Hugging Face's logo

Spaces:
huggingface
/
okta-saml-integration-guide
Running

App Files Community
CharlieBoyer HF Staff commited on
Commit
3c94026
·
verified ·
1 Parent(s): 72d93ce

Update index.html

Browse files
Files changed (1) hide show
  1. index.html +92 -9
index.html CHANGED
@@ -7,13 +7,96 @@
7
  <link rel="stylesheet" href="style.css" />
8
  </head>
9
  <body>
10
- <div class="card">
11
- <h1>Welcome to your static Space!</h1>
12
- <p>You can modify this app directly by editing <i>index.html</i> in the Files and versions tab.</p>
13
- <p>
14
- Also don't forget to check the
15
- <a href="https://huggingface.co/docs/hub/spaces" target="_blank">Spaces documentation</a>.
16
- </p>
17
- </div>
18
- </body>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
19
  </html>
 
7
  <link rel="stylesheet" href="style.css" />
8
  </head>
9
  <body>
10
+ <div class="header clearfix">
11
+ <div class="logo-container">
12
+ <img src="https://huggingface.co/front/assets/huggingface_logo-noborder.svg" alt="Hugging Face" style="height:50px;margin-top:10px;">
13
+ </div>
14
+ </div>
15
+
16
+ <div class="okta-instructions">
17
+ <h1>How to Configure SAML 2.0 for Hugging Face Enterprise Hub</h1>
18
+
19
+ <div class="okta-callout okta-warning">
20
+ <span class="icon-24 icon-warning"></span>
21
+ <p><strong>Notes:</strong></p>
22
+ <ul>
23
+ <li><p>To enable SAML-based SSO, your organization must be on an <strong>Enterprise</strong> or <strong>Enterprise Plus</strong> plan.</p></li>
24
+ <li><p>For details about Hugging Face’s SSO and SCIM options, visit
25
+ <a href="https://huggingface.co/docs/hub/enterprise/sso" target="_blank">Hugging Face Enterprise Documentation</a>.</p></li>
26
+ </ul>
27
+ </div>
28
+
29
+ <h2>Contents</h2>
30
+ <ul>
31
+ <li><a href="#features">Supported Features</a></li>
32
+ <li><a href="#steps">Configuration Steps</a></li>
33
+ <li><a href="#notes">Notes</a></li>
34
+ </ul>
35
+ <hr>
36
+
37
+ <a name="features"></a><h2>Supported Features</h2>
38
+ <p>The Okta / Hugging Face Enterprise Hub SAML integration supports the following features:</p>
39
+ <ul>
40
+ <li>SP-initiated SSO</li>
41
+ <li>IdP-initiated SSO</li>
42
+ <li>Just-In-Time (JIT) provisioning</li>
43
+ <li>Optional SCIM user deprovisioning (for Advanced SSO customers)</li>
44
+ </ul>
45
+ <p>For more information, see the <a href="https://help.okta.com/en/prod/Content/Topics/Reference/glossary.htm" target="_blank">Okta Glossary</a>.</p>
46
+ <hr>
47
+
48
+ <a name="steps"></a><h2>Configuration Steps</h2>
49
+ <ol>
50
+ <li><p>Log in to your <strong>Okta Admin Dashboard</strong>.</p></li>
51
+
52
+ <li><p>Go to <strong>Applications &gt; Create App Integration</strong>.</p></li>
53
+
54
+ <li><p>Select <strong>SAML 2.0</strong> as the Sign-in method.</p></li>
55
+
56
+ <li><p>Enter the following values:</p>
57
+ <ul>
58
+ <li><strong>Single Sign-On URL:</strong>
59
+ <kbd>https://huggingface.co/login/sso/saml</kbd>
60
+ </li>
61
+ <li><strong>Audience URI (SP Entity ID):</strong>
62
+ <kbd>https://huggingface.co</kbd>
63
+ </li>
64
+ <li><strong>Name ID Format:</strong>
65
+ <kbd>EmailAddress</kbd>
66
+ </li>
67
+ <li><strong>Attribute Statements (optional):</strong>
68
+ <ul>
69
+ <li><kbd>email</kbd> → <kbd>user.email</kbd></li>
70
+ <li><kbd>firstName</kbd> → <kbd>user.firstName</kbd></li>
71
+ <li><kbd>lastName</kbd> → <kbd>user.lastName</kbd></li>
72
+ </ul>
73
+ </li>
74
+ </ul>
75
+ </li>
76
+
77
+ <li><p>Click <strong>Next</strong>, complete the App Settings, and save.</p></li>
78
+
79
+ <li><p>From your new Okta app’s <strong>Sign On</strong> tab, click <strong>View Setup Instructions</strong> and download the <strong>IdP metadata XML</strong> file.</p></li>
80
+
81
+ <li><p>In Hugging Face, open your organization’s settings page:
82
+ <kbd>https://huggingface.co/organizations/&lt;your_org&gt;/settings/sso</kbd></p></li>
83
+
84
+ <li><p>Upload the IdP metadata XML file, click <strong>Update and Test SAML Configuration</strong>, then enable SSO enforcement.</p></li>
85
+
86
+ <li><p>To test, visit <kbd>https://huggingface.co/login/sso/saml/&lt;your_org&gt;</kbd> and sign in via Okta.</p></li>
87
+ </ol>
88
+ <hr>
89
+
90
+ <a name="notes"></a><h2>Notes</h2>
91
+ <ul>
92
+ <li><p>If you see a “400 SSO not enabled” error, ensure the “Enable SAML SSO” toggle is on in Hugging Face settings.</p></li>
93
+ <li><p>If your IdP certificate changes, re-upload the new metadata to Hugging Face to avoid signature mismatches.</p></li>
94
+ <li><p>SCIM provisioning is available for Enterprise Plus customers using Advanced SSO.</p></li>
95
+ <li><p>For help, contact <kbd>enterprise@huggingface.co</kbd>.</p></li>
96
+ </ul>
97
+
98
+ <h3>SP-initiated SSO</h3>
99
+ <p>Go to <strong>https://huggingface.co/login/sso/saml/&lt;your_org&gt;</strong> to start an SP-initiated login flow.</p>
100
+ </div>
101
+ </body>
102
  </html>