From 0a9fb449c926b1857a674bfd6a019a67a7a14b1d Mon Sep 17 00:00:00 2001 From: Victor Mustar Date: Tue, 5 Nov 2024 12:07:51 +0100 Subject: [PATCH 01/16] enterprise hub front section --- docs/hub/_toctree.yml | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/docs/hub/_toctree.yml b/docs/hub/_toctree.yml index 288c6fb1c..0e0bc99bf 100644 --- a/docs/hub/_toctree.yml +++ b/docs/hub/_toctree.yml @@ -325,27 +325,27 @@ title: Organization Cards - local: organizations-security title: Access Control in Organizations - - local: enterprise-hub - title: Enterprise Hub - sections: - - local: enterprise-sso - title: Single Sign-On (SSO) - - local: audit-logs - title: Audit Logs - - local: storage-regions - title: Storage Regions - - local: enterprise-hub-datasets - title: Dataset viewer for Private datasets - - local: enterprise-hub-resource-groups - title: Resource Groups (Access Control) - - local: advanced-compute-options - title: Advanced Compute Options - - local: enterprise-hub-advanced-security - title: Advanced Security - - local: enterprise-hub-tokens-management - title: Tokens Management - - local: enterprise-hub-analytics - title: Analytics + - local: enterprise-hub + title: Enterprise Hub + sections: + - local: enterprise-sso + title: Single Sign-On (SSO) + - local: audit-logs + title: Audit Logs + - local: storage-regions + title: Storage Regions + - local: enterprise-hub-datasets + title: Dataset viewer for Private datasets + - local: enterprise-hub-resource-groups + title: Resource Groups (Access Control) + - local: advanced-compute-options + title: Advanced Compute Options + - local: enterprise-hub-advanced-security + title: Advanced Security + - local: enterprise-hub-tokens-management + title: Tokens Management + - local: enterprise-hub-analytics + title: Analytics - local: billing title: Billing - local: security From 90a87a0e37e681c5f33cd80b3646248b7a34bf64 Mon Sep 17 00:00:00 2001 From: Victor Mustar Date: Tue, 5 Nov 2024 12:36:20 +0100 Subject: [PATCH 02/16] add intro to SSO and RG --- docs/hub/enterprise-hub-resource-groups.md | 27 ++++++++++++++++++++-- docs/hub/enterprise-sso.md | 27 +++++++++++++++++++++- 2 files changed, 51 insertions(+), 3 deletions(-) diff --git a/docs/hub/enterprise-hub-resource-groups.md b/docs/hub/enterprise-hub-resource-groups.md index e2dd79f3b..a59355cd7 100644 --- a/docs/hub/enterprise-hub-resource-groups.md +++ b/docs/hub/enterprise-hub-resource-groups.md @@ -4,6 +4,29 @@ This feature is part of the Enterprise Hub. -Resource Groups allow Enterprise Hub organizations to enforce fine-grained access control to their repositories. +Resource Groups provide granular access control within Hugging Face organizations. -Read the [documentation for Resource Groups under the Security section](./security-resource-groups). +
+ screenshot of Hugging Face Single Sign-On (SSO) feature + +
+ +This feature allows organization administrators to: + +- Group related repositories together for better organization +- Control member access at a group level rather than individual repository level +- Assign different permission roles (read, contributor, write, admin) to team members +- Keep private repositories visible only to authorized group members +- Enable multiple teams to work independently within the same organization + +This Enterprise Hub feature helps organizations manage complex team structures and maintain proper access control over their repositories. + +[Getting started with Resource Groups →](./security-resource-groups) diff --git a/docs/hub/enterprise-sso.md b/docs/hub/enterprise-sso.md index a115e365e..859d35383 100644 --- a/docs/hub/enterprise-sso.md +++ b/docs/hub/enterprise-sso.md @@ -4,4 +4,29 @@ This feature is part of the Enterprise Hub. -Read the [documentation for SSO under the Security section](./security-sso). +Single sign-on (SSO) allows organizations to securely manage user authentication through their own identity provider (IdP). Both SAML 2.0 and OpenID Connect (OIDC) protocols are supported. + +
+ screenshot of Hugging Face Single Sign-On (SSO) feature + +
+ +This feature allows organizations to: + +- Enforce mandatory authentication through your company's IdP +- Automatically manage user access and roles based on your IdP attributes +- Support popular providers like Okta, OneLogin, and Azure Active Directory +- Maintain security while allowing external collaborators when needed +- Control session timeouts and role mappings + +This Enterprise Hub feature helps organizations maintain consistent security policies while giving their teams seamless access to Hugging Face resources. + +[Getting started with SSO →](./security-sso) From d7c59fa65f20769dbc064ae96138ee1aef4bed04 Mon Sep 17 00:00:00 2001 From: Victor Mustar Date: Tue, 5 Nov 2024 12:36:28 +0100 Subject: [PATCH 03/16] update some images --- docs/hub/audit-logs.md | 13 ++++++++++++- docs/hub/enterprise-hub-advanced-security.md | 2 +- docs/hub/enterprise-hub-analytics.md | 2 +- 3 files changed, 14 insertions(+), 3 deletions(-) diff --git a/docs/hub/audit-logs.md b/docs/hub/audit-logs.md index 0babbf71c..ff4b9321f 100644 --- a/docs/hub/audit-logs.md +++ b/docs/hub/audit-logs.md @@ -6,7 +6,18 @@ This feature is part of the + screenshot of Hugging Face Single Sign-On (SSO) feature + + ## Accessing Audit Logs diff --git a/docs/hub/enterprise-hub-advanced-security.md b/docs/hub/enterprise-hub-advanced-security.md index 8dcdc3b87..0c126d2a8 100644 --- a/docs/hub/enterprise-hub-advanced-security.md +++ b/docs/hub/enterprise-hub-advanced-security.md @@ -6,7 +6,7 @@ This feature is part of the +
screenshot of the Dataset Viewer on a private dataset owned by an Enterprise Hub organization.
diff --git a/docs/hub/enterprise-hub-analytics.md b/docs/hub/enterprise-hub-analytics.md index ef8cb1465..e7db2e702 100644 --- a/docs/hub/enterprise-hub-analytics.md +++ b/docs/hub/enterprise-hub-analytics.md @@ -8,7 +8,7 @@ This feature is part of the +
screenshot of the Dataset Viewer on a private dataset owned by an Enterprise Hub organization.
From f4d1a39d41af68d188824de0b3eba46a344119fa Mon Sep 17 00:00:00 2001 From: Victor Mustar Date: Tue, 5 Nov 2024 12:41:08 +0100 Subject: [PATCH 04/16] images --- docs/hub/advanced-compute-options.md | 13 +++++++++++++ docs/hub/audit-logs.md | 4 ++-- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/docs/hub/advanced-compute-options.md b/docs/hub/advanced-compute-options.md index 4f42d9b04..1b02bca2d 100644 --- a/docs/hub/advanced-compute-options.md +++ b/docs/hub/advanced-compute-options.md @@ -10,6 +10,19 @@ This feature is part of the + screenshot of Hugging Face Advanced Compute Options (ZeroGPU) + + + **Key benefits for organizations** - **Free GPU Access**: Access powerful NVIDIA A100 GPUs at no additional cost through dynamic allocation diff --git a/docs/hub/audit-logs.md b/docs/hub/audit-logs.md index ff4b9321f..8d56f4114 100644 --- a/docs/hub/audit-logs.md +++ b/docs/hub/audit-logs.md @@ -10,12 +10,12 @@ Audit Logs enable organization admins to easily review actions taken by members, screenshot of Hugging Face Single Sign-On (SSO) feature From ea003575028d48cd7c291df02d54f3818381b1ff Mon Sep 17 00:00:00 2001 From: Victor Mustar Date: Tue, 5 Nov 2024 13:20:47 +0100 Subject: [PATCH 05/16] add subscribe link --- docs/hub/enterprise-hub.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/hub/enterprise-hub.md b/docs/hub/enterprise-hub.md index 10cc43e3e..15ba3ffda 100644 --- a/docs/hub/enterprise-hub.md +++ b/docs/hub/enterprise-hub.md @@ -1,5 +1,9 @@ # Enterprise Hub + +Subscribe to Enterprise Hub to get access to advanced features for your organization. + + Enterprise Hub adds advanced capabilities to organizations, enabling safe, compliant and managed collaboration for companies and teams on Hugging Face. ![](https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/enterprise/enterprise-hub.png) From 048e5ac661edd27078dcdaf6e8d2c70ea2969b5a Mon Sep 17 00:00:00 2001 From: Victor Mustar Date: Tue, 5 Nov 2024 13:20:53 +0100 Subject: [PATCH 06/16] update some images --- docs/hub/storage-regions.md | 45 +++++++++++++++++++++++++++++++------ 1 file changed, 38 insertions(+), 7 deletions(-) diff --git a/docs/hub/storage-regions.md b/docs/hub/storage-regions.md index 8f8b6a0d5..f33d41bec 100644 --- a/docs/hub/storage-regions.md +++ b/docs/hub/storage-regions.md @@ -19,11 +19,22 @@ Currently available regions: ## How to set up -Organizations subscribed to Enterprise Hub can access the Regions settings page: - -![](https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/hub/storage-regions/feature-annotated.png) +Organizations subscribed to Enterprise Hub can access the Regions settings page to manage their repositories storage locations. + +
+ screenshot of Hugging Face Storage Regions feature + +
-This page displays: +This feature allows organizations to: - An audit of your organization's repository locations - Options to select where new repositories will be stored @@ -32,8 +43,17 @@ This page displays: Any repository (model or dataset) stored in a non-default location displays its Region as a tag, allowing organization members to quickly identify repository locations. -
- +
+ screenshot of Hugging Face Storage Regions tag feature +
## Regulatory and legal compliance @@ -48,6 +68,17 @@ Storing models and datasets closer to your team and infrastructure significantly This impact is substantial given the typically large size of model weights and dataset files. -![](https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/hub/storage-regions/upload-speed.png) +
+ example of Hugging Face Storage Regions feature + +
For example, European users storing repositories in the EU region can expect approximately 4-5x faster upload and download speeds compared to US storage. From 8e773ff56c96b2dd562112258ea6775b31bb553e Mon Sep 17 00:00:00 2001 From: Victor Mustar Date: Tue, 5 Nov 2024 13:22:13 +0100 Subject: [PATCH 07/16] tip order --- docs/hub/advanced-compute-options.md | 4 ++-- docs/hub/storage-regions.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/hub/advanced-compute-options.md b/docs/hub/advanced-compute-options.md index 1b02bca2d..beebd02cc 100644 --- a/docs/hub/advanced-compute-options.md +++ b/docs/hub/advanced-compute-options.md @@ -1,11 +1,11 @@ # Advanced Compute Options -Enterprise Hub organizations gain access to advanced compute options to accelerate their machine learning journey. - This feature is part of the Enterprise Hub. +Enterprise Hub organizations gain access to advanced compute options to accelerate their machine learning journey. + ## Host ZeroGPU Spaces in your organization ZeroGPU is a dynamic GPU allocation system that optimizes AI deployment on Hugging Face Spaces. By automatically allocating and releasing NVIDIA A100 GPUs (40GB VRAM) as needed, organizations can efficiently serve their AI applications without dedicated GPU instances. diff --git a/docs/hub/storage-regions.md b/docs/hub/storage-regions.md index f33d41bec..8d1679e9a 100644 --- a/docs/hub/storage-regions.md +++ b/docs/hub/storage-regions.md @@ -1,11 +1,11 @@ # Storage Regions on the Hub -Regions allow you to specify where your organization's models and datasets are stored. - This feature is part of the Enterprise Hub. +Regions allow you to specify where your organization's models and datasets are stored. + This offers two key benefits: - Regulatory and legal compliance From dba482bee3af89f8ad03e105c2a54b1cfd3e992c Mon Sep 17 00:00:00 2001 From: Victor Mustar Date: Tue, 5 Nov 2024 13:37:56 +0100 Subject: [PATCH 08/16] wording tokens management --- docs/hub/enterprise-hub-tokens-management.md | 41 +++++++++----------- 1 file changed, 18 insertions(+), 23 deletions(-) diff --git a/docs/hub/enterprise-hub-tokens-management.md b/docs/hub/enterprise-hub-tokens-management.md index f3fc9b111..e2d9db77e 100644 --- a/docs/hub/enterprise-hub-tokens-management.md +++ b/docs/hub/enterprise-hub-tokens-management.md @@ -4,56 +4,51 @@ This feature is part of the Enterprise Hub. -Tokens Management allows organization administrators to control access tokens within their organization, ensuring that only authorized users have access to organization resources. - +Tokens Management enables organization administrators to oversee access tokens within their organization, ensuring secure access to organization resources. ## Viewing and Managing Access Tokens -The token listing feature provides a view of all access tokens within your organization. Administrators can: +The token listing feature displays all access tokens within your organization. Administrators can: -- Monitor token usage and identify or prevent potential security risks: - - unauthorized access to private resources ("leak") - - scopes of access that are too wide - - improvable token hygienics (tokens that have not been rotated in a long time, for example) -- Identify inactive or unused tokens that can be revoked +- Monitor token usage to identify and prevent security risks: + - Unauthorized access to private resources ("leaks") + - Overly broad access scopes + - Suboptimal token hygiene (e.g., tokens that haven't been rotated recently) +- Identify and revoke inactive or unused tokens
- -Fine-grained tokens can be reviewed to see their permissions: +Fine-grained tokens display their specific permissions:
+## Token Policy -## Token policy - -With Tokens Management, Enterprise org admins can decide which of the following policies they want to enforce: - -| **Policy** | **Unscoped (Read/Write) Access Tokens** | **Fine-Grained Tokens** | -| --- | --- | --- | -| **Allow access via User Access Tokens (default)** | Authorized | Authorized | -| **Only access via fine-grained tokens** | Unauthorized | Authorized | -| **Do not require administrator approval** | Unauthorized | Authorized | -| **Require administrator approval** | Unauthorized | Unauthorized without an approval (except for admin-created) | +Enterprise organization administrators can enforce the following policies: +| **Policy** | **Unscoped (Read/Write) Access Tokens** | **Fine-Grained Tokens** | +| ------------------------------------------------- | --------------------------------------- | ----------------------------------------------------------- | +| **Allow access via User Access Tokens (default)** | Authorized | Authorized | +| **Only access via fine-grained tokens** | Unauthorized | Authorized | +| **Do not require administrator approval** | Unauthorized | Authorized | +| **Require administrator approval** | Unauthorized | Unauthorized without an approval (except for admin-created) |
- ## Reviewing Token Authorization -When your token policy is set to "Require administrator approval", organization administrators can view the details of all fine-grained tokens with access to resources owned by the organization. They can also revoke access to those tokens. Organization administrators will receive an email when an authorization is requested for a fine-grained token. +When token policy is set to "Require administrator approval", organization administrators can review details of all fine-grained tokens accessing organization-owned resources and revoke access if needed. Administrators receive email notifications for token authorization requests. -When a token is revoked or denied, the user who created the token will receive an email notification. +When a token is revoked or denied, the user who created the token receives an email notification.
From 33c6ab7438f22ffd441efc4b3668e866dd1788ce Mon Sep 17 00:00:00 2001 From: Victor Mustar Date: Tue, 5 Nov 2024 13:38:18 +0100 Subject: [PATCH 09/16] Update enterprise-hub.md --- docs/hub/enterprise-hub.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/hub/enterprise-hub.md b/docs/hub/enterprise-hub.md index 15ba3ffda..660933237 100644 --- a/docs/hub/enterprise-hub.md +++ b/docs/hub/enterprise-hub.md @@ -10,7 +10,7 @@ Enterprise Hub adds advanced capabilities to organizations, enabling safe, compl In this section we will document the following Enterprise Hub features: -- [SSO](./enterprise-sso) +- [Single Sign-On (SSO)](./enterprise-sso) - [Audit Logs](./audit-logs) - [Storage Regions](./storage-regions) - [Dataset viewer for Private datasets](./enterprise-hub-datasets) From 029b1fb33ee8fb4fc99b4f4e38c4471ed67b3c17 Mon Sep 17 00:00:00 2001 From: Victor Mustar Date: Tue, 5 Nov 2024 13:44:31 +0100 Subject: [PATCH 10/16] Update enterprise-hub-datasets.md --- docs/hub/enterprise-hub-datasets.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/hub/enterprise-hub-datasets.md b/docs/hub/enterprise-hub-datasets.md index 4863e7391..21bb6db46 100644 --- a/docs/hub/enterprise-hub-datasets.md +++ b/docs/hub/enterprise-hub-datasets.md @@ -4,11 +4,11 @@ This feature is part of the Enterprise Hub. -The Dataset Viewer is enabled on private datasets owned by an Enterprise Hub organization. +The Dataset Viewer is enabled on private datasets owned by an Enterprise Hub organization. The Dataset Viewer allows teams to understand their data and to help them build better data processing and filtering for AI. The Viewer allows to explore the datasets content, inspect data distributions, filter by values and even search for keywords. It also includes the datasets conversion to Parquet which can be used for programmatic data visualization. -See [Dataset Viewer](./datasets-viewer) for more information. +[More information about the Dataset Viewer →](./datasets-viewer)
screenshot of the Dataset Viewer on a private dataset owned by an Enterprise Hub organization. From ad1ab0b84e0a35b18274d29b868646c5d508da83 Mon Sep 17 00:00:00 2001 From: Victor Mustar Date: Tue, 5 Nov 2024 13:46:02 +0100 Subject: [PATCH 11/16] Update enterprise-hub-tokens-management.md --- docs/hub/enterprise-hub-tokens-management.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/hub/enterprise-hub-tokens-management.md b/docs/hub/enterprise-hub-tokens-management.md index e2d9db77e..edd5cd14a 100644 --- a/docs/hub/enterprise-hub-tokens-management.md +++ b/docs/hub/enterprise-hub-tokens-management.md @@ -13,7 +13,7 @@ The token listing feature displays all access tokens within your organization. A - Monitor token usage to identify and prevent security risks: - Unauthorized access to private resources ("leaks") - Overly broad access scopes - - Suboptimal token hygiene (e.g., tokens that haven't been rotated recently) + - Suboptimal token hygiene (e.g., tokens that have not been rotated in a long time) - Identify and revoke inactive or unused tokens
From c48a3a6379ef4944d420c871375dda48a30d6bfb Mon Sep 17 00:00:00 2001 From: Victor Mustar Date: Tue, 5 Nov 2024 13:49:56 +0100 Subject: [PATCH 12/16] Update storage-regions.md --- docs/hub/storage-regions.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/hub/storage-regions.md b/docs/hub/storage-regions.md index 8d1679e9a..4af0bfd92 100644 --- a/docs/hub/storage-regions.md +++ b/docs/hub/storage-regions.md @@ -36,8 +36,8 @@ Organizations subscribed to Enterprise Hub can access the Regions settings page This feature allows organizations to: -- An audit of your organization's repository locations -- Options to select where new repositories will be stored +- Audit their repository locations +- Select where new repositories will be stored ## Repository Tag From 50afce38d96cd6a61c42ab07e3bb1fec23d99ef3 Mon Sep 17 00:00:00 2001 From: Victor Mustar Date: Tue, 5 Nov 2024 13:51:29 +0100 Subject: [PATCH 13/16] Update enterprise-hub-resource-groups.md --- docs/hub/enterprise-hub-resource-groups.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/hub/enterprise-hub-resource-groups.md b/docs/hub/enterprise-hub-resource-groups.md index a59355cd7..fb9832cdc 100644 --- a/docs/hub/enterprise-hub-resource-groups.md +++ b/docs/hub/enterprise-hub-resource-groups.md @@ -4,7 +4,7 @@ This feature is part of the Enterprise Hub. -Resource Groups provide granular access control within Hugging Face organizations. +Resource Groups allow organizations to enforce fine-grained access control to their repositories.
Date: Tue, 5 Nov 2024 13:56:43 +0100 Subject: [PATCH 14/16] Update enterprise-hub-tokens-management.md --- docs/hub/enterprise-hub-tokens-management.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/hub/enterprise-hub-tokens-management.md b/docs/hub/enterprise-hub-tokens-management.md index edd5cd14a..380830454 100644 --- a/docs/hub/enterprise-hub-tokens-management.md +++ b/docs/hub/enterprise-hub-tokens-management.md @@ -10,7 +10,7 @@ Tokens Management enables organization administrators to oversee access tokens w The token listing feature displays all access tokens within your organization. Administrators can: -- Monitor token usage to identify and prevent security risks: +- Monitor token usage and identify or prevent potential security risks: - Unauthorized access to private resources ("leaks") - Overly broad access scopes - Suboptimal token hygiene (e.g., tokens that have not been rotated in a long time) From f5a598f833f776341dd1ed18fb64c860e9a18204 Mon Sep 17 00:00:00 2001 From: Victor Mustar Date: Tue, 5 Nov 2024 14:16:13 +0100 Subject: [PATCH 15/16] header --- docs/hub/enterprise-hub.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/hub/enterprise-hub.md b/docs/hub/enterprise-hub.md index 660933237..f171b3611 100644 --- a/docs/hub/enterprise-hub.md +++ b/docs/hub/enterprise-hub.md @@ -6,7 +6,10 @@ Enterprise Hub adds advanced capabilities to organizations, enabling safe, compliant and managed collaboration for companies and teams on Hugging Face. -![](https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/enterprise/enterprise-hub.png) + + + + In this section we will document the following Enterprise Hub features: From 98d6c18ea840f2c4ea5886a3dda73f5f6da7fd03 Mon Sep 17 00:00:00 2001 From: Victor Mustar Date: Tue, 5 Nov 2024 14:29:51 +0100 Subject: [PATCH 16/16] Update storage-regions.md --- docs/hub/storage-regions.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/hub/storage-regions.md b/docs/hub/storage-regions.md index 4af0bfd92..d6a8dd3da 100644 --- a/docs/hub/storage-regions.md +++ b/docs/hub/storage-regions.md @@ -17,7 +17,7 @@ Currently available regions: - EU 🇪🇺 - Coming soon: Asia-Pacific 🌏 -## How to set up +## Getting started with Storage Regions Organizations subscribed to Enterprise Hub can access the Regions settings page to manage their repositories storage locations. @@ -34,10 +34,10 @@ Organizations subscribed to Enterprise Hub can access the Regions settings page />
-This feature allows organizations to: +This page displays: -- Audit their repository locations -- Select where new repositories will be stored +- An audit of your organization's repository locations +- Options to select where new repositories will be stored ## Repository Tag