Set up SAML#
- Available on Enterprise plans.
- You need access to the n8n instance owner account to enable and configure SAML
Available from version 0.225.0 onwards.
This page tells you how to enable SAML SSO (single sign-on) in n8n. It assumes you're familiar with SAML. If you're not, SAML Explained in Plain English can help you understand how SAML works, and its benefits.
- In n8n, go to Settings > SSO.
- Make a note of the n8n Redirect URL and Entity ID.
- Optional: if your IdP allows you to set up SAML from imported metadata, navigate to the Entity ID URL and save the XML.
- Set up SAML with your IdP (identity provider). You need the redirect URL and entity ID. You may also need an email address and name for the IdP user.
- After completing setup in your IdP, load the metadata XML into n8n. You can use a metadata URL or raw XML:
- Metadata URL: Copy the metadata URL from your IdP into the Identity Provider Settings field in n8n.
- Raw XML: Download the metadata XML from your IdP, toggle Identiy Provider Settings to XML, then copy the raw XML into Identity Provider Settings.
- Select Save settings.
- Select Test settings to check your SAML setup is working.
- Set SAML 2.0 to Activated.
Generic IdP setup#
The steps to configure the IdP vary depending on your chosen IdP. These are some common setup tasks:
- Create an app for n8n in your IdP.
Map n8n attributes to IdP attributes:
Name Name format Value (IdP side) http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress URI Reference User email http://schemas.xmlsoap.org/ws/2005/05/identity/claims/firstname URI Reference User First Name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/lastname URI Reference User Last Name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn URI Reference User Email
Setup resources for common IdPs#
Documentation links for common IdPs.
|Auth0||Configure Auth0 as SAML Identity Provider: Manually configure SSO integrations|
|Authentik||Applications and the SAML Provider|
|Azure AD||SAML authentication with Azure Active Directory|
|Keycloak||Choose a Getting Started guide depending on your hosting.|
|Okta||n8n provides a Workforce Identity setup guide|
If you remove a user from your IdP, they remain logged in to n8n. You need to manually remove them from n8n as well. Refer to Manage users for guidance on deleting users.