Externally turn-off SSO

Describe the problem/error/question

When we have an issue with SSO, we need to login without it to fix it, but… n8n realises we should be able to login via SSO so bumps us to the broken system.

How can we turn off SSO externally to stop the frustrating behaviour (when we are trying to fix it)

What is the error message (if any)?

Please share your workflow

(Select the nodes on your canvas and use the keyboard shortcuts CMD+C/CTRL+C and CMD+V/CTRL+V to copy and paste the workflow.)

Share the output returned by the last node

Information on your n8n setup

• n8n version: 1.82.1
• Database (default: SQLite): Postgres
• n8n EXECUTIONS_PROCESS setting (default: own, main):
• Running n8n via (Docker, npm, n8n cloud, desktop app):
• Operating system: Windows

This is a common issue with SSO systems. You can temporarily disable SSO by setting these environment variables in your n8n configuration:

```

N8N_AUTHENTICATION_ENABLED=true

N8N_SAML_LOGIN_ENABLED=false

```

Restart n8n after making these changes to bypass SSO and use basic authentication instead. Once you’ve fixed your SSO issues, you can re-enable it by setting `N8N_SAML_LOGIN_ENABLED=true` again.

Unfortunately we are using OIDC on version 2, is there an environment variable to turn it off with that, or where is it in the (postgres) database so I can turn it off there?

Are you self-hosted or cloud?

We are self hosted, running the container on AWS using fargate and postgres.

There are no environment variables for OIDC so the only the only other place permanent things are stored is the database.

I had the exact same problem and had to resort to updating the database directly to be able to get in. This occurred when we were using a temporary license, it expired, we lost the ability to use SSO but n8n didn’t disable it for us. I’ll see if I can find exactly what setting was updated.

I think we updated the “settings” table and set “userManagement.authenticationMethod” to “email” and also the “features.oidc” setting to whatever the current json value was, just with the “loginEnabled” attribute set to false.

Okay I am trying this with

update settings set value='email' where key='userManagement.authenticationMethod';
update public.settings set "loadOnStartup"=False where key='features.oidc';

But wierd after restarting the container serManagement.authenticationMethod switched back to oidc

I’ll try again tomorrow, perhaps it seeing a value in features.oidc is making it switch itself back on

I think you do need to set the loginEnabled attribute in the features.oidc value to false in order for the setting to persist.

I had same situation in an self hosted n8n; when SSO is enabled, login by user and password was failing with message error:

image732×282 32.3 KB

At the same time we were using an version with this vulnerability:

So we upgrade to version: 1.123.18 and now we see in the UI Settings > SSO at the bottom there is a new check box for easy enable or disable the SSO:

image962×661 45 KB

Don’t have a lot of info in this new functionality but I tested and after uncheck the box this pop outs:

image1246×635 77.3 KB

That scares me a lot because the impact wasn’t clear (at least for me). Still made the change in a test env and surprise it worked. SSO was no longer available at login page and was able to use user and password to login. Of course, users that only use SSO was having an error.

Lastly, revert the change and SSO was again available. Made a test with one user that only use SSO and it worked. so at the very least with this version it looks like now we can easily switch from SSO to SAML.

@Neil_Carmichael as @ieu-saulp said, go into your n8n settings on the site, and disable SSO, if you cant, because its broken, do this.
If its postgres -

UPDATE settings SET value = 'false' WHERE key = 'features.saml';

If its SQLlite

UPDATE settings SET value = 'false' WHERE key = 'features.saml';

Sadly, you cant change it through env values, but also ensure your n8n is above v1.123.18+

Have a good day!