I am rolling out n8n in a corporate environment. 50+ user are now able to create workflows. Working in such a environment requires certain guidelines for the n8n developers to create secure solutions.
For safe usage we have to consider management of credentials, approval of endpoints and integrations etc.
In my optimal version, only endpoints and MCP server approved by the admin can be used.
Do you have any best practices you can share?
We’re working on similar governance challenges for workflow platforms right now.
The most effective approach we’ve seen is routing all external calls through a corporate proxy for visibility and control, combined with network-level endpoint blocking where admins maintain a whitelist.
For credentials, vault integration with automatic rotation works well.
The proxy plus network controls give you immediate oversight while you build out more formal approval processes, which tends to be a good quick win.
How are you planning to handle the MCP server approval piece?
We’re building tooling in this space and would be happy to share what we’re learning. Just ping me on linkedin if helpful!
Nick Raziborsky
2 Likes
Thanks for your answer. It’s a tough question not to put some complex approval processes on top. Right now, we are planning to have a whitelist for MCP endpoints. Next step is to develop internal MCP to integrate in our on prem hosted applications.
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.