File size: 5,848 Bytes
72d93ce 3c94026 85ab001 25a8675 85ab001 3c94026 87c5a88 3c94026 87c5a88 3c94026 25a8675 3c94026 85ab001 25a8675 87c5a88 5b60fa3 25a8675 5b60fa3 2e4f014 25a8675 5b60fa3 25a8675 85ab001 5b60fa3 87c5a88 3c94026 25a8675 5b60fa3 3c94026 25a8675 2e4f014 3c94026 25a8675 5b60fa3 25a8675 5b60fa3 2e4f014 5b60fa3 2e4f014 85ab001 3c94026 85ab001 25a8675 5b60fa3 25a8675 5b60fa3 2e4f014 5b60fa3 25a8675 2e4f014 25a8675 85ab001 25a8675 85ab001 3c94026 87c5a88 3c94026 25a8675 85ab001 3c94026 87c5a88 5b60fa3 25a8675 72d93ce |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 |
<!doctype html>
<html>
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width" />
<title>My static Space</title>
<link rel="stylesheet" href="style.css" />
</head>
<body>
<div class="header clearfix">
<div class="logo-container">
<img src="https://huggingface.co/front/assets/huggingface_logo-noborder.svg" alt="Hugging Face" style="height:50px;margin-top:10px;">
</div>
</div>
<div class="okta-instructions">
<h1>How to Configure SAML 2.0 for Hugging Face Enterprise Hub</h1>
<div class="okta-callout okta-warning">
<span class="icon-24 icon-warning"></span>
<div>
<p><strong>Prerequisites:</strong></p>
<ul>
<li>Your organization must be on an <strong>Enterprise</strong> or <strong>Enterprise Plus</strong> plan to enable SAML-based SSO.</li>
<li>You must have administrator access to both your Okta organization and your Hugging Face Enterprise Hub organization.</li>
<li>For details about Hugging Face’s SSO options, visit the official documentation:
<a href="https://huggingface.co/docs/hub/en/enterprise-sso" target="_blank">Hugging Face Enterprise SSO Documentation</a>.
</li>
</ul>
</div>
</div>
<h2>Contents</h2>
<ul>
<li><a href="#features">Supported Features</a></li>
<li><a href="#steps">Configuration Steps</a></li>
<li><a href="#notes">Notes</a></li>
</ul>
<hr>
<a name="features"></a><h2>Supported Features</h2>
<p>The Okta / Hugging Face Enterprise Hub SAML integration supports the following:</p>
<ul>
<li><strong>IdP-initiated SSO and SP-initiated SSO:</strong> Users can initiate authentication either from the identity provider (Okta) or from the service provider (Hugging Face).</li>
</ul>
<hr>
<a name="steps"></a><h2>Configuration Steps</h2>
<h3>Step 1 — Add the Hugging Face App from Okta Integration Network (OIN)</h3>
<ol>
<li>Sign in to your Okta Admin Dashboard.</li>
<li>Go to <strong>Applications → Browse App Catalog</strong>.</li>
<li>Search for and select the application named <strong>Hugging Face</strong>.</li>
<li>Click <strong>Add Integration</strong>.</li>
</ol>
<h3>Step 2 — Configure the Hugging Face App in Okta</h3>
<ol start="5">
<li>On the <strong>General Settings</strong> page, enter:
<ul>
<li><strong>Application label:</strong> <kbd>Hugging Face</kbd></li>
<li><strong>Organization Name:</strong> Your Hugging Face organization name</li>
<li><strong>Organization ID:</strong> Your Hugging Face organization ID</li>
</ul>
<p><em>Where to find these values:</em> In Hugging Face, go to <strong>Organization Settings → SSO → SAML</strong>. You will see both the Organization Name and Organization ID.</p>
<p><img src="/static/images/hf-sso-saml-screenshot.png" alt="Hugging Face SSO SAML screenshot" style="max-width:100%;height:auto;"></p>
</li>
<li>Click <strong>Next</strong>, review the Sign-On Options (username format should be <kbd>Email</kbd>), then click <strong>Done</strong>.</li>
<li><strong>Important:</strong> Ensure the administrator performing these steps is <strong>assigned</strong> to the Hugging Face app in Okta (via the Assignments tab).</li>
</ol>
<h3>Step 3 — Copy SAML Configuration from Okta</h3>
<ol start="8">
<li>In the Hugging Face app in Okta, open the <strong>Sign On</strong> tab.</li>
<li>Locate the <strong>SAML 2.0</strong> section and click <strong>View SAML Setup Instructions</strong> (or go to Metadata Details).</li>
<li>Copy the following values:
<ul>
<li><strong>Identity Provider Single Sign-On URL</strong></li>
<li><strong>X.509 Certificate</strong> — copy the full certificate including <kbd>-----BEGIN CERTIFICATE-----</kbd> and <kbd>-----END CERTIFICATE-----</kbd>.</li>
</ul>
</li>
</ol>
<h3>Step 4 — Configure SAML in Hugging Face</h3>
<ol start="11">
<li>Return to your organization’s <strong>Organization Settings → SSO → SAML</strong> tab in Hugging Face.</li>
<li>Enter the values from Okta:
<ul>
<li><strong>Sign On URL:</strong> Paste the Identity Provider Single Sign-On URL from Okta.</li>
<li><strong>X.509 Certificate:</strong> Paste the full certificate (including BEGIN/END markers) from Okta.</li>
</ul>
</li>
<li>Click <strong>Update and Test SAML Configuration</strong> to validate.</li>
<li>If the test is successful, toggle <strong>Enable SAML SSO</strong> to activate SSO for your organization.</li>
</ol>
<p><strong>What happens next ?</strong> Users will still sign in to Hugging Face with their usual accounts. When they access content belonging to your organization, they’ll be prompted to authenticate via SSO through Okta.</p>
<hr>
<a name="notes"></a><h2>Notes</h2>
<ul>
<li>This guide covers the <strong>Standard SSO</strong> setup. For <strong>Advanced SSO</strong> (with automated user provisioning and SCIM), see
<a href="https://huggingface.co/docs/hub/en/enterprise-hub-advanced-sso" target="_blank">Advanced SSO Documentation</a>.
</li>
<li>For automated user lifecycle management via <strong>SCIM Provisioning</strong> (Enterprise Plus with Advanced SSO), see
<a href="https://huggingface.co/docs/hub/en/enterprise-hub" target="_blank">SCIM and Advanced Features Overview</a>.
</li>
<li>Ensure the <strong>Organization Name</strong> and <strong>Organization ID</strong> entered in Okta exactly match those displayed in your Hugging Face SSO → SAML settings.</li>
</ul>
</div>
</body>
</html>
|