mirrors/n8n-docs
2
0
Fork 0
mirror of https://github.com/n8n-io/n8n-docs.git synced 2025-11-20 17:48:34 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
9e76c1955e
n8n-docs/docs/user-management/saml/setup.md
Deborah Barnard 551147c430 new syntax for admonitions
2023-11-06 14:10:19 +00:00

3.9 KiB
Raw Blame History

title description contentType
Set up SAML Generic setup instructions for using SAML SSO with n8n. howto

Set up SAML

/// info | Feature availability

  • Available on Enterprise plans.
  • You need access to the n8n instance owner account to enable and configure SAML

Available from version 0.225.0 onwards. ///

This page tells you how to enable SAML SSO (single sign-on) in n8n. It assumes you're familiar with SAML. If you're not, SAML Explained in Plain English{:target=_blank .external-link} can help you understand how SAML works, and its benefits.

Enable SAML

  1. In n8n, go to Settings > SSO.
  2. Make a note of the n8n Redirect URL and Entity ID.
    1. Optional: if your IdP allows you to set up SAML from imported metadata, navigate to the Entity ID URL and save the XML.
  3. Set up SAML with your IdP (identity provider). You need the redirect URL and entity ID. You may also need an email address and name for the IdP user.
  4. After completing setup in your IdP, load the metadata XML into n8n. You can use a metadata URL or raw XML:
    1. Metadata URL: Copy the metadata URL from your IdP into the Identity Provider Settings field in n8n.
    2. Raw XML: Download the metadata XML from your IdP, toggle Identiy Provider Settings to XML, then copy the raw XML into Identity Provider Settings.
  5. Select Save settings.
  6. Select Test settings to check your SAML setup is working.
  7. Set SAML 2.0 to Activated.

Generic IdP setup

The steps to configure the IdP vary depending on your chosen IdP. These are some common setup tasks:

  • Create an app for n8n in your IdP.
  • Map n8n attributes to IdP attributes:
    Name Name format Value (IdP side)
    ttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress | RI Reference | ser email |
    ttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/firstname | RI Reference | ser First Name |
    ttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/lastname | RI Reference | ser Last Name |
    ttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn | RI Reference | ser Email |

Setup resources for common IdPs

Documentation links for common IdPs.

IdP Documentation
Auth0 Configure Auth0 as SAML Identity Provider: Manually configure SSO integrations{:target=_blank .external-link}
Authentik Applications{:target=_blank .external-link} and the SAML Provider{:target=_blank .external-link}
Azure AD SAML authentication with Azure Active Directory{:target=_blank .external-link}
Keycloak Choose a Getting Started{:target=_blank .external-link} guide depending on your hosting.
Okta n8n provides a Workforce Identity setup guide
PingIdentity PingOne SSO{:target=_blank .external-link}

IdP-specific guidance

This section contains notes on IdP-specific quirks and tips.

Azure

The Azure metadata XML is a combination of the SAML 2.0 definition and the WS-Federation definition. This means you can't use the App Federation Metadata Url to automatically load the XML. Instead:

  1. Download the Federation Metadata XML.
  2. Open the file in your text editor.
  3. Remove the RoleDescriptor sections. Anything with the fed: namespace is part of the WS-Federation definition.
  4. Paste the edited XML into Identity Provider Settings in n8n's SSO settings.