Update index.html

index.html

@@ -51,112 +51,100 @@
 
     <a name="steps"></a><h2>Configuration Steps</h2>
     
-    <h3>Step 1: Create SAML App Integration in Okta</h3>
+    <h3>Step 1: Get Your Organization Name and Entity ID from Hugging Face</h3>
     <ol>
-      <li><p>Sign in to your <strong>Okta Admin Dashboard</strong>.</p></li>
-
-      <li><p>Navigate to <strong>Applications</strong> &gt; <strong>Applications</strong> in the left sidebar.</p></li>
+      <li><p>Sign in to <strong>Hugging Face</strong> with your administrator account.</p></li>
 
-      <li><p>Click <strong>Create App Integration</strong>.</p></li>
+      <li><p>Navigate to your organization's settings page and click on <strong>SSO</strong>:<br>
+        <kbd>https://huggingface.co/organizations/&lt;your_org&gt;/settings/sso</kbd><br>
+        <em>(Replace <kbd>&lt;your_org&gt;</kbd> with your actual organization name)</em>
+      </p></li>
 
-      <li><p>Select <strong>SAML 2.0</strong> as the Sign-in method and click <strong>Next</strong>.</p></li>
+      <li><p>Click on the <strong>SAML</strong> tab.</p></li>
 
-      <li><p>On the <strong>General Settings</strong> page, enter the following:</p>
+      <li><p>Note the following values - you will need them in the next steps:</p>
         <ul>
-          <li><strong>App name:</strong> <kbd>Hugging Face Enterprise Hub</kbd></li>
-          <li><strong>App logo</strong> (optional): Upload the Hugging Face logo</li>
+          <li><strong>Organization Name:</strong> Your Hugging Face organization name (e.g., <kbd>your-org</kbd>)</li>
+          <li><strong>Entity ID:</strong> <kbd>https://huggingface.co</kbd></li>
+          <li><strong>ACS URL:</strong> <kbd>https://huggingface.co/login/sso/saml</kbd></li>
         </ul>
-        <p>Click <strong>Next</strong>.</p>
+        <p><em>Keep this page open - you'll return to it later.</em></p>
       </li>
     </ol>
 
-    <h3>Step 2: Configure SAML Settings in Okta</h3>
-    <ol start="6">
-      <li><p>On the <strong>Configure SAML</strong> page, enter the following values in the <strong>SAML Settings</strong> section:</p>
+    <h3>Step 2: Add Hugging Face App from Okta Integration Network (OIN)</h3>
+    <ol start="5">
+      <li><p>Sign in to your <strong>Okta Admin Dashboard</strong>.</p></li>
+
+      <li><p>Navigate to <strong>Applications</strong> &gt; <strong>Applications</strong> in the left sidebar.</p></li>
+
+      <li><p>Click <strong>Browse App Catalog</strong>.</p></li>
+
+      <li><p>Search for <strong>"Hugging Face"</strong> in the search bar.</p></li>
+
+      <li><p>Select the <strong>Hugging Face Enterprise Hub</strong> application from the results.</p></li>
+
+      <li><p>Click <strong>Add Integration</strong>.</p></li>
+    </ol>
+
+    <h3>Step 3: Configure the Hugging Face App in Okta</h3>
+    <ol start="11">
+      <li><p>On the <strong>General Settings</strong> page, enter the following:</p>
         <ul>
-          <li><strong>Single Sign-On URL:</strong><br>
-            <kbd>https://huggingface.co/login/sso/saml</kbd>
-          </li>
-          <li><strong>Audience URI (SP Entity ID):</strong><br>
-            <kbd>https://huggingface.co</kbd>
-          </li>
-          <li><strong>Default RelayState:</strong> Leave blank</li>
-          <li><strong>Name ID format:</strong> <kbd>EmailAddress</kbd></li>
-          <li><strong>Application username:</strong> <kbd>Email</kbd></li>
+          <li><strong>Application label:</strong> <kbd>Hugging Face Enterprise Hub</kbd> (or customize as needed)</li>
+          <li><strong>Organization Name:</strong> Enter your Hugging Face organization name from Step 4 (e.g., <kbd>your-org</kbd>)</li>
+          <li><strong>Entity ID:</strong> This should be pre-filled as <kbd>https://huggingface.co</kbd></li>
         </ul>
       </li>
 
-      <li><p>In the <strong>Attribute Statements</strong> section (optional but recommended), add the following attributes:</p>
-        <table style="width:100%; border-collapse: collapse; margin: 1rem 0;">
-          <thead>
-            <tr style="background: #f3f4f6;">
-              <th style="padding: 0.75rem; text-align: left; border: 1px solid #d1d5db;">Name</th>
-              <th style="padding: 0.75rem; text-align: left; border: 1px solid #d1d5db;">Name Format</th>
-              <th style="padding: 0.75rem; text-align: left; border: 1px solid #d1d5db;">Value</th>
-            </tr>
-          </thead>
-          <tbody>
-            <tr>
-              <td style="padding: 0.75rem; border: 1px solid #d1d5db;"><kbd>email</kbd></td>
-              <td style="padding: 0.75rem; border: 1px solid #d1d5db;">Unspecified</td>
-              <td style="padding: 0.75rem; border: 1px solid #d1d5db;"><kbd>user.email</kbd></td>
-            </tr>
-            <tr>
-              <td style="padding: 0.75rem; border: 1px solid #d1d5db;"><kbd>firstName</kbd></td>
-              <td style="padding: 0.75rem; border: 1px solid #d1d5db;">Unspecified</td>
-              <td style="padding: 0.75rem; border: 1px solid #d1d5db;"><kbd>user.firstName</kbd></td>
-            </tr>
-            <tr>
-              <td style="padding: 0.75rem; border: 1px solid #d1d5db;"><kbd>lastName</kbd></td>
-              <td style="padding: 0.75rem; border: 1px solid #d1d5db;">Unspecified</td>
-              <td style="padding: 0.75rem; border: 1px solid #d1d5db;"><kbd>user.lastName</kbd></td>
-            </tr>
-          </tbody>
-        </table>
-      </li>
-
-      <li><p>Click <strong>Next</strong> to proceed to the Feedback page.</p></li>
+      <li><p>Click <strong>Next</strong>.</p></li>
 
-      <li><p>Complete the feedback form with the following information:</p>
+      <li><p>On the <strong>Sign-On Options</strong> page, review the default settings.</p>
         <ul>
-          <li><strong>Are you a customer or partner?</strong> Select the appropriate option</li>
-          <li><strong>App type:</strong> Select "This is an internal app that we have created"</li>
+          <li><strong>Application username format:</strong> Should be set to <kbd>Email</kbd></li>
         </ul>
-        <p>Click <strong>Finish</strong>.</p>
       </li>
-    </ol>
 
-    <h3>Step 3: Download IdP Metadata from Okta</h3>
-    <ol start="10">
-      <li><p>From your newly created Okta app, go to the <strong>Sign On</strong> tab.</p></li>
+      <li><p>Click <strong>Done</strong>.</p></li>
+    </ol>
 
-      <li><p>In the <strong>SAML 2.0</strong> section, click <strong>View SAML setup instructions</strong>.</p></li>
+    <h3>Step 4: Copy SAML Configuration from Okta</h3>
+    <ol start="15">
+      <li><p>From your Hugging Face app in Okta, go to the <strong>Sign On</strong> tab.</p></li>
 
-      <li><p>Scroll down and locate the <strong>Provide the following IDP metadata to your SP provider</strong> section.</p></li>
+      <li><p>Scroll down to the <strong>SAML 2.0</strong> section and click <strong>View SAML setup instructions</strong>.</p></li>
 
-      <li><p>Right-click the XML content, select <strong>Save As</strong>, and save the file as <kbd>okta-metadata.xml</kbd> to your computer.</p>
-        <p><em>Alternatively, you can copy the Identity Provider metadata URL at the top of the setup instructions page.</em></p>
+      <li><p>From the setup instructions page, copy the following values:</p>
+        <ul>
+          <li><strong>Identity Provider Single Sign-On URL</strong></li>
+          <li><strong>X.509 Certificate</strong> (the full certificate text between <kbd>-----BEGIN CERTIFICATE-----</kbd> and <kbd>-----END CERTIFICATE-----</kbd>)</li>
+        </ul>
+        <p><em>Alternatively, you can find these values in the Sign On tab under "Metadata details".</em></p>
       </li>
     </ol>
 
-    <h3>Step 4: Configure SAML in Hugging Face</h3>
-    <ol start="14">
-      <li><p>Sign in to <strong>Hugging Face</strong> with your administrator account.</p></li>
-
-      <li><p>Navigate to your organization's SSO settings page:<br>
-        <kbd>https://huggingface.co/organizations/&lt;your_org&gt;/settings/sso</kbd><br>
-        <em>(Replace <kbd>&lt;your_org&gt;</kbd> with your actual organization name)</em>
+    <h3>Step 5: Configure SAML in Hugging Face</h3>
+    <ol start="18">
+      <li><p>Return to the Hugging Face SSO settings page from Step 3:<br>
+        <kbd>https://huggingface.co/organizations/&lt;your_org&gt;/settings/sso</kbd>
       </p></li>
 
-      <li><p>In the <strong>SAML Configuration</strong> section, upload the <kbd>okta-metadata.xml</kbd> file you downloaded in Step 13.</p></li>
+      <li><p>Make sure you're on the <strong>SAML</strong> tab.</p></li>
+
+      <li><p>Enter the following values from Step 17:</p>
+        <ul>
+          <li><strong>Sign On URL:</strong> Paste the <strong>Identity Provider Single Sign-On URL</strong> from Okta</li>
+          <li><strong>X.509 Certificate:</strong> Paste the full certificate text from Okta</li>
+        </ul>
+      </li>
 
       <li><p>Click <strong>Update and Test SAML Configuration</strong>.</p></li>
 
       <li><p>If the test is successful, toggle the <strong>Enable SAML SSO</strong> switch to enable SSO enforcement for your organization.</p></li>
     </ol>
 
-    <h3>Step 5: Assign Users in Okta</h3>
-    <ol start="19">
+    <h3>Step 6: Assign Users in Okta</h3>
+    <ol start="23">
       <li><p>Return to your Okta Admin Dashboard.</p></li>
 
       <li><p>Navigate to the <strong>Assignments</strong> tab of your Hugging Face app integration.</p></li>
@@ -166,6 +154,8 @@
       <li><p>Click <strong>Done</strong> when finished.</p></li>
     </ol>
 
+    <p><strong>Your SAML configuration is now complete!</strong> Users can now sign in to Hugging Face through Okta.</p>
+
     <hr>
 
     <a name="sp-initiated"></a><h2>SP-initiated SSO</h2>
@@ -196,38 +186,20 @@
     <p><strong>Solution:</strong> Ensure the <strong>Enable SAML SSO</strong> toggle is turned on in your Hugging Face organization's SSO settings page.</p>
 
     <h4>Signature Verification Failed</h4>
-    <p><strong>Cause:</strong> The IdP certificate in Hugging Face doesn't match the certificate in Okta.</p>
-    <p><strong>Solution:</strong> If your Okta certificate has been updated or rotated, download the new metadata XML from Okta and re-upload it to Hugging Face.</p>
+    <p><strong>Cause:</strong> The certificate in Hugging Face doesn't match the certificate in Okta.</p>
+    <p><strong>Solution:</strong> If your Okta certificate has been updated or rotated, copy the new X.509 certificate from Okta and paste it into Hugging Face settings, then click "Update and Test SAML Configuration".</p>
 
     <h4>Users Cannot Sign In After Enabling SSO</h4>
     <p><strong>Cause:</strong> Users have not been assigned to the Hugging Face app in Okta.</p>
     <p><strong>Solution:</strong> In Okta Admin Dashboard, go to the Hugging Face app's <strong>Assignments</strong> tab and assign the appropriate users or groups.</p>
 
+    <h4>Incorrect Organization Name Error</h4>
+    <p><strong>Cause:</strong> The organization name entered in Okta doesn't match your Hugging Face organization name.</p>
+    <p><strong>Solution:</strong> In Okta, go to the Hugging Face app's <strong>General</strong> tab, click <strong>Edit</strong>, and verify the Organization Name matches exactly with your Hugging Face organization name (case-sensitive).</p>
+
     <h4>Incorrect Email or Name Information</h4>
-    <p><strong>Cause:</strong> Attribute statements are not configured correctly in Okta.</p>
-    <p><strong>Solution:</strong> Verify that the attribute statements in Step 7 are configured correctly. The following SAML attributes are supported:</p>
-    <table style="width:100%; border-collapse: collapse; margin: 1rem 0;">
-      <thead>
-        <tr style="background: #f3f4f6;">
-          <th style="padding: 0.75rem; text-align: left; border: 1px solid #d1d5db;">Name</th>
-          <th style="padding: 0.75rem; text-align: left; border: 1px solid #d1d5db;">Value</th>
-        </tr>
-      </thead>
-      <tbody>
-        <tr>
-          <td style="padding: 0.75rem; border: 1px solid #d1d5db;"><kbd>email</kbd></td>
-          <td style="padding: 0.75rem; border: 1px solid #d1d5db;"><kbd>user.email</kbd></td>
-        </tr>
-        <tr>
-          <td style="padding: 0.75rem; border: 1px solid #d1d5db;"><kbd>firstName</kbd></td>
-          <td style="padding: 0.75rem; border: 1px solid #d1d5db;"><kbd>user.firstName</kbd></td>
-        </tr>
-        <tr>
-          <td style="padding: 0.75rem; border: 1px solid #d1d5db;"><kbd>lastName</kbd></td>
-          <td style="padding: 0.75rem; border: 1px solid #d1d5db;"><kbd>user.lastName</kbd></td>
-        </tr>
-      </tbody>
-    </table>
+    <p><strong>Cause:</strong> User profile attributes in Okta are not populated correctly.</p>
+    <p><strong>Solution:</strong> Verify that users in Okta have their email, first name, and last name fields populated. Hugging Face automatically receives these attributes through SAML.</p>
 
     <h3>Additional Support</h3>
     <p>If you continue to experience issues or need assistance with advanced configuration options such as SCIM provisioning (available for Enterprise Plus customers), please contact Hugging Face Enterprise support:</p>
@@ -238,6 +210,7 @@
 
     <h3>Notes</h3>
     <ul>
+      <li><p>Ensure you enter the correct Organization Name in Okta (Step 11). An incorrect organization name will prevent authentication.</p></li>
       <li><p>SCIM provisioning is available for Enterprise Plus customers using Advanced SSO. This allows automatic user provisioning, deprovisioning, and attribute syncing between Okta and Hugging Face.</p></li>
       <li><p>Hugging Face uses SAML 2.0 with SHA256 encryption for security.</p></li>
       <li><p>Just-In-Time (JIT) provisioning automatically creates user accounts in Hugging Face when users first sign in via SAML, so you don't need to manually create accounts beforehand.</p></li>