Hub

Single Sign-On (SSO)

This feature is part of the Enterprise Hub.

Single sign-on (SSO) allows organizations to securely manage user authentication through their own identity provider (IdP). Both SAML 2.0 and OpenID Connect (OIDC) protocols are supported.

Please note that this feature is intended to manage access to organization-specific resources such as private models, datasets, and Spaces. However, it does not replace the core authentication mechanism for the Hugging Face platform. For enhanced capabilities like automated user provisioning (JIT/SCIM) and global SSO enforcement, see our Advanced SSO documentation.

screenshot of Hugging Face Single Sign-On (SSO) feature

This feature allows organizations to:

Enforce mandatory authentication through your company’s IdP
Automatically manage user access and roles based on your IdP attributes
Support popular providers like Okta, OneLogin, and Azure Active Directory
Maintain security while allowing external collaborators when needed
Control session timeouts and role mappings

This Enterprise Hub feature helps organizations maintain consistent security policies while giving their teams seamless access to Hugging Face resources.

Getting started with SSO →

< > Update on GitHub