I’m running a self-hosted n8n instance in AKS behind Azure Front Door / Application Gateway using SAML SSO (Microsoft). SSO works correctly via the “Continue with SSO” button (it hits /rest/sso/saml/initsso and posts back to /rest/sso/saml/acs), but the default login page still shows the Email/Password form alongside the SSO button.
Feature request:
-
SSO-only login mode (UI + behavior):
-
Add a supported setting to disable and hide the email/password login fields when SSO is enabled (SAML or OIDC).
-
Ideally also disable local auth endpoints for non-owner users when SSO-only is on, while keeping a safe admin/owner fallback.
-
-
Optional automatic redirect to SSO:
-
Add a supported option like
N8N_SSO_AUTO_REDIRECT=true(name flexible) so visiting/signinautomatically initiates SSO (SAML/OIDC), without requiring users to click the button. -
This is especially helpful now that OAuth callback URLs require authentication by default in v2.0, because users can end up on
/signinmid-flow and the experience is confusing.
-
Why this matters:
-
In enterprise environments with enforced IdP (Azure AD/Okta), showing password fields increases user confusion and support tickets (“what password?”), and can become a security/policy issue.
-
Auto-redirect smooths the experience for both normal login and OAuth credential setup flows.
Acceptance criteria / expected behavior:
-
When enabled, the login screen shows only “Continue with SSO” (or immediately redirects to SSO).
-
Works for both SAML and OIDC providers.