huggingface · julien-c · Jul 8, 2025 · Jul 8, 2025 · Jul 8, 2025
diff --git a/docs/hub/enterprise-sso.md b/docs/hub/enterprise-sso.md
@@ -6,7 +6,7 @@ This feature is part of the <a href="https://huggingface.co/enterprise">Team & E
 
 Single sign-on (SSO) allows organizations to securely manage user authentication through their own identity provider (IdP). Both SAML 2.0 and OpenID Connect (OIDC) protocols are supported.
 
-Please note that this feature is intended to manage access to organization-specific resources such as private models, datasets, and Spaces. However, it does not replace the core authentication mechanism for the Hugging Face platform. For enhanced capabilities like automated user provisioning (JIT/SCIM) and global SSO enforcement, see our [Advanced SSO documentation](./enterprise-hub-advanced-sso).
+Please note that this feature is intended to manage access to organization-specific resources such as private models, datasets, and Spaces. However, it does not replace the core authentication mechanism for the Hugging Face platform, meaning that users still need to login with their own HF account. For enhanced capabilities like automated user provisioning (JIT/SCIM) and global SSO enforcement, see our [Advanced SSO documentation](./enterprise-hub-advanced-sso).
 
 <div class="flex justify-center" style="max-width: 550px">
   <img

diff --git a/docs/hub/organizations-security.md b/docs/hub/organizations-security.md
@@ -10,7 +10,7 @@ You can set up [Single Sign-On (SSO)](./security-sso) to be able to map access c
 
 Advanced and more fine-grained access control can be achieved with [Resource Groups](./security-resource-groups).
 
-The Resource Group feature is part of the <a href="https://huggingface.co/enterprise">Enterprise Hub</a>.
+The Resource Group feature is part of the <a href="https://huggingface.co/enterprise">Team & Enterprise</a> plans.
 
 </Tip>
 

diff --git a/docs/hub/organizations.md b/docs/hub/organizations.md
@@ -2,7 +2,7 @@
 
 The Hugging Face Hub offers **Organizations**, which can be used to group accounts and manage datasets, models, and Spaces. The Hub also allows admins to set user roles to [**control access to repositories**](./organizations-security) and manage their organization's [payment method and billing info](https://huggingface.co/pricing).
 
-If an organization needs to track user access to a dataset due to licensing or privacy issues, an organization can enable [user access requests](./datasets-gated).
+If an organization needs to track user access to a dataset or a model due to licensing or privacy issues, an organization can enable [user access requests](./datasets-gated).
 
 ## Contents
 

diff --git a/docs/hub/security-sso.md b/docs/hub/security-sso.md
@@ -5,13 +5,13 @@ The Hugging Face Hub gives you the ability to implement mandatory Single Sign-On
 We support both SAML 2.0 and OpenID Connect (OIDC) protocols.
 
 <Tip warning={true}>
-This feature is part of the <a href="https://huggingface.co/enterprise">Enterprise Hub</a>. For enhanced capabilities like automated user provisioning (JIT/SCIM) and global SSO enforcement, see our <a href="./enterprise-hub-advanced-sso">Advanced SSO documentation</Tip>
+This feature is part of the <a href="https://huggingface.co/enterprise">Team & Enterprise</a> plans. For enhanced capabilities like automated user provisioning (JIT/SCIM) and global SSO enforcement, see our <a href="./enterprise-hub-advanced-sso">Advanced SSO documentation</Tip>
 
 ## How does it work?
 
 When Single Sign-On is enabled, the members of your organization must authenticate through your Identity Provider (IdP) to access any content under the organization's namespace. Public content will still be available to users who are not members of the organization.
 
-**We use email addresses to identify SSO users. Make sure that your organizational email address (e.g. your company email) has been added to [your user account](https://huggingface.co/settings/account).**
+**We use email addresses to identify SSO users. As a user, make sure that your organizational email address (e.g. your company email) has been added to [your user account](https://huggingface.co/settings/account).**
 
 When users log in, they will be prompted to complete the Single Sign-On authentication flow with a banner similar to the following:
 

diff --git a/docs/hub/security-tokens.md b/docs/hub/security-tokens.md
@@ -50,7 +50,7 @@ There are plenty of ways to use a User Access Token to access the Hugging Face H
 
 User Access Tokens can be:
 - used **in place of a password** to access the Hugging Face Hub with git or with basic authentication.
-- passed as a **bearer token** when calling the [Inference API](https://huggingface.co/inference-api).
+- passed as a **bearer token** when calling [Inference Providers](https://huggingface.co/docs/inference-providers).
 - used in the Hugging Face Python libraries, such as `transformers` or `datasets`:
 
 ```python

diff --git a/docs/hub/security.md b/docs/hub/security.md
@@ -1,8 +1,8 @@
 # Security
 
-The Hugging Face Hub offers several security features to ensure that your code and data are secure. Beyond offering [private repositories](./repositories-settings#private-repositories) for models, datasets, and Spaces, the Hub supports access tokens, commit signatures, and malware scanning.
+The Hugging Face Hub offers several security features to ensure that your code and data are secure. Beyond offering [private repositories](./repositories-settings#private-repositories) for models, datasets, and Spaces, the Hub supports access tokens, resource groups, MFA, commit signatures, malware scanning, and more.
 
-Hugging Face is GDPR compliant. If a contract or specific data storage is something you'll need, we recommend taking a look at our [Expert Acceleration Program](https://huggingface.co/support). Hugging Face can also offer Business Associate Addendums or GDPR data processing agreements through an [Enterprise Plan](https://huggingface.co/pricing). 
+Hugging Face is GDPR compliant. If a contract or specific data storage is something you'll need, we recommend taking a look at our [Enterprise Hub Support](https://huggingface.co/support). Hugging Face can also offer Business Associate Addendums or GDPR data processing agreements through an [Enterprise Plan](https://huggingface.co/pricing). 
 
 Hugging Face is also [SOC2 Type 2 certified](https://us.aicpa.org/interestareas/frc/assuranceadvisoryservices/aicpasoc2report.html), meaning we provide security certification to our customers and actively monitor and patch any security weaknesses.
 
@@ -17,9 +17,9 @@ For any other security questions, please feel free to send us an email at securi
 - [Git over SSH](./security-git-ssh)
 - [Signing commits with GPG](./security-gpg)
 - [Single Sign-On (SSO)](./security-sso)
+- [Advanced Access Control (Resource Groups)](./security-resource-groups)
 - [Malware Scanning](./security-malware)
 - [Pickle Scanning](./security-pickle)
 - [Secrets Scanning](./security-secrets)
 - [Third-party scanner: Protect AI](./security-protectai)
 - [Third-party scanner: JFrog](./security-jfrog)
-- [Resource Groups](./security-resource-groups)
-Original file line number
+Diff line change
@@ Expand Up @@
     Advanced and more fine-grained access control can be achieved with [Resource Groups](./security-resource-groups).
-    The Resource Group feature is part of the <a href="https://huggingface.co/enterprise">Enterprise Hub</a>.
+    The Resource Group feature is part of the <a href="https://huggingface.co/enterprise">Team & Enterprise</a> plans.
     </Tip>
@@ Expand Down @@