released claim in your IdP under the Overleaf service definition.

User last name attribute

The optional last name attribute will be used to initialize the Overleaf account for users who register through SSO. If the user has already provided this data to Overleaf, the attribute values sent will not be used. Users can update their last name in their Overleaf Account Settings. You should be able to find the name of this attribute as a released claim in your IdP under the Overleaf service definition.

Primary certificate

You only need to provide the Primary Certificate.

In most cases, the certificate can be found as a “signing” X509Certificate element within the IdP metadata.

This certificate can also be provided from a .pem file. If your IdP provides the signing certificate in .pem file format, simply paste the contents of the file into this field.

The option to provide additional certificates is to allow for a smooth changeover when an existing certificate expires.

How did it go? Checklist for “Complete the Group Settings SSO configuration”

Once you've provided all the configuration data on this page, the SSO configuration in your IdP and Overleaf is ready to be tested.

The SSO configuration is saved while it is being tested. Once SSO is enabled, certificates can be added and removed while the rest of the configuration is locked. If any other part of the configuration other than certificates needs to be updated, it will be necessary to temporarily disable SSO. There are additional instructions for .

maintaining your Overleaf group SSO
Step 1
https://admin.overleaf.com/user/subscription