huggingface · VioletteLepercq · Dec 19, 2025 · Dec 18, 2025 · Dec 18, 2025 · Dec 19, 2025
diff --git a/docs/hub/enterprise-hub-network-security.md b/docs/hub/enterprise-hub-network-security.md
@@ -15,6 +15,12 @@ You can set multiple ranges, one per line.
 <img class="hidden dark:block" src="https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/enterprise/dark-network-sec-ip-ranges.png" alt="Screenshot of the Organization IP Ranges field."/>
 </div>
 
+Once organization admins populate the “Organization IP Ranges” in the Network Security settings, a manual verification—carried out jointly by Hugging Face Solution Engineers and the organization’s admins—is required for the "Require login for users in your IP ranges" setting to become available.
+
+After the “Organization IP Ranges” have been manually verified, and the organization admins have enabled both “Restrict organization access to your IP ranges only” and “Require login for users in your IP ranges”, the following flow applies:
+- When a user arrives on the platform, their IP address is checked.
+- If the IP falls within the organization’s defined ranges, the user must authenticate (via the organization’s SSO if enabled).
+- Once authenticated, the Content Access Policy determines which resources the user can access.
 
 ## Higher Hub Rate Limits