Overleaf docs
Plans and pricingTemplatesUser docsGo to Overleaf
On-premises
On-premises
  • Welcome
    • Server Pro vs. Community Edition
  • Release notes
    • Release notes 5.x.x
      • Doc version recovery
    • Release notes 4.x.x
    • Release notes 3.x.x
      • Full project history migration
    • Release notes 2.x.x
    • Release notes 1.x.x
    • Release notes 0.x.x
  • Getting started
    • Before you start
    • Requirements
      • Skills needed
      • Hardware requirements
      • Software requirements
    • Microservices
    • Server Pro infrastructure
    • What is the Overleaf Toolkit?
  • Installation
    • Introduction
    • Using the Toolkit
      • 1: Download the Toolkit
      • 2: Familiarize yourself with the Toolkit
      • 3: Initialize the configuration
      • 4. Choose Community Edition or Server Pro
      • 5. Personalizing your instance
      • 6. Post-installation tasks
    • Air-gapped/offline deployments
    • Upgrading TeX Live
  • Configuration
    • Overleaf Toolkit
      • Files and locations
      • Toolkit settings
      • Environment variables
      • Server Pro-only configuration
        • LDAP
        • SAML 2.0
        • Sandboxed Compiles
        • Git integration
        • Templates
        • Adding LaTeX user help
      • Logging
      • TLS proxy
      • Branding
      • Localization
      • Email delivery
      • Redis
      • S3
  • Maintenance
    • docker-compose.yml to Toolkit migration
    • Upgrading your deployment
    • Data and backups
      • Exporting projects
    • Extending TeX Live
    • Horizontal scaling
    • S3 migration
    • Updating MongoDB
  • User and project management
    • User management
      • Username migration
    • Understanding license usage
    • Project management
  • Support
    • Project limits
    • Troubleshooting
    • Getting help
    • Support guides
      • Using templates as an individual
    • Overleaf user docs
Powered by GitBook
LogoLogo

Discover Overleaf

  • Home
  • Features

Solutions

  • Plans and pricing
  • For universities
  • For business
  • For government

Resources

  • Templates
  • User docs and LaTeX learning
  • Blog

© Overleaf

On this page
  • Provisioning users
  • Internal accounts
  • SSO accounts
  • Administrators
  • Deleting users
  • Via Admin -> Manage Users
  • Via the Command-line
  • Restoring a soft-deleted user
  • Counting users
  • Updating user account information

Was this helpful?

Export as PDF
  1. User and project management

User management

PreviousUpdating MongoDBNextUsername migration

Last updated 1 month ago

Was this helpful?

Provisioning users

In Server Pro, we only support using a single method of authentication at any one time. Once SSO has been enabled, users/administrators won't be able to log in using an Overleaf password, and you won't be able to create new users from the https://{your-instance-url}/admin/user URL.

Internal accounts

Once you are logged in as an administrator, you can visit /admin/register on your Overleaf instance and create new users. If you have an in your settings file, new users will be sent an email with a URL to set their password. If not, you will have to distribute the password reset URLs manually. These are shown when you create a user.

You can create multiple accounts at the same time by providing a comma separated list of email addresses.

SSO accounts

When using SAML 2.0 or LDAP authentication, user accounts are automatically provisioned through Just-in-Time (JIT) account creation. This means that the first time a user logs in with their external identity provider credentials, their account is dynamically created within the system. No manual account setup is required beforehand; the user's account infomration is populated using the information provided by the SAML 2.0 or LDAP identity source.

When SSO is enabled, all local account passwords will no longer work (setting/resetting passwords in Server Pro is disabled), meaning that all users (regular users and administrators) must be able to authenticate using SSO.

For more information, see our configuration guides for and .

Administrators

From Server Pro Server Pro 5.2.1, the admin role can be granted/revoked via the SSO login process. For me information see our configuration guides for and .

If you're creating your first administrator account we recommend visiting the https://{your-instance-url}/launchpad URL and setting up your account from there.

Alternatively, you can run the following command against you the sharelatex Docker container:

# Overleaf Toolkit deployments:
bin/docker-compose exec sharelatex /bin/bash -ce "cd /overleaf/services/web && node modules/server-ce-scripts/scripts/create-user --admin --email=joe@example.com"

# Legacy docker-compose.yml deployments:
docker exec sharelatex /bin/bash -ce "cd /overleaf/services/web && node modules/server-ce-scripts/scripts/create-user --admin --email=joe@example.com"

The above command will create a user with the provided email address if they don't already exist, and make them an administrator. In the command output, you will be given a URL to visit where you can set the password for this user and log in for the first time.

For a more programatic approach, you can use the above script for creating regular users as well as administrators. For regular users you'll need to omit the --adminflag.

If you're using internal accounts for authentication and need to elevate an existing user to an instance admin or revoke existing permissions, you can do this by following these steps:

  • Log in as an existing administrator

  • Click Admin -> Manage Users

  • Search for the user and click on their email address

  • Scroll down to the Site Admin section and click on the (show) link

  • Check the box Is Site Admin

  • Click the Save button to finish

Deleting users

Presently, there is no provision for deactivating accounts; they either exist with retained data or don't exist at all. The recommended approach is to leave the account and its associated data within Server Pro, ensuring any projects are part of your backup process.

Via Admin -> Manage Users

  • Log in as an administrator

  • Click Admin -> Manage Users

  • Search for the user and check the box next to their email address

  • Click the bin icon

  • Click the Delete button to confirm

Via the Command-line

User can be deleted via the following command. As mentioned above, projects will also be deleted so be careful when using this command.

# Overleaf Toolkit deployments:
$ bin/docker-compose exec sharelatex /bin/bash -ce "cd /overleaf/services/web && node modules/server-ce-scripts/scripts/delete-user.mjs --email=joe@example.com"

# Legacy docker-compose.yml deployments:
$ docker exec sharelatex /bin/bash -ce "cd /overleaf/services/web && node modules/server-ce-scripts/scripts/delete-user.mjs --email=joe@example.com"

The deletion script uses a hard-coded force option that ensures the deletion process continues even if the account deletion email fails to send (for example, when the users email address is no longer in service).

Restoring a soft-deleted user

Providing that a user has only been soft-deleted, it's possible to restore their account along with any projects.

  • Log in as an administrator

  • Click Admin -> Manage Users

  • Search for the user you want to restore

  • Click the Display deleted users button

  • Click on the deleted users email address

  • Click on the Recover This Account button

  • Click on the Recover button to confirm

When ENABLE_CRON_RESOURCE_DELETION is set to true, soft-deleted accounts can be restored within a 90-day window. After 90 days, account recovery is not possible.

Counting users

We understand that user metrics is crucial for effective license management. While it is possible to see how many active users your instance has via https://you-instance-url/admin/user#license — you may be looking for something a little more programmatic to you can check periodically and export to a third-party application.

# Total number of users
echo 'db.users.countDocuments()' | docker exec -i mongo mongosh --quiet localhost/sharelatex
# overleaf [direct: primary] sharelatex> 16

# Total number of users using metrics endpoint
docker exec sharelatex curl http://127.0.0.1:3000/metrics | grep num_active_users
# # HELP num_active_users num_active_users
# # TYPE num_active_users gauge
# num_active_users{app="web-api",host="b3ae4ff549d8"} 16

# Total number of active users
echo 'db.users.countDocuments({ lastActive: { $gte: new Date(new Date().getTime() - (365 * 24 * 60 * 60 * 1000)) } })' | docker exec -i mongo mongosh --quiet localhost/sharelatex
# overleaf [direct: primary] sharelatex> 10

Updating user account information

When managing user accounts, the process for updating user profile information depends on whether SSO is enabled.

If SSO is not in use, administrators have the ability to modify user account information through the Admin -> Manage Users interface where they can update a users email addresses, first name and last name, and generate a password reset link, if required.

Regular users can self-serve updating their own account details via Account -> Account Settings. From there, individuals have the same options but can also change their password and generate Git authentication tokens.

For deployments using SSO, Server Pro can be optionally configured to automatically update a user's first and last name during login. This update occurs using the information received from the configured authentication system during the authentication process.

When OVERLEAF_SAML_UPDATE_USER_DETAILS_ON_LOGIN or OVERLEAF_LDAP_UPDATE_USER_DETAILS_ON_LOGIN are true — the user details form on https://your-instance-url/user/settings page is disabled and can't be used to update the account information. The first name and last name can only be set in your identity managment system.

As per our guide on , in general, it's advisable not to delete accounts (unless they are no longer required), as this action would lead to the removal of the account's projects and prevent any collaborators from accessing them.

By default, accounts are soft-deleted. For information regarding permanently removing users from your instance see ENABLE_CRON_RESOURCE_DELETION in the guide.

For more information on these settings, see our configuration guides for and .

email backend configured
SAML 2.0
LDAP
SAML 2.0
LDAP
understanding license usage
Environment variables
SAML 2.0
LDAP