2FA - n8n cloud [GOT CREATED]

Hi @pradilla thanks for posting this. Completely agree that security is of the utmost importance for a tool like n8n which holds access to various apps and services. It’s also something we’ve planned to implement, but inbound requests help us with prioritisation so appreciate it!

Will update here once I have more info on progress, especially when it comes to planned spec.

6 Likes

Voted!

@maxT , any update on adding 2FA to the roadmap?

1 Like

@GreenFlux happy to say that 2FA/ MFA is on our n8n.cloud roadmap for n8n.cloud. While I can’t give you a specific ETA, it’s on the immediate roadmap behind a few other features - i.e. it’s not buried in backlog hell :wink:

If anyone has specific requirements for 2FA/ MFA, please do add them here (especially if it’s a hard requirement for your organisation or a vendor you work with).

2 Likes

Yes for me too it is a very important requirement for production environments.
Password-only authentication is too vulnerable to brute force especially in the absence of mechanisms similar to fail2ban.
I would love to be able to use two-factor authentication in the app, with Authy for example.

Is the feature also planned for the self hosted version?

Thanks a lot, I really love n8n

@marco.fucito 2FA for n8n.cloud would be separate from 2FA on n8n core/ self-hosted. For n8n.cloud, we’ll be adding 2FA to the global n8n account used to access n8n.cloud and n8n.io.

As for 2FA on n8n core, this would be on our User Management roadmap. We’re currently implementing the MVP of User Management. Once that is released, we’ll be prioritising additional functionality for User Management, including auth features like 2FA/ SSO etc.

for the self-hosted n8n, i route my connections via a tunnel to Cloudflare Teams this give the 2FA needed when exposing my infra to outside.

3 Likes

Could you share detail step by step how to do this? Is self-hosted n8n install by docker can do this? Cloudflare free can do this?

i use docker for self hosted yes.

And CloudFlare teams Argo Tunnel.

2 Likes

Hi @maxT is this still on the roadmap, as MFA is very important in order to use the cloud version of N8N, we were planing on moving from the self-hosted version to the cloud instance to reduce are management overheads but i don’t see us storing any keys on the cloud version until there is a bit more security.

It would be great to have an account management page as the account page is linked to only 2 views Logout and Instance, without having the ability of changing any user information(not even the password), and if this is already a feature I just cannot see it.

Do you have a timeline on any of those items?

@sbesliu it is still on the roadmap, unfortunately I don’t have an ETA however. @sirdavidoff might have a better idea.

It is possible to currently change password just not while logged in, you would have to sign out and use the forgot password flow (understandably, that’s some extra friction - we’re simply prioritizing core features currently). At this time, it’s not possible to manually change for example your email address.

Hey team,

Is there any update on this? we are just looking at automating some specific things for internal use, but the ability to generate a 2FA token to complete a login is a hard requirement.

Cheers,

Gary

Upvoting! This is pretty critical to securing our service as we would like our n8n instance to have access to our database. Happy to help contribute to this if you’re accepting PRs.

Upvoting too ! hard requirement my company too.

Upvoting! This is pretty critical to securing our service.

Any update on this? This is very important in 2022. Is it even on the roadmap?

1 Like

Welcome to the community @joeldeteves

It’s in our roadmap, but we do not have an ETA. Once I have one, I can share it.

We created an MVP that adds support.

8 Likes

Awesome! This is a much-needed feature.

Really happy to see some progress on this! Been happy with n8n cloud so far but security is definitely important to us.

#cloud #feature-requests #security

Hello @RicardoE105,
Do you have any news about the status of 2FA ? is it considered a priority ?
Thank you,
Best regards,