1. Overview

This document is a comprehensive guide to NVIDIA GPU Cloud (NGC), providing detailed instructions on setting up, managing, and optimizing your cloud environment, including creating accounts, managing users, accessing pre-trained models, and leveraging NGC’s suite of AI and HPC tools.

2. What is NVIDIA NGC?

NVIDIA NGC™ is a cloud platform providing fully managed services, including NVIDIA AI Enterprise, NVIDIA DGX™ Cloud, and NVIDIA Riva Studio for Natural Language Understanding (NLU) and speech AI solutions. AI practitioners can leverage DGX Cloud for model training, NVIDIA AI Enterprise to obtain the latest NVIDIA NIM™ models, and the NGC Private Registry for securely sharing proprietary AI software. NGC also hosts a catalog of GPU-optimized AI software, SDKs, and Jupyter Notebooks to accelerate AI workflows and offers support through NVIDIA AI Enterprise.

Enterprises access their AI cloud services via a dedicated virtual NVIDIA Cloud Account (NCA) linked to the NGC organization where their services are enabled.

3. Why NGC Software

NGC provides software to meet the needs of data scientists, developers, and researchers across various levels of AI expertise.

All software hosted on NGC undergoes thorough scans for common vulnerabilities and exposures (CVEs), crypto, and private keys.

In addition to security scanning, NGC software is tested against a wide range of GPU-enabled platforms, including public cloud instances, workstations, and OEM servers designed for data center or edge deployments. Supported GPUs include H100, V100, A100, T4, Jetson, and the RTX Quadro.

NGC software is tested and assured to scale across multiple GPUs and, in some cases, across multiple nodes, ensuring users can fully utilize their GPU-powered servers out of the box.

For select containers, NVIDIA offers NGC Support Services to run software on DGX platforms or certified OEM servers. The service gives enterprise IT direct access to NVIDIA subject matter experts to address software issues and minimize system downtime quickly.

4. NGC Organizations and Teams

An NGC organization (org) is linked to an NVIDIA Cloud Account (NCA) and shares the same account number. The dedicated account instance is used to enable and manage NVIDIA cloud services.

Users can access an NGC org in the following ways:

1. Sign-Up through the NGC Portal: A user can sign up for a free NGC org through the NGC sign-in portal and create a new NVIDIA cloud account that grants access to an NGC org enabled with NVIDIA Catalog access (public artifacts only).

2. Entitlement Message: NVIDIA sends a message to the company or person granted entitlement for a service delivered in NGC. This can happen through a purchase order, early trial program, or other commercially related offers. The recipient follows the entitlement steps to be granted an NVIDIA Cloud Account and gain access to their NGC service.

3. Account Owner Invitation: The account owner adds a user to an NCA account and grants the required permissions to access the NGC org. The account owner will invite the user through an NCA invitation email or add the user using a corporate AD group membership rule mapped to the NGC org. Note that only enterprise type orgs support the ability for account owners to manage additional users.

Users who sign up for an NGC org through the NGC sign-in portal get assigned an NCA account linked to an individual org that is automatically enabled with the NGC Catalog service and grants authenticated access to the catalog. An individual org is only accessible by a single user, the org owner. The NCA account linked to the org supports additional users, but these users cannot be assigned NGC access permissions.

An NVIDIA premium cloud service subscription, such as NVIDIA AI Enterprise or NVIDIA DGX Cloud, will be granted through purchase, an early access program, or the NGC Activate Subscription portal. Subscriptions get enabled on enterprise NGC orgs. Alternatively, an individual org is converted to an enterprise org when a user activates their subscription through the NGC Activate Subscription portal. An NGC enterprise org is linked to an NCA account and supports additional users, subdividing NGC resources into NGC teams, and role-based access rules.

4.1. NVIDIA Cloud Accounts and NGC

NVIDIA Cloud Accounts (NCA) provide a convenient and scalable way to set up and manage access to NVIDIA cloud services for various users within your company.

NCA is required for managing user access within NGC. It is fully integrated with NGC, allowing user management to be handled within the NGC environment. Adding users through the NGC Add User pane automates the process of updating the NCA account, saving NGC owners and administrators the step of navigating to the NCA user interface.

After the user is added, the next step (Step 2) requires the NGC owner or administrator to assign access permissions to the service entitlements hosted in the NGC org (for example, NVIDIA AI Enterprise or NVIDIA DGX Cloud).

As a follow-up step, the owner or administrator can navigate to the NCA UI console to set up essential services like the following:

• Set up an account recovery email (Highly recommended)

• Add additional NCA administrators (Highly recommended)

• Enter company information

• Manage user tenancy status

Removing a user from NGC doesn’t remove their associated NCA account. The user’s access permissions within the NGC organization are revoked, but the NCA account itself remains active. To completely remove a user from all NVIDIA cloud services, the user must be removed at the NCA account level.

While users can be added and assigned permissions within the NGC UI console, administrators should be aware of additional steps necessary to manage the NCA account.

To learn more about NCA, visit NVIDIA Cloud Accounts.

4.2. NGC Teams

NGC organizations (orgs) serve as the top-level container for enterprise deployments. Within an org, administrators can create teams to implement role-based access control and segment private registry resources by department or project.

Teams provide isolated registry namespaces, ensuring members can share containers, models, and resources within their team while maintaining separation from other teams in the organization.

User management permissions:

• Org owners and org-level user admins: Create teams and manage users across all teams

• Team-level user admins: Manage users within their assigned team only

Note

NVIDIA does not provide user management services; customers are responsible for all user provisioning

To create an NGC team, follow these steps:

1. Log in to your NGC org.

2. Select Organization from the user account menu.

   

3. On the dashboard or in the left navigation, select Teams.

   

4. On the Teams page, click Create Team on the upper right corner.

   

5. Enter a team name and description. Note that names must be all lowercase.

6. Click Create Team to finish.

4.3. NGC Org Owner and Other Org Users

When an NGC org is created, an NVIDIA Cloud Account (NCA) is required to access the NGC org. The NCA account is automatically generated, and the user needs to name it. The user is assigned the owner role in NCA and NGC as the initial user.

As mentioned previously, an individual org is only accessible by the org owner; additional users are not supported. To verify the type of org you manage, sign in to NGC to access your org. Under the user account menu, select Organization, and then select Organization Profile in the left navigation pane.

The org owner possesses the highest admin privileges in an NGC org. The org owner of an enterprise org can add and remove NGC teams and users, and assign NGC permissions to each added user by managing the assignment of teams and roles. When a new user gets added, the org owner invites the user to join the NVIDIA Cloud Account, then assigns access to the entire org or limits the user’s access to a team or a set of teams created within the org. Then, the org owner controls the user’s access by assigning the permissions (roles) necessary to perform their functions within the org or team.

An org supports up to three org owners, and only an org owner can add or invite additional org owners to share in the NGC org management responsibilities. In NCA, only one owner is supported, therefore, to support the additional NGC org owners, the account owner must assign the NCA “Admin” role when creating the add user invitation. For details, see the steps to add additional org owners. To prevent accidentally adding an outside user as an org owner, the email address domain between all org owners’ users must match.

For example, if the users’ email addresses are john@intelligence.ai, jane@intelligence.ai, and peter@intelligence.ai, then all three can be added as org owners because their email address domains match. In contrast, if Peter’s email address was peter@artificial.ai, then Peter cannot be added as an org owner.

Follow the steps in the next section to add a new org owner or additional users with different access permissions.

4.3.1. Adding NGC Users to an Org

The following section guides you through the steps to add a new org owner or additional users with different access permissions. Only NGC org owners and user admins can perform user management operations. NVIDIA cannot manage users on behalf of a customer.

1. Sign in to NGC. Select the correct NCA account linked to the NGC org you want to manage, and click Continue.

   

2. Select Organization from the user account menu. On the dashboard or in the left navigation, select Users.

   

3. Click Add User at the top-right corner.

   Important

   If your org is linked to an external IdP/SSO service, managing user membership using NGC IdP Membership Rules is recommended. If your IdP doesn’t support groups, you can use the NGC add user service.

   

4. In Step 1, invite the user to be an “admin” if they require the ability to manage users in the NCA account, or assign the “member” role in NCA if they do not manage users.

   • Enter the user email address, making sure the domain matches your email domain.

   • Assign the NVIDIA Cloud Account Role “Administrator” or “Member.”

   • Customize the invitation email to inform the user what this is for (optional).

   • Set an expiry for the invitation link (default: 6 hours).

   • Click Add User and Send Invitation to proceed to Step 2.

   

5. After completing Step 1, you will see a successful invitation dialog and Step 2 configuration buttons become active.

   1. User Role

      To assign a role to the user:

      • Select Organization for role assignment.

      • Under the Organization roles, select Owner.

      • Click Add Role to finish.

        Note

        If the user being added will not manage users or NGC teams, assign the “member” role in NCA and don’t assign the Owner or User Admin role in NGC.

        

   2. Controlled Permissions

      To assign controlled permissions to a user:

      • Click the Organization or Team radio button.

      • Assign a “role” under each NGC application, depending on the level of access to grant the user.

        

      In this example, the user added is assigned the Viewer role under NVIDIA AI Enterprise and the User role under Private Registry. These permissions limit the user to viewing and pulling artifacts from the NVIDIA Catalog and pushing and pulling artifacts to the org’s private registry.

      To learn more about NGC product roles, refer to the documentation for each product.

      Note

      NVIDIA NGC is introducing a new user role, “Public API Endpoints User,” to control access to NVIDIA inferencing credits used for calling NVIDIA API Catalog NIM endpoints. This role must be assigned to NGC organization users who need to generate an NGC Personal Key to use API Catalog credits. For more information, go to Assigning Services to Your Personal API Key. To update user roles, go to Updating User Roles.

   3. Team Role Assignment

      Assigning the user permissions at a Team level grants them access only to resources (such as containers, models) shared with that specific team. To grant a user access to resources across the entire org, assign the user roles at the Organization level.

6. The user added will receive an NCA invitation email message that includes the NCA URL to accept the invite and access the NGC org. Share the link to Accepting an NCA Invitation to Access NGC with the invited user.

In the case of org owners, after all three org owners are added, any org owner can replace another org owner when needed. An org owner can remove another org owner by going to the ‘users’ list and selecting Remove User.

When an org owner is deleted, an email notification is sent to the remaining active owners about the deletion event. Using the same steps above, a replacement owner can be invited.

4.3.2. Updating User Roles

The following section guides you through the steps to update user roles.

1. After signing in and selecting the NGC org to update, navigate to the Organization > Users page.

   

2. To locate the user, you can search by either email address or name using the filtering bar.

   

3. Click on the user you want to modify, then click Edit Membership at the top of the page.

   

4. Select the desired roles to add to the user and click Add Role. A confirmation message will appear.

   

5. To remove roles, find the assigned roles in the table at the bottom of the page. Click the X to remove that role from the user.

   

   Afterwards, you’ll see a confirmation dialog.

4.3.3. Removing a User from an NGC Org

The following section guides you through the steps to remove a user from an NGC org.

Only the organization owner or a user admin can remove a user from the org.

To remove a user from an NGC org, follow these steps:

1. Click on your user account icon to open the menu, then select Organization and click on Users.

   

2. Use the filter tool to find the email address of the user you want to remove.

   

3. Click the Actions ellipsis and select Remove User.

   

Removing a user from the NGC org will revoke all their access to NGC. However, the user will still remain an active tenant member in the NVIDIA Cloud Account (NCA), where user tenancy is managed.

In NGC, you grant access permissions (roles) to a user, and removing the user only removes these permissions. To completely delete the user from NCA, follow the steps provided in the NCA User Guide.

4.3.4. Securing the Owner Account with Multi-Factor Authentication

When you create your owner account, you receive an NVIDIA identity account that is protected by a password you set at the time of owner account creation. You can further secure access to your owner account by setting up multi-factor authentication using the directions below:

1. Go to NVIDIA and click the sign-in icon.

   

2. Sign in with the credentials you set up during the org owner account setup.

3. From your NVIDIA user profile page, navigate to the bottom, click on Security settings, and click Update.

   

4. You will be prompted to enter your password again to access security settings.

5. Navigate to the Multi-factor Security settings.

   

6. You can now configure your identity account for two-factor authentication. Go to the NVIDIA N-factor help page for details on how to set it up.

4.3.5. Contacting your Org Owner

As a user within an NGC organization, you may need to contact the organization owner to request a new service subscription or add a new user. NGC simplifies this communication with the Contact Admin option in your user account menu.

1. First, sign into the NGC application with your organization. Then click on your user ID in the top right corner to access the user account menu.

   

2. Select Contact Admin to open the email editor dialog.

   

   Within this editor, you can choose from the following email templates:

   • Product Request: Use this template when requesting a specific product for your <org-name> organization. For example, “I’d like to request the [product name] product for the <org-name> organization.”

   • Team Access Request: Select this template if you need to request access to the org or a particular team, such as “[team-name],” within your <org-name> organization.

   Both templates come with pre-populated message content, but you can edit or delete portions of the message to create a customized message to send to your organization owner.

   

3. Once you are ready to send the message, click Send.

   The organization owner will receive an email from noreply-ngc@nvidia.com that will include your email address. The following is a sample email message:

   

   By following these steps and using the Contact Admin option, you can easily initiate communication with your organization owner.

4.3.6. External User Groups

As an NGC organization owner or administrator, you may need to share resources with users outside your organization. While you could add these external users as regular account members, this poses security risks since account members automatically receive access to certain account services. Instead, NGC provides a more secure way to collaborate with external users through External User Groups.

External User Groups let you control exactly what external users can access in your NGC organization. Unlike regular account members, external users receive only the specific permissions you assign to their group. You can manage access by:

• Adding or removing group permissions

• Adding or removing group members

For managing access in your organization, NGC recommends:

• For your company’s internal users: Add them as account members by:

  • Inviting them with the Users management page.

  • Using your Enterprise Identity Provider (IdP) to grant access to the org with IdP groups.

• For external users (users with email domains outside your company or IdP): Use External User Groups.

4.3.6.1. External User Groups: Quick Reference

Supported NGC Applications	Private Registry and Catalog
Maximum Users per Group	1,000
Maximum Groups per Organization	100

4.3.6.2. Creating an External User Group

To create and configure an External User Group:

1. Sign in to the NGC organization you want to share access to and select Organization from the menu.

   

2. Select External User Groups from the left navigation or dashboard.

   

3. Click Create Group.

   

4. Configure your group settings:

   1. Name: Enter a descriptive name that identifies the group’s purpose.

   2. Description: Add a brief description explaining the resources this group will access.

   3. Other Options: By default, leave the checkbox unchecked to manage external users from any domain or Identity Provider (IdP). If you check the box, only onboarded IdPs will be supported. To allow users from additional IdPs, keep the box unchecked.

   4. Assign Permissions: Configure access rights for group members:

      1. Assign Context of the Permissions: Choose between organization-wide or team-specific access. For details, see NGC Teams.

      2. Services and Roles: Select the services members can access and their permission levels.

         Important

         For Private Registry permissions, refer to the available role types. For Catalog access, Read access allows users to view artifacts under your organization’s NVIDIA AI Enterprise essentials subscription.

      Click Create User Group when you’re ready.

      

5. Invite users to your External User Group.

   You can invite external users using either of these methods:

   1. From the groups list: Click the ellipsis menu (⋮) under Actions and select Invite Users.

      

   2. From the group details page: Click Invite User.

      

6. Configure the invitation to be sent to the external users.

   1. Subject: Customize the email subject to help recipients identify your invitation.

   2. Invitation Expiry: Set the invitation’s validity period. After expiration, users cannot access shared permissions via the email invitation. Available periods:

      • 1 hour

      • 6 hours

      • 24 hours

      • 1 week

      • 1 month

   3. Message: Add a personalized message to provide context about the invitation.

   4. Role of Users: All invited users receive the fixed ‘member’ role. This role is separate from NGC organization permissions and does not affect access levels.

   5. Email Address: Enter the email addresses for your external users. Click Add another user to include additional users. When finished, click Invite Users.

      

      After sending the invitations, you’ll see a “Users successfully created” message.

      

      You can monitor pending invitations in the group details page.

      

      When users accept their invitations, they become “Confirmed Users.” You can monitor their API key status and resend expired invitations if needed. Resent invitations maintain the same validity period as the original.

4.3.6.3. Managing External Users’ Personal API Keys

As an NGC organization administrator, you can manage API keys for your external users through the following capabilities:

• Monitor API key status and usage

• Revoke compromised keys (requiring users to generate new ones)

• Remove users from the External User Group to prevent key generation or rotation

The administrator interface provides two main views:

• External user’s personal key view:

  

• External users list view:

  

4.3.6.4. Guide for External Users: Accepting Invitations

Follow these steps to accept your invitation to join an external user group:

1. Check your email for an invitation from noreply-ngc@nvidia.com. Click Access Org in the email.

   

   Tip

   If you can’t find the invitation email, check your spam/junk folder.

2. Sign in to NGC. If you’re new to NVIDIA, you’ll be prompted to create an account. Otherwise, use your existing credentials.

3. Select the organization under External User In.

   

   You now have access to the shared NGC organization.

4.3.6.5. Setting Up API Access

To access shared organization resources via CLI or API, you’ll need to generate a personal key:

1. On the API Keys page, click Generate Personal Key.

   Important

   If the Generate Personal Key button is inactive, follow these steps:

   1. Create an NVIDIA Cloud Account (NCA) where you are an active member.

   2. Create and activate an NGC organization in that account. This organization will authorize your personal key for the shared organization where you are an external user.

   3. Return to generate your key.

   To create your NCA and NGC organization:

   1. Click Create NVIDIA NGC Org and authenticate with your NVIDIA Cloud Account credentials.

      

   2. Enter a name for your NCA and click Create NVIDIA Cloud Account.

      

   3. Click Continue to return to the NGC Personal Key management page.

2. Configure your personal key:

   1. Key Name: Enter a descriptive name that identifies the key’s purpose.

   2. Expiration: Choose a preset period, set a custom date, or select “never expire”.

   3. Services Included: Select the services this key will access.

   4. User Organization: Select an NGC organization you belong to (required for key authorization).

   

   Click Generate Personal Key.

   Warning

   Copy and store your key immediately - it will only be shown once.

   For additional information:

   • See the NGC API keys documentation for general API key information.

   • Refer to the NGC Catalog and NGC CLI guide for using your key with CLI clients.

4.4. Transferring Your Product Activation Invitation

When you receive an NGC product activation email, and you want to activate the product in an account you don’t own, you must transfer the product activation invitation to the account owner. Follow the steps below to transfer.

Note

The account selector supports activation invitation transfers only for invitations received directly from NGC. For “NVIDIA entitlement certificate” activations, contact your org owner.

1. To transfer a product, at the Activate Product page, click View All NVIDIA Cloud Accounts. This displays accounts you are a member of but do not own; those without the ‘owner’ tag are not owned by you. Review carefully to identify the account associated with the desired NGC organization before starting the transfer process.

   

2. Click the Transfer Product Activation link under the Actions column.

3. Review the pop-up indicating that the transfer cannot be undone and confirm that you are certain about proceeding with the transfer.

   

4. Check the default email template for accuracy, then click Transfer Product Activation. Editing is optional if the content is correct.

   

5. Accessing NGC Org

Activating an NVIDIA NGC product depends on how you obtained the product activation message. This chapter provides comprehensive instructions for activating your NGC product, regardless of whether you received an NGC email invitation from NGC (noreply-ngc@nvidia.com), an NVIDIA commercial entitlement certificate (noreply@nvidia.com), or registered for a free individual NGC organization. It outlines the steps to create and link your NVIDIA Identity account and NVIDIA Cloud Account to your NGC organization, and details the activation process required to access NGC products.

5.1. Activating Your NGC Product from an NGC Email Invitation

Customers can try upcoming NVIDIA NGC AI products through NVIDIA Developer or by engaging directly with the NVIDIA product team. Once approved, you will receive a welcome email from NVIDIA NGC, similar to the image shown below, guiding you on how to begin your onboarding process and activate the software. To access NGC, you need to be a tenant of an NVIDIA Cloud Account used to manage access to NGC for you and additional users. The following sections explain how to use your NVIDIA NGC welcome email.

If you’re already an NVIDIA NGC user, go directly to NGC Product Activation by Invitation - Existing User.

5.1.1. NGC Product Activation by Invitation - New User

This section describes the steps necessary to activate a new NGC product as a new user to NVIDIA NGC.

1. Go to your inbox to find the email “Welcome to NVIDIA NGC”. Click the Accept invitation and sign-in button.

   

2. To create your NVIDIA sign-in identity account, type in a password and confirm it (must meet the complexity check), review the NVIDIA account Terms of Use and Privacy Policy, and click Create Account to accept and proceed with your identity account creation.

   

3. A verification email is sent to your email address.

   

4. Open the email, copy the code, paste it in the Verify Your Email screen, and click Continue.

   

   You may see an additional browser page open to validate the creation of your user account. Close this page and return to the browser page you started on.

5. In the Almost done! dialog, select your communication preferences, and then click Submit.

   

6. You must now complete the creation of your new NVIDIA Cloud Account. Provide a meaningful name (spaces are not allowed) that helps you identify it easily against other accounts you own or are a member of.

   Note

   Creating a new NCA will generate a new NGC org where your product will be activated. The NGC org is directly linked to this NCA.

   

7. You’ve now activated your NGC product, and you will be redirected to the NGC org subscription page where you can verify your product is active.

   

That’s it! You’re all set up with your product.

Optional: You should have received a welcome email from your NVIDIA Cloud account. You can choose to complete the setup of your account now or at a later time.

Complete the steps in Setting up your NCA Account to configure your NCA account. The users you add to your NGC org are automatically added to the NCA account. To remove users or update NCA-related tenancy settings for a user, you need to take these actions in NCA.

Note

You cannot access NGC and NGC permissions cannot be assigned in NCA. NCA only manages user tenancy membership. To add users and assign NGC permissions, perform these actions in Adding NGC Users to an Org.

5.1.2. NGC Product Activation by Invitation - Existing User

This section describes the steps to activate a new NGC product invitation received if you already have an NVIDIA NGC organization.

1. Go to your inbox to find the email “Welcome to NVIDIA NGC”. Click the Accept invitation and sign-in button.

   

2. Sign in to your NVIDIA identity account.

   

3. Review the product details you want to activate on the Activate Product page, select the account under which the product should be activated, and click Activate Product. By default, only the accounts eligible to activate the product are displayed. Alternatively, you can activate the new product under a new account and NGC organization by clicking Activate with a new NVIDIA Cloud Account.

   

   Note

   If you want to activate the product in an account you are not an owner of, you must transfer the product activation invitation to the owner. You can find the transfer steps here.

4. You’ve now activated your NGC product, and you will be redirected to the NGC org subscription page where you can verify your product is active. Click the Launch button for the service you want to access.

   

That’s it! You’re all set up with your product.

Optional: You should have received a welcome email from your NVIDIA Cloud account. You can choose to complete the setup of your account now or at a later time.

Complete the steps in Setting up your NCA Account to configure your NCA account. The users you add to your NGC org are automatically added to the NCA account. To remove users or update NCA-related tenancy settings for a user, you need to take these actions in NCA.

Note

You cannot access NGC and NGC permissions cannot be assigned in NCA. NCA only manages user tenancy membership. To add users and assign NGC permissions, perform these actions in Adding NGC Users to an Org.

5.2. Activating NGC Product from an NVIDIA Commercial Entitlement Certificate

When you procure a software subscription for an NVIDIA product, you’ll receive an entitlement certificate attachment in an email with instructions on how to claim your entitlement. The following steps guide you through the entitlement registration process.

1. Find the Entitlement Certificate Email

   Open your email inbox and locate the email titled “NVIDIA Entitlement Certificate - Ref” containing your entitlement certificate attachment.

   Here is a sample entitlement certificate email:

   

   The entitlement certificate is provided as a PDF attachment. The following is an example:

   

   The PDF also includes instructions for using the certificate. Here is an example:

   

2. Login or Register

   • If you’re an existing NVIDIA customer, click Already have an entitlement? Please Login.

   • If you’re a new NVIDIA customer, click register to begin claiming your entitlement.

3. Sign In

   Enter your username. If you are using an NVIDIA user account, your username will be your email address. If you are signing in through your corporate single sign-on portal, please use your company username. After entering your username, click Sign In.

   

   • Existing NVIDIA customers: Enter your password, and then click Login.

   • New customers: Create a new identity user account by setting a password.

4. Select or Create an NVIDIA Cloud Account (NCA)

   Follow the steps below for returning or new customers.

   • For returning customers:

     The registration page displays different options for product activation.

     

     • Option A: Use an existing NCA

       1. In the NCA pane, select View Eligible NVIDIA Cloud Accounts to review available accounts that you own.

       2. Check the associated NGC org and active product subscriptions for each account.

       3. Select the desired account and click Continue.

     • Option B: Create a separate org

       1. Click Create new NCA to activate your product in a separate NGC org.

       2. Follow the steps below for creating new accounts.

     • Option C: Use an account you don’t own

       If you need to activate the product in an account you’re a member of, but is owned by someone else (under View Other NVIDIA Cloud Accounts):

       1. Cancel the current registration process.

       2. Contact the account owner to request product activation.

       3. See Contacting your Org Owner for more details.

   • For new or returning customers choosing to create a new account:

     You will be prompted to create a new NCA.

     1. Choose a meaningful account name for easy identification.

     2. Click Create NVIDIA Cloud Account when done.

     

5. Complete Entitlement Registration

   After selecting or creating an NCA, you will be directed to the entitlement registration page. Fill out the required fields and click Register.

   

   Required Information:

   • Primary Contact Information

     • First Name

     • Last Name

     • Email Address

   • Primary Contact Details

     • Location (Country)

     • Address

     • Phone

     • Job Role

6. Email Confirmation and Access

   After a successful registration, you’ll receive an email from NVIDIA Application Hub:

   Click Log In to go to the hub.

   

7. Click the NVIDIA NGC card to access your software subscription in NGC.

   

   When you are in NGC, you can add additional users for them to access NGC by following steps in Adding NGC Users to an Org.

   Your registration is now complete!

Optional: You can login to NVIDIA Cloud Accounts to set up your recovery email.

Note

You cannot access NGC and NGC permissions cannot be assigned in NCA. NCA only manages user tenancy membership. To add users and assign NGC permissions, perform these actions in Adding NGC Users to an Org.

5.3. Signing Up for a Free Individual NGC Org

This section describes the steps to sign up for an individual NGC org to access NGC Catalog artifacts gated by authentication. While setting up the NGC org, an NVIDIA Cloud Account is also created.

1. Go to the NGC sign-in page from your browser, enter your email address, and then click Continue.

   

2. To create your NVIDIA sign-in identity account, type in a password and confirm it (must meet the complexity check), review the NVIDIA account Terms of Use and Privacy Policy, and click Create Account to accept and proceed with your identity account creation.

   

3. A verification email is sent to your email address.

   

4. Open the email, copy the code, paste it in the Verify Your Email screen, and click Continue.

   

   You may see an additional browser page open to validate the creation of your user account. Close this page and return to the browser page you started on.

5. In the Almost done! dialog, select your communication preferences, and then click Submit.

   

6. Give your NVIDIA Cloud Account (NCA) a name that will help you identify it easily the next time you sign-in.

   

7. Complete your user profile at the Set Your Profile screen, agree to the NVIDIA GPU Cloud Terms of Use, and then click Submit.

   

   Your NVIDIA account is created, and you are automatically redirected to your individual NGC org.

   

   Your registration is now complete.

Optional: From the NCA email, complete the steps in Setting up your NCA Account to configure your NCA account. The users you add to your NGC org are automatically added to the NCA account. To remove users or update NCA-related tenancy settings for a user, you need to take these actions in NCA.

Note

You cannot access NGC and NGC permissions cannot be assigned in NCA. NCA only manages user tenancy membership. To add users and assign NGC permissions, perform these actions in Adding NGC Users to an Org.

5.4. Setting up your NCA Account

To finish setting up your NVIDIA Cloud Account, find your NCA invitation email message in your inbox and click Log In Now.

1. Your NVIDIA Cloud Account (NCA) provides the services to set up a recovery email address in case your existing one becomes unavailable, manage access for additional users (subscription required), and set up billing information to purchase consumption-based NVIDIA cloud products.

   

2. Enter your email address to log in and click Continue.

   

3. Enter the credentials you created for your NVIDIA identity account.

   

4. On the NCA landing page you can find the details of your account. Here you can setup a recovery email address that can be used to regain access if the email address you used to create your account becomes unavailable. Go to Setting Up NCA Recovery Email for steps on how to setup your recovery email.

5.4.1. Setting Up NCA Recovery Email

To set up your NVIDIA Cloud Account (NCA) recovery email, follow these steps.

1. Click Edit on the Account Details pane under the Account Management > Details page.

   

2. On the Edit - Details dialog, enter the email address that you want to use for account recovery. This email address must be different from the address used to create the account. You can optionally set a description of this account, click Save.

   

3. Check to see that the recovery email status on the Account Details pane changed to Pending.

   

4. Go to your recovery email inbox, search for the NVIDIA message with the title “NVIDIA Cloud Account, Verify Your Recovery Email”, and click Verify.

   

5. You should see that your email has been verified.

   

6. Go back to your NCA console and check the recovery email status has updated with the address you assigned.

   

5.5. Accepting an NCA Invitation to Access NGC

Follow these steps to accept an invitation to join an NVIDIA Cloud Account and access NGC.

1. Check your email inbox for a message titled “You’ve been invited to an NVIDIA Cloud Account.” Open the email and click Login to proceed.

   

2. If you are new to NVIDIA, you are prompted to create an NVIDIA identity account. Create a password that is at least 9 characters long and uses a mix of uppercase and lowercase letters, numbers, and special characters. If you already have an NVIDIA identity account, enter your password to continue. You can skip to Step 6 below.

   

   You will be asked to verify your email address in a confirmation email.

   

3. Check your email inbox for a message titled “NVIDIA Accounts”. Open the email and click Verify Email Address.

   

   The email confirmation message will display in your browser.

   

4. NVIDIA would like permission to send you the latest news related to our software and products, as well as learn more about how you use our websites to make sure we send you information relevant to you. Select your options and click Submit.

   

5. You are prompted by NVIDIA Cloud Accounts to accept the invitation to join your company’s account. Click Accept Invitation to continue joining.

   

6. Enter your password (required for security).

   

7. Accept the terms of use and privacy policy to access your software subscription.

   

   You can now access the NGC org.

6. Using an External SSO for NGC Org Authentication

An enterprise org can federate its external SSO/IdP identity service to centralize user authentication and manage access to NVIDIA cloud services. This section covers how to configure NGC org authentication through an external SSO provider such as Azure AD or Okta.

The setup process to federate an NGC org to an external SSO identity provider is now guided by an NVIDIA IdP onboarding wizard app and the steps are performed by the customer. To gain access to the IdP onboarding app, contact your NVIDIA sales representative or submit a support case with NVIDIA Enterprise Support. If you don’t have an NVIDIA sales rep or an active support contract, please email integration-requests@nvidia.com and submit the following information in your request message:

• Your company name

• A list of email domains that must be associated with the partner (for example, acme.com, acme.net). The list can only include domains owned by the customer.

  Note

  If the request is submitted by email, an identity verification process will be required before the IdP onboarding can be started.

• The email addresses of the customer representatives who are expected to perform the IdP federation configuration steps.

6.1. Federating IdP with NVIDIA Cloud Services

When your request to federate your IdP is approved, you will receive an email with the NVIDIA URL to access the IdP onboarding configuration tool. Follow the steps below.

1. Access the Tool

   Locate the NVIDIA email, then either create an NVIDIA identity account with your work email or sign in with an existing account.

   

2. Initial Setup

   After you log in, you will see the initial screen of the IdP onboarding tool. Complete the required fields and click Next.

   • Your company name: NVIDIA will verify your employment.

   • Your identity management system: Select your IdP (for example, Azure AD, Okta) from the dropdown.

   • Your email domains: Enter the domains managed by your IdP.

   

3. Onboarding Wizard

   You will be guided through a configuration wizard based on the IdP system you selected (Azure AD, OpenID Connect, or SAML).

   • Entra ID (Azure AD)

     

   • OpenID Connect Provider

     

   • SAML

     

4. Perform a Login Test

   After completing the IdP onboarding configuration, follow the instructions to test the login process.

   • Read the Login test instructions and click Next.

     

   • Review your login test results. If successful across all login services, click Confirm. If not, troubleshoot your IdP system and retest.

     

5. (Optional) Seek Support or Reassign Task

   Use the “Help” button to access support options.

   

   You can also reassign the task to complete the IdP configuration to a colleague.

   

6. Complete the IdP onboarding

   Once your login test is successful, you will see a success message.

   

   The NVIDIA team will finalize the onboarding generally within one business day, and you will receive a confirmation email.

   

Once your IdP is federated, NVIDIA cloud platforms are not automatically enabled to authenticate users through your external IdP. Since your company may have users accessing NVIDIA cloud platforms with NVIDIA-based identity user accounts, we would like to assist in identifying these users, communicating upcoming changes, and planning the migration of enterprise entitlements to their new external IdP-based identity user accounts. Please contact ngc-sso@nvidia.com to conduct this audit and coordinate the transition.

6.2. Authenticating and Managing User Access

This chapter covers the steps required to authenticate users through an enterprise SSO/IdP identity service, add new users, manage user permissions and roles, and ensure secure access to organizational resources.

After an NGC org is federated against an enterprise SSO/IdP identity service, the users signing into NGC will automatically be prompted to authenticate against their enterprise SSO/IdP service and redirected back to NGC after a successful sign-in. To add new users to an org federated to an external SSO/IdP provider, the org owner follows the steps described in Adding NGC Users to an Org. Alternatively, suppose the external IdP provider supports OIDC claims to identify the user’s membership to a group or set of groups. In that case, NGC can be configured to map these OIDC claims to NGC org, teams, and role assignments. See the NGC IdP Membership Rules section for more details.

Note that NGC orgs no longer manage user tenancy; users and/or groups are assigned “permissions” to access NGC org resources and are tenants of the NVIDIA Cloud Account (NCA) linked to the NGC org. Users and groups are now added to the NVIDIA Cloud Account.

If you are managing user memberships using IdP-based group tags (claims), you need to add these groups both in the NCA account under “Add Groups” and in the NGC org under “External IdP > IdP rules.” (In the future, we will deliver a feature where groups are added in NCA and discovered automatically in NGC to assign access permissions.)

To ensure access to the NCA account and NGC org is never lost, even if the IdP service is rendered inaccessible, configure a “Recovery email address” under the NCA account. This email address will be used to authenticate you outside of your IdP. For more information about email recovery, refer to Setting Up NCA Recovery Email.

Important

For NVIDIA to automatically detect the deletion or deactivation of a user managed by the external IdP, the customer must also integrate their IdP user management service to our NVIDIA identity federation system using “SCIM” or “Security Event Tokens” and allow the user to update events to flow to NVIDIA. NVIDIA will use these events to ensure deleted user accounts from the enterprise side are reflected across all NVIDIA services. Any credential assets (for example, API keys) owned by the removed user are immediately revoked upon receiving the deletion or deactivation event.

During the federation process, NVIDIA will share our IdP federation “Synchronization of users and group changes” document, and we will need to record a written acknowledgment (email is okay) of receipt of this information and a decision on whether or not you (customer) will implement the security event integration.

Some NVIDIA products (like NGC) provide a UI option for customers to manually disable/deactivate/dis-enroll users manually within the NVIDIA application and trigger the revocation of credential assets by deleting the user. For example, NGC supports removing a user from an NGC org, and this event automatically triggers the revocation of user-owned NGC API keys.

However, such application-specific admin functions do not remove users from other NVIDIA applications unless the removal is performed at the NCA account level. The risk with this process is that if the user were part of other NVIDIA services that grant credential assets, these assets would remain as active dangling assets against those services because the user account remains “active” in our central identity service and NCA. The user’s API keys are thus not revoked. The only way to guarantee NVIDIA-wide user account removal is to integrate user event sharing with the NVIDIA IdP federation service, and the customer must be guided to execute the NVIDIA recommended de-provisioning operations in the NVIDIA IdP federation service.

6.3. NGC IdP Membership Rules

An enterprise org can be federated to an external SSO/IdP identity service to centrally manage a company’s rules for user authentication to cloud services.

When the NGC org is linked to an external IdP, the org owner will see the ability to start creating membership rules under the Organization > External IdP configuration page.

Important

Only the org owner or the user_admin roles can manage IdP rules.

If you are an org owner, even if you are a member of a group configured in an IdP rule, the rule will not update your roles. By default, the org owner inherits admin privileges across all enablements and services in the owned org, and these role assignments are immutable.

If the NGC org is not linked to an enterprise-owned SSO IdP provider, the ‘External IdP’ web prompt is disabled with a message stating the org is not linked to an IdP. You can request to link your org to an enterprise-owned SSO IdP by emailing ngc-sso@nvidia.com.

The membership rules feature uses Open ID Connect (OIDC) claims containing the user’s membership attributes. However, if your integration is based on SAML, our IdP federation service will translate your SAML based identities and group labels to the appropriate OIDC Id-token and group labels our Cloud Platforms expect.

Sample ID-token expected by NGC

The ID-token contains several claims that carry attributes associated with the user. Specifically, we are interested in the “groups” claims values that map users to specific membership groups in their Active Directory (AD) service.

It’s important to note that the external IdP uses the name “groups” to carry membership attribute values in the example above. However, other IdP providers may use a different name for their membership attribute claim. If your IdP provider uses a different claim name, check that NGC supports it by emailing ngc-sso@nvidia.com.

An org owner or user_admin will create membership rules by mapping the name (alias) value of the IdP ‘groups’ claim to NGC org roles and permissions. Within the enterprise AD service, users assigned to these groups will receive the roles and permissions assigned to the group name in the NGC IdP rules.

Example

In this example, we are using Okta as the enterprise-owned SSO IdP provider. It is assumed the same person managing Okta also has NGC org owner permissions.

Okta Settings

1. First, the NGC org gets linked as a client application to the Okta IdP service.

   

2. On Okta, managed users get assigned to the NGC client application, enabling them to sign in to NGC using their Okta SSO account.

   At this point, users have not been assigned to a ‘group’.

   

3. On Okta, secure AD groups are created, and users can be assigned to a group or a set of groups.

   

4. In this example, Adam and Amy are assigned to the NGC_AIE_PR_Admin group. Note that this is being done manually using the Okta user management feature, but this is typically managed automatically by using an enterprise active directory integrated into the IdP provider.

   

5. At this point, Adam and Amy can sign into NGC, but there isn’t an IdP rule that assigns them NGC org roles and permissions. The next section covers creating the NGC IdP membership rules that will grant Adam and Amy their roles.

Configuring NGC

After the IdP groups are created and users are assigned to secure AD groups on the Okta IdP side, the administrator (org owner) is ready to configure NGC IdP membership rules.

NGC

1. In the NGC web application, go to NGC External IdP settings and click Create Rule.

2. Type in a Rule Name that describes the purpose of the rule.

3. Then, under the If group equals field, enter the name of the IdP ‘group’ claim that will map to this rule. Note that the name must match exactly and is case-sensitive.

4. Finally, assign the NGC team or org-level access, and assign cloud service roles to grant to users that are assigned to the group. Click Save.

   

5. Once the rule is saved, the org owner must activate the rules to apply the membership roles to Adam and Amy when they sign in.

   

This completes the creation of an NGC IdP membership rule.

The org owner or user_admin can create multiple rules to support multiple group claim values from the IdP. An example of multiple IdP membership rules created can be seen below.

Important

The NGC IdP membership rules do not go into effect until they are “activated”. Users’ accounts that were added using the manual method will continue to use NGC role permissions assigned through ‘Users’ invite user membership configurations.

When the Activate Rules button is clicked, the org owner or user_admin is prompted to confirm activation of the IdP rules. When the rules are activated, the NGC IDP rule system reviews user memberships previously added to the org using the “user invitation” method. The NGC IdP rule system will check if the user account maps to a new IdP membership rule. If one does, the previous account membership is deleted, and a new user account membership using the same email address and IdP association will be created. The permissions and roles that get assigned to the new account membership are based on the IdP ‘groups’ claim attribute.

Note

Previous user accounts that are determined not to have an associated IdP rule remain as active user accounts under “Users” account memberships. An org owner or user admin can remove these users if the org should only be accessible by members mapped to IdP rules.

7. Activating Your Subscription (Offer Dependent)

This section describes activating a subscription and linking it to your NGC Account.

Note

These steps are only required for customers who have been given an activation code as part of the purchase of a GPU or DPU.

1. Access the activation page directly via Activate Subscription.

2. Sign in to NGC with your email address and password if prompted. If you have not created an NGC account, create one now.

3. On the Activate Subscription page, enter your Business Information using your company’s headquarters address and the serial number or activation code described by the specific offer. If entering multiple serial numbers or activation codes, use a comma to separate each.

4. Click Activate Subscription.

   

5. Once the system validates the serial numbers, review the information displayed and click Request Activation.

   

6. The Subscriptions page will display for your organization with the active NVIDIA AI Enterprise subscription.

7. Use the left navigation and click Enterprise Catalog to access the NVIDIA AI Enterprise software suite.

   

8. Switching Orgs or Team After Logging into NGC

This section describes switching to a different org or team after logging in.

In the top menu bar, click your user account icon. Then, select your org menu to expand the view to other available orgs. If you manage many orgs, you can use the search field to find the specific org you want to select. Select the desired org by clicking it once.

Depending on the org or team you select, your current page may also refresh.

9. NGC API Keys

NVIDIA NGC API keys are required to authenticate with NGC services using NGC CLI, Docker CLI, or direct API requests.

NGC provides two types of API keys:

Personal Keys

• Any NGC org user can generate a personal key.

• An NGC org user can grant a personal key up to the permissions assigned to them in the NGC org.

• A personal key is linked to the user’s NGC org lifecycle.

  • If the user’s permissions change, the available permissions that can be or are assigned to the personal key also change.

  • If the user is removed from the NGC org, the key’s validity is revoked.

• Supports updating permissions, rotation, and deletion (immediate revocation).

  • Org owners and user_admins can revoke any member’s key on demand.

• Each user can generate up to eight personal keys.

Use personal keys to begin using NGC services within your sandbox. Personal keys are best suited for individuals working on early development and testing code before moving to pre-production and production releases.

To learn how to authorize the services you have access to in the org and generate a personal key, go to Generating a Personal API Key.

Important

Use the legacy NGC API Key to authenticate with Base Command Platform, Fleet Command, or other NGC services that don’t support “Personal key” authentication. For cross-org authorization, continue using the legacy NGC API Key. NVIDIA plans to deprecate the legacy NGC API key after 2025. NVIDIA encourages you to use the Personal Key, but if you need to continue using the legacy API key, go to Generating a Legacy NGC API Key to find out where to create a new one. Also, your current NGC API key will continue to work.

Service Keys

• The lifecycle of service keys is linked to the NGC org account, not associated with an individual user.

• Only NGC org owners and user_admins can manage service keys.

• A service key can be scoped to access only the permissions and services required, or full access to the services enabled in the org.

• Supports scoped permissions, updating permissions, on-demand revocation, rotation, and deletion.

• An NGC org can have up to 50 service keys.

Use service keys when you require automated communication between machines and deploying to pre-production and production environments where you do not want to depend on a user’s membership status in the NGC org.

Note

Service keys currently do not support listing artifacts in NGC CLI or Docker CLI. This functionality will be added in the future. In the meantime, use a Personal API key to list artifacts.

Examples using NGC API Keys

Here are some examples of using NGC API keys to authenticate with NGC CLI and Docker CLI:

NGC CLI

$ ngc config set

Paste your key value at the API_KEY prompt:

[Enter API key [****API-Key]. Choices: [<VALID_APIKEY>]

Important

Always use the latest NGC CLI version to access the newest features, bug fixes, performance improvements, and security updates. Check for the latest versions at NGC CLI Installers or run ngc version list to view the latest releases, then upgrade using

ngc version upgrade

Docker CLI

docker login nvcr.io --username '$oauthtoken'

For the username, enter '$oauthtoken' exactly as shown. It is a special name that indicates that you will authenticate with an API key. Paste your key value at the Password prompt.

9.1. Supported NGC Applications and API Key Types

The NVIDIA NGC applications/services that support Personal and Service Keys are listed below:

NGC Applications and Services

NGC Application/ Services	Service Description
NVIDIA NGC Catalog	Grants your key permission to access or download containers and artifacts from the NGC Catalog. The permission level matches your account’s permissions for the catalog.
NVIDIA NGC Private Registry	The key is authorized to perform actions on your organization’s private registry service, such as pulling, retrieving, creating, or deleting containers and artifacts. The permission level assigned to the key matches the permission level of your user account. Therefore, your user account must have permissions for the Private Registry.
NVIDIA Cloud Functions	This authorization allows your key to perform actions on your organization’s cloud functions service. If your organization has private functions published by NVIDIA, or if your cloud functions service enables you to create, deploy, and run your own functions, your personal key will have the same permissions as your user account for the cloud functions service. Therefore, it’s important that your user account has the necessary permissions for Cloud Functions.
NVIDIA Public API Endpoints	Grants permission for your key to access NVIDIA NIM inference endpoints listed in the NVIDIA API Catalog. Therefore, your user account must have Public API Endpoints permissions.
NVIDIA Secrets Manager	Authorizes your key to perform actions on the NVIDIA Secrets Manager service, which is used to store and manage secrets. Your key will have the same permission level as your user account, so your user account must possess Secrets Manager permissions.

9.2. Generating NGC API Keys

Generating API keys is essential for authenticating with NGC services using the NGC CLI, Docker CLI, or direct API requests.

9.2.1. Generating a Personal API Key

1. Sign in to the NGC website. From a browser, go to https://ngc.nvidia.com/signin and then enter your email and password.

2. Click your user account icon in the top-right corner and select Setup.

   

3. Click Generate API Key from the available options.

   

4. On the Setup > API Keys page, click + Generate Personal Key on the menu or the pane.

   

5. In the Generate Personal Key dialog, fill in the required information for your key.

   

   • Key Name: Enter a unique name for your key.

   • Expiration: Choose the expiration date for the key.

     

   • Services Included: Choose from the available services the key is permitted to access. Refer to Assigning Services to Your Personal API Key to learn more about each service and when to assign service access to your Personal Key.

6. Click Generate Personal Key when finished.

7. Your API key appears in the following dialog.

   NGC does not save your key, so store it securely. You can copy your API Key to the clipboard by selecting Copy Personal Key or using the copy icon to the right of the API key.

   

   You can generate up to eight personal keys and manage them from the Setup > Personal Keys dashboard. To activate or deactivate a key, click the Active toggle. The Actions (ellipsis) menu allows you to rotate or delete a personal key.

   

9.2.1.1. Assigning Services to Your Personal API Key

The services you can assign to a personal API key depend on two factors:

• The services enabled for the NGC org where you generate the API key.

• The service roles assigned to you by your NGC org owner or administrator.

For example, consider an NGC org with the following services enabled:

An NGC user account might have the following access roles assigned:

In this scenario, the NGC org has enabled NVIDIA Microservices, Private Registry, NVIDIA AI Enterprise, and Cloud Functions (NVCF). The user account has been granted access roles for all these services. Therefore, a personal API key can be generated with permissions to access one or all of them.

If a service is unavailable for assignment to the API key, it indicates that the org owner or administrator has not granted the user the necessary role for that service.

For details about each service listed above and its function, see the table Supported NGC Applications and API Key Types.

9.2.1.2. Generating a Legacy NGC API Key

To generate a legacy API key, go to Setup > API Keys and click + Generate Legacy Key in the Legacy Keys drop-down.

In the Generate Legacy Key dialog, click on + Generate Legacy Key.

9.2.2. Generating a Service API Key

1. Sign in to the NGC website. From a browser, go to https://ngc.nvidia.com/signin and then enter your email and password.

2. Select Organization from the user account menu on the upper right.

   

   Select Service Keys on the organization dashboard.

   

3. On the Organization > Service Keys page, click + Create Service Key button to create a key.

   

4. In the Create Service Key dialog, fill in the required configuration. Service keys currently support services such as NVIDIA NIM, NGC Catalog, and Private Registry. Assign scopes and resource permissions to the key.

   

   In the Entity Type field, select from the available options to grant to the API key.

   

   In the Scope field, choose from the available options.

   

5. Click Next Step to review your key configuration.

   

6. Once you have verified the configuration, click Confirm to generate your service key. Your service key appears in the next dialog.

   

7. NGC does not save your key, so store it securely. You can copy your API Key to the clipboard by clicking the copy icon to the right of the API key or the Copy Service Key button.

   

   Make sure to copy the key value before leaving this page. Once you navigate away, the key value cannot be retrieved, and replacing it will require generating a new key.

NGC supports multiple Service API keys, which are managed from the Organization > Service Keys dashboard.

To activate or deactivate a key, click the Active toggle. The Actions (ellipsis) menu allows you to rotate or delete a service key.

Note

When managing containers, ensure the scopes Get Container and Get Container list are assigned to your service key. For other types of artifacts, add the Get Artifact and Get Artifact list scopes. These scopes are the minimum required to discover the artifacts that need to be managed. Refer to the NGC Catalog User Guide and Private Registry User Guide for more information.

10. Secure Sharing Service

NGC Secure Share is a security-focused service designed to help NGC users share sensitive credentials and secrets with each other. This service eliminates risky credential-sharing practices such as sending passwords or API keys through email, chat, or public forums.

Important

Exchanging credentials in clear text or through unprotected channels can result in the compromise of both user artifacts and the hosted services in NGC. Always utilize Secure Share to distribute sensitive information.

Secure Share enables secure, auditable, and ephemeral sharing of secrets—including API keys, usernames/passwords, and tokens—between NGC users and collaborators. Instead of transmitting credentials in an unsafe medium, users generate a secure, time-limited “Secure Share link” that is strictly controlled by access policies.

Key Features

• End-to-end encryption for all shared secrets

• Recipient restriction: limit access to specified organization

• Burn-after-read: each link will expire after a single access

• Short link lifespan: customizable expiration (5 min to 24 hours)

• No secrets stored after access: secrets are unrecoverable after viewing or expiration

Common Use Cases

• Safely hand off API keys between team members

• Securely provide one-time passwords or recovery codes to partners or support

• Distribute model secrets or other credentials during project onboarding

10.1. Securely Sharing Secrets

Follow these steps to securely share credentials using NGC Secure Share:

1. Log in and access Secure Share Service.

   • If not already signed in, log in to the NGC web portal using your NVIDIA credentials.

   • In the top right corner, click your profile and go to Setup, then click Secure Share.

   • Alternatively, you can navigate directly to https://org.ngc.nvidia.com/setup/secure-share.

2. Start a new share.

   • Click on Share Secure Link.

3. Enter secret details.

   • Give the share a name.

   • Provide a description of what is being shared.

   • Set the recipient organization.

     • For sharing with an organization you are a member of, pick from the list.

     • For sharing with an external organization, you must know the exact NGC organization name for external recipients. This is needed to ensure proper access controls. Please obtain this information from your recipient before sharing. Refer to Finding your Organization Name for more information.

   • Paste or type the credential or secret (for example, API key, username/password) you want to share.

   • Set the expiration time for the link: from 5 minutes to 24 hours.

4. Click Create Link & Copy to Clipboard.

5. Provide the link to the recipient.

   Send the link directly to the intended recipient (for example, email or direct chat).

   

10.2. Receiving a Secure Share Link

When someone invites you to access a shared secret:

1. Receive Secure Share link.

   • Watch for a direct message (for example, email or chat) with a secure share link.

2. Open the link and authenticate.

   • Click the link. If prompted, sign in with your NGC credentials.

   • You’ll be redirected to the Secure Share access interface.

3. Decide to view now or wait until later.

   • You have only one opportunity to view and copy the secret.

   • You will be given the option to choose Reveal Later or Reveal Now.

   

4. If you choose to access the secret now:

   • Click Reveal Now.

   • You will be given the option to copy the secret to your clipboard or discard it.

   • After choosing either option, the secret is no longer accessible.

   

   Note

   If access is denied (wrong org, expired, or already viewed), contact the sender for a new link.

10.3. Finding your Organization Name

To accept a Secure Share link sent to your NGC organization, you may need to confirm or provide your organization name. This can be done within the Secure Share service UI.

How to get your NGC organization name:

1. Navigate to https://org.ngc.nvidia.com/setup/secure-share.

2. Click Lookup Org Names.

3. If you belong to multiple orgs, find the relevant one from the list and click the copy button.

   

   Important

   For security, always verify you are entering or selecting the correct organization to avoid access issues or failed link attempts. If you are unsure or you cannot find your organization name, contact your NGC administrator.

   Note

   You cannot receive shares to organizations in which you are an external user.

11. Notification Services

The NGC Notification Services feature enables NGC users to subscribe to email notifications to receive service change events. By subscribing to notifications, users can stay updated with the latest changes and developments in the NGC cloud platform and its services.

NGC customers can be informed of the following types of changes:

• Customer-impacting service enhancements (release notes)

• Security vulnerabilities (CVEs) and scanning reports

• Software end-of-life announcements

• Scheduled web portal maintenance to an NGC property

NGC customers can subscribe to notifications in the following ways:

• During their first sign-in, the NGC portal will pop up a modal allowing users to set their notifications preferences.

  

  The following sample toast notification confirms the user’s email preference settings:

  

• After their initial sign-in, users can edit their notification preferences under their NGC user account settings page.

  

Notification preferences are organized based on the subscriptions enabled within the organization. Access to these preferences will be gated by the service roles assigned to each user.

12. Appendix

12.1. NVIDIA NGC Network Protocols

The table below lists the required network protocols and port configurations for communication with NVIDIA NGC services.

To enable access, ensure that these ports are open in your web proxy, which connects your network to external services.

Required Network Protocols

Location	Description	URL	Port
NGC	Authentication URL	https://authn.nvidia.com	443
NGC	Container Registry URL	https://nvcr.io	443
NGC	Container Registry URL	https://layers.nvcr.io	443
NGC	Helm Chart Registry URL	https://helm.ngc.nvidia.com	443
NGC	API URL	https://api.ngc.nvidia.com	443
NGC	Telemetry URL	https://prod.otel.kaizen. nvidia.com	8282
NGC	Catalog	https://files.ngc.nvidia.com	443
NGC	Catalog	https://xfiles.ngc.nvidia.com	443
NGC	Catalog	https://xlfiles.ngc.nvidia.com	443