Set up SAML#
Feature availability
- Available on Enterprise plans.
- You need access to the n8n instance owner account to enable and configure SAML
Available from version 0.225.0.
This page tells you how to enable SAML SSO (single sign-on) in n8n. It assumes you're familiar with SAML. If you're not, SAML Explained in Plain English can help you understand how SAML works, and its benefits.
Enable SAML#
- In n8n, go to Settings > SSO.
- Make a note of the n8n Redirect URL and Entity ID.
- Optional: if your IdP allows you to set up SAML from imported metadata, navigate to the Entity ID URL and save the XML.
- Optional: if you are running n8n behind a load balancer make sure you have
N8N_EDITOR_BASE_URL
configured.
- Set up SAML with your IdP (identity provider). You need the redirect URL and entity ID. You may also need an email address and name for the IdP user.
- After completing setup in your IdP, load the metadata XML into n8n. You can use a metadata URL or raw XML:
- Metadata URL: Copy the metadata URL from your IdP into the Identity Provider Settings field in n8n.
- Raw XML: Download the metadata XML from your IdP, toggle Identiy Provider Settings to XML, then copy the raw XML into Identity Provider Settings.
- Select Save settings.
- Select Test settings to check your SAML setup is working.
- Set SAML 2.0 to Activated.
Generic IdP setup#
The steps to configure the IdP vary depending on your chosen IdP. These are some common setup tasks:
- Create an app for n8n in your IdP.
-
Map n8n attributes to IdP attributes:
Name Name format Value (IdP side) http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress URI Reference User email http://schemas.xmlsoap.org/ws/2005/05/identity/claims/firstname URI Reference User First Name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/lastname URI Reference User Last Name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn URI Reference User Email
Setup resources for common IdPs#
Documentation links for common IdPs.
IdP | Documentation |
---|---|
Auth0 | Configure Auth0 as SAML Identity Provider: Manually configure SSO integrations |
Authentik | Applications and the SAML Provider |
Azure AD | SAML authentication with Azure Active Directory |
Keycloak | Choose a Getting Started guide depending on your hosting. |
Okta | n8n provides a Workforce Identity setup guide |
PingIdentity | PingOne SSO |