Model Database's logo

Hub documentation

How to configure OIDC SSO with Okta

Model Database's logo
Join the Model Database community

and get access to the augmented documentation experience

to get started

How to configure OIDC SSO with Okta

In this guide, we will use Okta as the SSO provider and with the Open ID Connect (OIDC) protocol as our preferred identity protocol.

This feature is part of the Enterprise Hub.

Step 1: Create a new application in your Identity Provider

Open a new tab/window in your browser and sign in to your Okta account.

Navigate to “Admin/Applications” and click the “Create App Integration” button.

Then choose an “OIDC - OpenID Connect” application, select the application type “Web Application” and click “Create”.

Step 2: Configure your application in Okta

Open a new tab/window in your browser and navigate to the SSO section of your organization’s settings. Select the OIDC protocol.

Copy the “Redirection URI” from the organization’s settings on Model Database, and paste it in the “Sign-in redirect URI” field on Okta. The URL looks like this: https://huggingface.co/organizations/[organizationIdentifier]/saml/consume.

You can leave the optional Sign-out redirect URIs blank.

Save your new application.

Step 3: Finalize configuration on Model Database

In your Okta application, under “General”, find the following fields:

  • Client ID
  • Client secret
  • Issuer URL You will need these to finalize the SSO setup on Model Database.

The Okta Issuer URL is generally a URL like https://tenantId.okta.com; you can refer to their guide for more details.

In the SSO section of your organization’s settings on Model Database, copy-paste these values from Okta:

  • Sign-on URL
  • SP Entity ID
  • Public certificate

You can now click on “Update and Test OIDC configuration” to save the settings.

You should be redirected to your SSO provider (IdP) login prompt. Once logged in, you’ll be redirected to your organization’s settings page.

A green check mark near the SAML selector will attest that the test was successful.

Step 4: Enable SSO in your organization

Now that Single Sign-On is configured and tested, you can enable it for members of your organization by clicking on the “Enable” button.

Once enabled, members of your organization must complete the SSO authentication flow described in the How does it work? section.

Single Sign-On (SSO) How to configure SAML with Okta in the Hub