diff --git a/docs/hub/_toctree.yml b/docs/hub/_toctree.yml index 288c6fb1c..0e0bc99bf 100644 --- a/docs/hub/_toctree.yml +++ b/docs/hub/_toctree.yml @@ -325,27 +325,27 @@ title: Organization Cards - local: organizations-security title: Access Control in Organizations - - local: enterprise-hub - title: Enterprise Hub - sections: - - local: enterprise-sso - title: Single Sign-On (SSO) - - local: audit-logs - title: Audit Logs - - local: storage-regions - title: Storage Regions - - local: enterprise-hub-datasets - title: Dataset viewer for Private datasets - - local: enterprise-hub-resource-groups - title: Resource Groups (Access Control) - - local: advanced-compute-options - title: Advanced Compute Options - - local: enterprise-hub-advanced-security - title: Advanced Security - - local: enterprise-hub-tokens-management - title: Tokens Management - - local: enterprise-hub-analytics - title: Analytics + - local: enterprise-hub + title: Enterprise Hub + sections: + - local: enterprise-sso + title: Single Sign-On (SSO) + - local: audit-logs + title: Audit Logs + - local: storage-regions + title: Storage Regions + - local: enterprise-hub-datasets + title: Dataset viewer for Private datasets + - local: enterprise-hub-resource-groups + title: Resource Groups (Access Control) + - local: advanced-compute-options + title: Advanced Compute Options + - local: enterprise-hub-advanced-security + title: Advanced Security + - local: enterprise-hub-tokens-management + title: Tokens Management + - local: enterprise-hub-analytics + title: Analytics - local: billing title: Billing - local: security diff --git a/docs/hub/advanced-compute-options.md b/docs/hub/advanced-compute-options.md index 4f42d9b04..beebd02cc 100644 --- a/docs/hub/advanced-compute-options.md +++ b/docs/hub/advanced-compute-options.md @@ -1,15 +1,28 @@ # Advanced Compute Options -Enterprise Hub organizations gain access to advanced compute options to accelerate their machine learning journey. - This feature is part of the Enterprise Hub. +Enterprise Hub organizations gain access to advanced compute options to accelerate their machine learning journey. + ## Host ZeroGPU Spaces in your organization ZeroGPU is a dynamic GPU allocation system that optimizes AI deployment on Hugging Face Spaces. By automatically allocating and releasing NVIDIA A100 GPUs (40GB VRAM) as needed, organizations can efficiently serve their AI applications without dedicated GPU instances. +
+ screenshot of Hugging Face Advanced Compute Options (ZeroGPU) + +
+ **Key benefits for organizations** - **Free GPU Access**: Access powerful NVIDIA A100 GPUs at no additional cost through dynamic allocation diff --git a/docs/hub/audit-logs.md b/docs/hub/audit-logs.md index 0babbf71c..8d56f4114 100644 --- a/docs/hub/audit-logs.md +++ b/docs/hub/audit-logs.md @@ -6,7 +6,18 @@ This feature is part of the + screenshot of Hugging Face Audit Logs feature + + ## Accessing Audit Logs diff --git a/docs/hub/enterprise-hub-advanced-security.md b/docs/hub/enterprise-hub-advanced-security.md index 8dcdc3b87..0c126d2a8 100644 --- a/docs/hub/enterprise-hub-advanced-security.md +++ b/docs/hub/enterprise-hub-advanced-security.md @@ -6,7 +6,7 @@ This feature is part of the +
screenshot of the Dataset Viewer on a private dataset owned by an Enterprise Hub organization.
diff --git a/docs/hub/enterprise-hub-analytics.md b/docs/hub/enterprise-hub-analytics.md index ef8cb1465..e7db2e702 100644 --- a/docs/hub/enterprise-hub-analytics.md +++ b/docs/hub/enterprise-hub-analytics.md @@ -8,7 +8,7 @@ This feature is part of the +
screenshot of the Dataset Viewer on a private dataset owned by an Enterprise Hub organization.
diff --git a/docs/hub/enterprise-hub-datasets.md b/docs/hub/enterprise-hub-datasets.md index 4863e7391..21bb6db46 100644 --- a/docs/hub/enterprise-hub-datasets.md +++ b/docs/hub/enterprise-hub-datasets.md @@ -4,11 +4,11 @@ This feature is part of the Enterprise Hub. -The Dataset Viewer is enabled on private datasets owned by an Enterprise Hub organization. +The Dataset Viewer is enabled on private datasets owned by an Enterprise Hub organization. The Dataset Viewer allows teams to understand their data and to help them build better data processing and filtering for AI. The Viewer allows to explore the datasets content, inspect data distributions, filter by values and even search for keywords. It also includes the datasets conversion to Parquet which can be used for programmatic data visualization. -See [Dataset Viewer](./datasets-viewer) for more information. +[More information about the Dataset Viewer →](./datasets-viewer)
screenshot of the Dataset Viewer on a private dataset owned by an Enterprise Hub organization. diff --git a/docs/hub/enterprise-hub-resource-groups.md b/docs/hub/enterprise-hub-resource-groups.md index e2dd79f3b..fb9832cdc 100644 --- a/docs/hub/enterprise-hub-resource-groups.md +++ b/docs/hub/enterprise-hub-resource-groups.md @@ -4,6 +4,29 @@ This feature is part of the Enterprise Hub. -Resource Groups allow Enterprise Hub organizations to enforce fine-grained access control to their repositories. +Resource Groups allow organizations to enforce fine-grained access control to their repositories. -Read the [documentation for Resource Groups under the Security section](./security-resource-groups). +
+ screenshot of Hugging Face Single Sign-On (SSO) feature + +
+ +This feature allows organization administrators to: + +- Group related repositories together for better organization +- Control member access at a group level rather than individual repository level +- Assign different permission roles (read, contributor, write, admin) to team members +- Keep private repositories visible only to authorized group members +- Enable multiple teams to work independently within the same organization + +This Enterprise Hub feature helps organizations manage complex team structures and maintain proper access control over their repositories. + +[Getting started with Resource Groups →](./security-resource-groups) diff --git a/docs/hub/enterprise-hub-tokens-management.md b/docs/hub/enterprise-hub-tokens-management.md index f3fc9b111..380830454 100644 --- a/docs/hub/enterprise-hub-tokens-management.md +++ b/docs/hub/enterprise-hub-tokens-management.md @@ -4,56 +4,51 @@ This feature is part of the Enterprise Hub. -Tokens Management allows organization administrators to control access tokens within their organization, ensuring that only authorized users have access to organization resources. - +Tokens Management enables organization administrators to oversee access tokens within their organization, ensuring secure access to organization resources. ## Viewing and Managing Access Tokens -The token listing feature provides a view of all access tokens within your organization. Administrators can: +The token listing feature displays all access tokens within your organization. Administrators can: - Monitor token usage and identify or prevent potential security risks: - - unauthorized access to private resources ("leak") - - scopes of access that are too wide - - improvable token hygienics (tokens that have not been rotated in a long time, for example) -- Identify inactive or unused tokens that can be revoked + - Unauthorized access to private resources ("leaks") + - Overly broad access scopes + - Suboptimal token hygiene (e.g., tokens that have not been rotated in a long time) +- Identify and revoke inactive or unused tokens
- -Fine-grained tokens can be reviewed to see their permissions: +Fine-grained tokens display their specific permissions:
+## Token Policy -## Token policy - -With Tokens Management, Enterprise org admins can decide which of the following policies they want to enforce: - -| **Policy** | **Unscoped (Read/Write) Access Tokens** | **Fine-Grained Tokens** | -| --- | --- | --- | -| **Allow access via User Access Tokens (default)** | Authorized | Authorized | -| **Only access via fine-grained tokens** | Unauthorized | Authorized | -| **Do not require administrator approval** | Unauthorized | Authorized | -| **Require administrator approval** | Unauthorized | Unauthorized without an approval (except for admin-created) | +Enterprise organization administrators can enforce the following policies: +| **Policy** | **Unscoped (Read/Write) Access Tokens** | **Fine-Grained Tokens** | +| ------------------------------------------------- | --------------------------------------- | ----------------------------------------------------------- | +| **Allow access via User Access Tokens (default)** | Authorized | Authorized | +| **Only access via fine-grained tokens** | Unauthorized | Authorized | +| **Do not require administrator approval** | Unauthorized | Authorized | +| **Require administrator approval** | Unauthorized | Unauthorized without an approval (except for admin-created) |
- ## Reviewing Token Authorization -When your token policy is set to "Require administrator approval", organization administrators can view the details of all fine-grained tokens with access to resources owned by the organization. They can also revoke access to those tokens. Organization administrators will receive an email when an authorization is requested for a fine-grained token. +When token policy is set to "Require administrator approval", organization administrators can review details of all fine-grained tokens accessing organization-owned resources and revoke access if needed. Administrators receive email notifications for token authorization requests. -When a token is revoked or denied, the user who created the token will receive an email notification. +When a token is revoked or denied, the user who created the token receives an email notification.
diff --git a/docs/hub/enterprise-hub.md b/docs/hub/enterprise-hub.md index 10cc43e3e..f171b3611 100644 --- a/docs/hub/enterprise-hub.md +++ b/docs/hub/enterprise-hub.md @@ -1,12 +1,19 @@ # Enterprise Hub + +Subscribe to Enterprise Hub to get access to advanced features for your organization. + + Enterprise Hub adds advanced capabilities to organizations, enabling safe, compliant and managed collaboration for companies and teams on Hugging Face. -![](https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/enterprise/enterprise-hub.png) + + + + In this section we will document the following Enterprise Hub features: -- [SSO](./enterprise-sso) +- [Single Sign-On (SSO)](./enterprise-sso) - [Audit Logs](./audit-logs) - [Storage Regions](./storage-regions) - [Dataset viewer for Private datasets](./enterprise-hub-datasets) diff --git a/docs/hub/enterprise-sso.md b/docs/hub/enterprise-sso.md index a115e365e..859d35383 100644 --- a/docs/hub/enterprise-sso.md +++ b/docs/hub/enterprise-sso.md @@ -4,4 +4,29 @@ This feature is part of the Enterprise Hub. -Read the [documentation for SSO under the Security section](./security-sso). +Single sign-on (SSO) allows organizations to securely manage user authentication through their own identity provider (IdP). Both SAML 2.0 and OpenID Connect (OIDC) protocols are supported. + +
+ screenshot of Hugging Face Single Sign-On (SSO) feature + +
+ +This feature allows organizations to: + +- Enforce mandatory authentication through your company's IdP +- Automatically manage user access and roles based on your IdP attributes +- Support popular providers like Okta, OneLogin, and Azure Active Directory +- Maintain security while allowing external collaborators when needed +- Control session timeouts and role mappings + +This Enterprise Hub feature helps organizations maintain consistent security policies while giving their teams seamless access to Hugging Face resources. + +[Getting started with SSO →](./security-sso) diff --git a/docs/hub/storage-regions.md b/docs/hub/storage-regions.md index 8f8b6a0d5..d6a8dd3da 100644 --- a/docs/hub/storage-regions.md +++ b/docs/hub/storage-regions.md @@ -1,11 +1,11 @@ # Storage Regions on the Hub -Regions allow you to specify where your organization's models and datasets are stored. - This feature is part of the Enterprise Hub. +Regions allow you to specify where your organization's models and datasets are stored. + This offers two key benefits: - Regulatory and legal compliance @@ -17,11 +17,22 @@ Currently available regions: - EU 🇪🇺 - Coming soon: Asia-Pacific 🌏 -## How to set up - -Organizations subscribed to Enterprise Hub can access the Regions settings page: - -![](https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/hub/storage-regions/feature-annotated.png) +## Getting started with Storage Regions + +Organizations subscribed to Enterprise Hub can access the Regions settings page to manage their repositories storage locations. + +
+ screenshot of Hugging Face Storage Regions feature + +
This page displays: @@ -32,8 +43,17 @@ This page displays: Any repository (model or dataset) stored in a non-default location displays its Region as a tag, allowing organization members to quickly identify repository locations. -
- +
+ screenshot of Hugging Face Storage Regions tag feature +
## Regulatory and legal compliance @@ -48,6 +68,17 @@ Storing models and datasets closer to your team and infrastructure significantly This impact is substantial given the typically large size of model weights and dataset files. -![](https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/hub/storage-regions/upload-speed.png) +
+ example of Hugging Face Storage Regions feature + +
For example, European users storing repositories in the EU region can expect approximately 4-5x faster upload and download speeds compared to US storage.