Step 2: Configure your SSO settings with IdP metadata
PreviousStep 1: Add Overleaf to your Identity ProviderNextStep 3: Verify the connection between your IdP and Overleaf
Last updated
Was this helpful?
Last updated
Was this helpful?
With the information from your IdP gathered in Step 1, you will be able to configure the Overleaf side of the trust relationship and identify the attributes that your IdP will be sending Overleaf when your team members log in.
The group administrator can configure and enable SSO on an Overleaf Professional subscription.
The SSO configuration page is accessible from the group administrator’s subscription page in their Overleaf account: https://admin.overleaf.com/user/subscription.
The SSO configuration is saved while it is being tested. Once SSO is enabled, certificates can be added and removed while the rest of the configuration is locked. If any other part of the configuration other than certificates needs to be updated, it will be necessary to temporarily disable SSO. There are additional instructions for maintaining your Overleaf group SSO.
Please provide information from your IdP on the Edit SSO configuration page.
Redirect URL
The Redirect URL is an endpoint provided by your IdP. This is sometimes called the Single Sign On Service HTTP-Redirect location. This might be a generic endpoint that is used for all services, or it may be one that is specifically generated by your IdP for Overleaf. This can usually be found in your IdP’s SAML metadata XML file. This URL is sometimes called the “SAML Endpoint” or “SSO URL”.
Unique Identifier
The Unique Identifier is an attribute or claim that you release to Overleaf which allows us to identify each user. The values sent for this attribute must be unique, persistent, and non-reassignable. You should be able to find the name of this attribute as a released claim in your IdP under the Overleaf service definition.
User first name attribute
The optional first name attribute will be used to initialize the Overleaf account for users who register through SSO. If the user has already provided this data to Overleaf, the attribute values sent will not be used. Users can update their first name in their Overleaf Account Settings. You should be able to find the name of this attribute as a released claim in your IdP under the Overleaf service definition.
User last name attribute
The optional last name attribute will be used to initialize the Overleaf account for users who register through SSO. If the user has already provided this data to Overleaf, the attribute values sent will not be used. Users can update their last name in their Overleaf Account Settings. You should be able to find the name of this attribute as a released claim in your IdP under the Overleaf service definition.
Primary certificate
You only need to provide the Primary Certificate.
In most cases, the certificate can be found as a “signing” X509Certificate element within the IdP metadata.
This certificate can also be provided from a .pem file. If your IdP provides the signing certificate in .pem file format, simply paste the contents of the file into this field.
The option to provide additional certificates is to allow for a smooth changeover when an existing certificate expires.
Once you've provided all the configuration data on this page, the SSO configuration in your IdP and Overleaf is ready to be tested.
