Set up SAML#
- Available on Enterprise plans.
- You need access to the n8n instance owner account to enable and configure SAML
Available from version 0.225.0 onwards.
This page tells you how to enable SAML SSO (single sign-on) in n8n. It assumes you're familiar with SAML. If you're not, SAML Explained in Plain English can help you understand how SAML works, and its benefits.
- In n8n, go to Settings > SSO.
- Make a note of the n8n Redirect URL and Entity ID.
- Optional: if your IdP allows you to set up SAML from imported metadata, navigate to the Entity ID URL and save the XML.
- Set up SAML with your IdP (identity provider). You need the redirect URL and entity ID. You may also need an email address and name for the IdP user.
- After completing setup in your IdP, load the metadata XML into n8n. You can use a metadata URL or raw XML:
- Metadata URL: Copy the metadata URL from your IdP into the Identity Provider Settings field in n8n.
- Raw XML: Download the metadata XML from your IdP, toggle Identiy Provider Settings to XML, then copy the raw XML into Identity Provider Settings.
- Select Save settings.
- Select Test settings to check your SAML setup is working.
- Set SAML 2.0 to Activated.
Generic IdP setup#
The steps to configure the IdP vary depending on your chosen IdP. These are some common setup tasks:
- Create an app for n8n in your IdP.
Map n8n attributes to IdP attributes:
Name Name format Value (IdP side) http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress URI Reference User email http://schemas.xmlsoap.org/ws/2005/05/identity/claims/firstname URI Reference User First Name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/lastname URI Reference User Last Name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn URI Reference User Email
Setup resources for common IdPs#
Documentation links for common IdPs.
|Auth0||Configure Auth0 as SAML Identity Provider: Manually configure SSO integrations|
|Authentik||Applications and the SAML Provider|
|Azure AD||SAML authentication with Azure Active Directory|
|Keycloak||Choose a Getting Started guide depending on your hosting.|
|Okta||n8n provides a Workforce Identity setup guide|
This section contains notes on IdP-specific quirks and tips.
The Azure metadata XML is a combination of the SAML 2.0 definition and the WS-Federation definition. This means you can't use the App Federation Metadata Url to automatically load the XML. Instead:
- Download the Federation Metadata XML.
- Open the file in your text editor.
- Remove the
RoleDescriptorsections. Anything with the
fed:namespace is part of the WS-Federation definition.
- Paste the edited XML into Identity Provider Settings in n8n's SSO settings.