Managing Overleaf group SSO
This page is for Group Professional administrators who have configured and enabled single sign-on (SSO). Please see the documentation on configuring group SSO if this has not already been set up.
You can modify your SSO setup to complete tasks such as adding certificates, changing other aspects of your IdP configuration.
Managing your users in Overleaf
Within your members management page you're able to see which members are linked to your SSO. Members will receive an email notification to authenticate with your SSO provider once SSO is enabled and they are also encouraged to do so after logging in. (See Managing a group subscription for how to add or remove group members.)
Your members will not be required to link to your SSO provider. Once linked, they will have the option to log in via SSO or other login methods unless Managed Users is enabled. See Making SSO an exclusive login option.
Via the three-dot menu at the end of the row in the members table, there are options to help manage your members. For members who are not linked, you can send an email reminder to authenticate with your SSO provider. For members who are linked, you can unlink them from your SSO provider so that they can reauthenticate. This action should only be taken when you need to correct the unique identifier associated with a specific user. See Updating your SSO setup below if the unique identifier needs to be corrected for all group members.
Understanding errors reported by users
Below are some errors that your users might encounter when authenticating their Overleaf account with your SSO provider for the first time or when trying to log in via your SSO provider.
This email address isn’t set up for SSO. Please check it and try again or contact your administrator.
Members will see this message if they try to log in via SSO but their account is not yet authenticated with your SSO provider. They will need to log into their Overleaf account as they did before. After logging in, members will be directed to the SSO enrollment page. They can also authenticate with your SSO provider via their user settings page.
Sorry, you are trying to log in to X but the identity returned by your identity provider is not the correct one for this Overleaf account.
The email address they tried to log in with is not associated with the unique identifier from your IdP. The member will need to log out of your SSO provider and log in with the correct account.
Sorry, the information received from your identity provider is not signed (both response and assertion signatures are required). Please contact your administrator for more information.
This is a configuration problem within your IdP. The authentication request with your SSO provider failed because your SSO provider is no longer sending a signed response and assertion.
Updating your SSO setup
Unlinking users from your SSO provider
Your Overleaf Group SSO settings include an option to Unlink users. If you are migrating to a new IdP or changing the attributes that are being sent to Overleaf by your IdP, you may need to use the Unlink users option.
The Unlink users option removes the unique identifier from every group member’s account, essentially removing the login option via your SSO provider. This action requires each user to relink their Overleaf account to their SSO identity and they will receive an email notification to do so. There is also the option to unlink individual users to correct issues unique to specific users. See Managing your users in Overleaf.
An administrator should unlink all members only if they are making a change to the IdP configuration that changes the name or the values of the Unique Identifier. All other aspects of the SSO configuration, including the Redirect URL and the Certificates can change without requiring the unlinking of users.
Updating your certificate
The certificates that IdPs use to sign the responses that they send to services expire after a certain period of time. It's important to keep the certificate that has been provided to Overleaf up to date. If your certificate has expired, your users will see an error when attempting to log in to Overleaf.
You can check on your certificate expiry dates in the SSO configuration section of your Group Settings.
Overleaf's SSO configuration page provides a way to ensure that certificates can be replaced without interrupting access to the Overleaf service.
- Add the new certificate to Overleaf's SSO configuration page. You will now have two certificates configured: the original certificate and the updated new certificate.
- You can keep these two certificates in place until you have completed the certificate change over in your IdP.
- Once your IdP is using the new certificate, you can remove the original certificate in Overleaf.
Changing your IdP configuration
You might sometimes need to change other aspects of the Identity Provider (IdP) configuration. This can happen if you're changing the solution that you're using for your IdP, for example. In cases like this, you will have to temporarily disable SSO access.
You can disable SSO via your group settings page. After disabling, you can click View configuration and then Edit to modify and test your new IdP configuration.
When SSO access is disabled, Overleaf users can log in to their Overleaf accounts using their email address and an Overleaf-specific password. Users will receive a notification by email when SSO access is disabled. Once SSO is enabled again, they can log in again via SSO without needing to re-link their Overleaf account to their SSO identity. If your configuration changed the unique identifier then you will need to Unlink users. See Unlinking users from your SSO provider.
Related documentation
- Overleaf group single sign-on—an overview of Overleaf group SSO.
- Setting up group single sign-on—detailed steps to help you configure single sign-on in Overleaf and in your Identity Provider.
- Group SSO test troubleshooting—explains configuration issues you may have with your SSO setup.
- Linking users to group SSO—outlines steps required to get your subscription and your users ready to use single sign-on.
- Logging in with group single sign-on—instructions for group members to link their Overleaf accounts to their SSO identities and log in to their accounts. This documentation is intended for group members.
- User management in Overleaf—an overview of our Managed Users features.
- Managing a group subscription—an overview of adding and removing users and managers from an Overleaf group subscription.
Overleaf guides
- Creating a document in Overleaf
- Uploading a project
- Copying a project
- Creating a project from a template
- Using the Overleaf project menu
- Including images in Overleaf
- Exporting your work from Overleaf
- Working offline in Overleaf
- Using Track Changes in Overleaf
- Using bibliographies in Overleaf
- Sharing your work with others
- Using the History feature
- Debugging Compilation timeout errors
- How-to guides
- Guide to Overleaf’s premium features
LaTeX Basics
- Creating your first LaTeX document
- Choosing a LaTeX Compiler
- Paragraphs and new lines
- Bold, italics and underlining
- Lists
- Errors
Mathematics
- Mathematical expressions
- Subscripts and superscripts
- Brackets and Parentheses
- Matrices
- Fractions and Binomials
- Aligning equations
- Operators
- Spacing in math mode
- Integrals, sums and limits
- Display style in math mode
- List of Greek letters and math symbols
- Mathematical fonts
- Using the Symbol Palette in Overleaf
Figures and tables
- Inserting Images
- Tables
- Positioning Images and Tables
- Lists of Tables and Figures
- Drawing Diagrams Directly in LaTeX
- TikZ package
References and Citations
- Bibliography management with bibtex
- Bibliography management with natbib
- Bibliography management with biblatex
- Bibtex bibliography styles
- Natbib bibliography styles
- Natbib citation styles
- Biblatex bibliography styles
- Biblatex citation styles
Languages
- Multilingual typesetting on Overleaf using polyglossia and fontspec
- Multilingual typesetting on Overleaf using babel and fontspec
- International language support
- Quotations and quotation marks
- Arabic
- Chinese
- French
- German
- Greek
- Italian
- Japanese
- Korean
- Portuguese
- Russian
- Spanish
Document structure
- Sections and chapters
- Table of contents
- Cross referencing sections, equations and floats
- Indices
- Glossaries
- Nomenclatures
- Management in a large project
- Multi-file LaTeX projects
- Hyperlinks
Formatting
- Lengths in LaTeX
- Headers and footers
- Page numbering
- Paragraph formatting
- Line breaks and blank spaces
- Text alignment
- Page size and margins
- Single sided and double sided documents
- Multiple columns
- Counters
- Code listing
- Code Highlighting with minted
- Using colours in LaTeX
- Footnotes
- Margin notes
Fonts
Presentations
Commands
Field specific
- Theorems and proofs
- Chemistry formulae
- Feynman diagrams
- Molecular orbital diagrams
- Chess notation
- Knitting patterns
- CircuiTikz package
- Pgfplots package
- Typesetting exams in LaTeX
- Knitr
- Attribute Value Matrices
Class files
- Understanding packages and class files
- List of packages and class files
- Writing your own package
- Writing your own class