Spaces:

huggingface
/

okta-saml-integration-guide

Running

App Files Files Community

okta-saml-integration-guide / yo.html

CharlieBoyer HF Staff

Rename index.html to yo.html

a6bd175 verified 10 days ago

raw

history blame

5.85 kB

	<!doctype html>
	<html>
	<head>
	<meta charset="utf-8" />
	<meta name="viewport" content="width=device-width" />
	<title>My static Space</title>
	<link rel="stylesheet" href="style.css" />
	</head>
	<body>
	<div class="header clearfix">
	<div class="logo-container">
	<img src="https://huggingface.co/front/assets/huggingface_logo-noborder.svg" alt="Hugging Face" style="height:50px;margin-top:10px;">
	</div>
	</div>

	<div class="okta-instructions">
	<h1>How to Configure SAML 2.0 for Hugging Face Enterprise Hub</h1>

	<div class="okta-callout okta-warning">
	<span class="icon-24 icon-warning"></span>
	<div>
	<p><strong>Prerequisites:</strong></p>
	<ul>
	<li>Your organization must be on an <strong>Enterprise</strong> or <strong>Enterprise Plus</strong> plan to enable SAML-based SSO.</li>
	<li>You must have administrator access to both your Okta organization and your Hugging Face Enterprise Hub organization.</li>
	<li>For details about Hugging Face’s SSO options, visit the official documentation:
	<a href="https://huggingface.co/docs/hub/en/enterprise-sso" target="_blank">Hugging Face Enterprise SSO Documentation</a>.
	</li>
	</ul>
	</div>
	</div>

	<h2>Contents</h2>
	<ul>
	<li><a href="#features">Supported Features</a></li>
	<li><a href="#steps">Configuration Steps</a></li>
	<li><a href="#notes">Notes</a></li>
	</ul>
	<hr>

	<a name="features"></a><h2>Supported Features</h2>
	<p>The Okta / Hugging Face Enterprise Hub SAML integration supports the following:</p>
	<ul>
	<li><strong>IdP-initiated SSO and SP-initiated SSO:</strong> Users can initiate authentication either from the identity provider (Okta) or from the service provider (Hugging Face).</li>
	</ul>
	<hr>

	<a name="steps"></a><h2>Configuration Steps</h2>

	<h3>Step 1 — Add the Hugging Face App from Okta Integration Network (OIN)</h3>
	<ol>
	<li>Sign in to your Okta Admin Dashboard.</li>
	<li>Go to <strong>Applications → Browse App Catalog</strong>.</li>
	<li>Search for and select the application named <strong>Hugging Face</strong>.</li>
	<li>Click <strong>Add Integration</strong>.</li>
	</ol>

	<h3>Step 2 — Configure the Hugging Face App in Okta</h3>
	<ol start="5">
	<li>On the <strong>General Settings</strong> page, enter:
	<ul>
	<li><strong>Application label:</strong> <kbd>Hugging Face</kbd></li>
	<li><strong>Organization Name:</strong> Your Hugging Face organization name</li>
	<li><strong>Organization ID:</strong> Your Hugging Face organization ID</li>
	</ul>
	<p><em>Where to find these values:</em> In Hugging Face, go to <strong>Organization Settings → SSO → SAML</strong>. You will see both the Organization Name and Organization ID.</p>
	<p><img src="/static/images/hf-sso-saml-screenshot.png" alt="Hugging Face SSO SAML screenshot" style="max-width:100%;height:auto;"></p>
	</li>
	<li>Click <strong>Next</strong>, review the Sign-On Options (username format should be <kbd>Email</kbd>), then click <strong>Done</strong>.</li>
	<li><strong>Important:</strong> Ensure the administrator performing these steps is <strong>assigned</strong> to the Hugging Face app in Okta (via the Assignments tab).</li>
	</ol>

	<h3>Step 3 — Copy SAML Configuration from Okta</h3>
	<ol start="8">
	<li>In the Hugging Face app in Okta, open the <strong>Sign On</strong> tab.</li>
	<li>Locate the <strong>SAML 2.0</strong> section and click <strong>View SAML Setup Instructions</strong> (or go to Metadata Details).</li>
	<li>Copy the following values:
	<ul>
	<li><strong>Identity Provider Single Sign-On URL</strong></li>
	<li><strong>X.509 Certificate</strong> — copy the full certificate including <kbd>-----BEGIN CERTIFICATE-----</kbd> and <kbd>-----END CERTIFICATE-----</kbd>.</li>
	</ul>
	</li>
	</ol>

	<h3>Step 4 — Configure SAML in Hugging Face</h3>
	<ol start="11">
	<li>Return to your organization’s <strong>Organization Settings → SSO → SAML</strong> tab in Hugging Face.</li>
	<li>Enter the values from Okta:
	<ul>
	<li><strong>Sign On URL:</strong> Paste the Identity Provider Single Sign-On URL from Okta.</li>
	<li><strong>X.509 Certificate:</strong> Paste the full certificate (including BEGIN/END markers) from Okta.</li>
	</ul>
	</li>
	<li>Click <strong>Update and Test SAML Configuration</strong> to validate.</li>
	<li>If the test is successful, toggle <strong>Enable SAML SSO</strong> to activate SSO for your organization.</li>
	</ol>

	<p><strong>What happens next ?</strong> Users will still sign in to Hugging Face with their usual accounts. When they access content belonging to your organization, they’ll be prompted to authenticate via SSO through Okta.</p>

	<hr>

	<a name="notes"></a><h2>Notes</h2>
	<ul>
	<li>This guide covers the <strong>Standard SSO</strong> setup. For <strong>Advanced SSO</strong> (with automated user provisioning and SCIM), see
	<a href="https://huggingface.co/docs/hub/en/enterprise-hub-advanced-sso" target="_blank">Advanced SSO Documentation</a>.
	</li>
	<li>For automated user lifecycle management via <strong>SCIM Provisioning</strong> (Enterprise Plus with Advanced SSO), see
	<a href="https://huggingface.co/docs/hub/en/enterprise-hub" target="_blank">SCIM and Advanced Features Overview</a>.
	</li>
	<li>Ensure the <strong>Organization Name</strong> and <strong>Organization ID</strong> entered in Okta exactly match those displayed in your Hugging Face SSO → SAML settings.</li>
	</ul>
	</div>
	</body>



	</html>