File size: 4,301 Bytes
72d93ce 3c94026 72d93ce |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 |
<!doctype html>
<html>
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width" />
<title>My static Space</title>
<link rel="stylesheet" href="style.css" />
</head>
<body>
<div class="header clearfix">
<div class="logo-container">
<img src="https://huggingface.co/front/assets/huggingface_logo-noborder.svg" alt="Hugging Face" style="height:50px;margin-top:10px;">
</div>
</div>
<div class="okta-instructions">
<h1>How to Configure SAML 2.0 for Hugging Face Enterprise Hub</h1>
<div class="okta-callout okta-warning">
<span class="icon-24 icon-warning"></span>
<p><strong>Notes:</strong></p>
<ul>
<li><p>To enable SAML-based SSO, your organization must be on an <strong>Enterprise</strong> or <strong>Enterprise Plus</strong> plan.</p></li>
<li><p>For details about Hugging Face’s SSO and SCIM options, visit
<a href="https://huggingface.co/docs/hub/enterprise/sso" target="_blank">Hugging Face Enterprise Documentation</a>.</p></li>
</ul>
</div>
<h2>Contents</h2>
<ul>
<li><a href="#features">Supported Features</a></li>
<li><a href="#steps">Configuration Steps</a></li>
<li><a href="#notes">Notes</a></li>
</ul>
<hr>
<a name="features"></a><h2>Supported Features</h2>
<p>The Okta / Hugging Face Enterprise Hub SAML integration supports the following features:</p>
<ul>
<li>SP-initiated SSO</li>
<li>IdP-initiated SSO</li>
<li>Just-In-Time (JIT) provisioning</li>
<li>Optional SCIM user deprovisioning (for Advanced SSO customers)</li>
</ul>
<p>For more information, see the <a href="https://help.okta.com/en/prod/Content/Topics/Reference/glossary.htm" target="_blank">Okta Glossary</a>.</p>
<hr>
<a name="steps"></a><h2>Configuration Steps</h2>
<ol>
<li><p>Log in to your <strong>Okta Admin Dashboard</strong>.</p></li>
<li><p>Go to <strong>Applications > Create App Integration</strong>.</p></li>
<li><p>Select <strong>SAML 2.0</strong> as the Sign-in method.</p></li>
<li><p>Enter the following values:</p>
<ul>
<li><strong>Single Sign-On URL:</strong>
<kbd>https://huggingface.co/login/sso/saml</kbd>
</li>
<li><strong>Audience URI (SP Entity ID):</strong>
<kbd>https://huggingface.co</kbd>
</li>
<li><strong>Name ID Format:</strong>
<kbd>EmailAddress</kbd>
</li>
<li><strong>Attribute Statements (optional):</strong>
<ul>
<li><kbd>email</kbd> → <kbd>user.email</kbd></li>
<li><kbd>firstName</kbd> → <kbd>user.firstName</kbd></li>
<li><kbd>lastName</kbd> → <kbd>user.lastName</kbd></li>
</ul>
</li>
</ul>
</li>
<li><p>Click <strong>Next</strong>, complete the App Settings, and save.</p></li>
<li><p>From your new Okta app’s <strong>Sign On</strong> tab, click <strong>View Setup Instructions</strong> and download the <strong>IdP metadata XML</strong> file.</p></li>
<li><p>In Hugging Face, open your organization’s settings page:
<kbd>https://huggingface.co/organizations/<your_org>/settings/sso</kbd></p></li>
<li><p>Upload the IdP metadata XML file, click <strong>Update and Test SAML Configuration</strong>, then enable SSO enforcement.</p></li>
<li><p>To test, visit <kbd>https://huggingface.co/login/sso/saml/<your_org></kbd> and sign in via Okta.</p></li>
</ol>
<hr>
<a name="notes"></a><h2>Notes</h2>
<ul>
<li><p>If you see a “400 SSO not enabled” error, ensure the “Enable SAML SSO” toggle is on in Hugging Face settings.</p></li>
<li><p>If your IdP certificate changes, re-upload the new metadata to Hugging Face to avoid signature mismatches.</p></li>
<li><p>SCIM provisioning is available for Enterprise Plus customers using Advanced SSO.</p></li>
<li><p>For help, contact <kbd>enterprise@huggingface.co</kbd>.</p></li>
</ul>
<h3>SP-initiated SSO</h3>
<p>Go to <strong>https://huggingface.co/login/sso/saml/<your_org></strong> to start an SP-initiated login flow.</p>
</div>
</body>
</html>
|