Need assistance setting up SAML for Entra

Leigh_Gallagher · January 5, 2026, 3:05pm

Describe the problem/error/question

Trying to set up SSO for Entra ID

What is the error message (if any)?

{"code":401,"message":"SAML Authentication failed: SAML Authentication failed. Invalid SAML response (missing attributes: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress, http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn, http://schemas.xmlsoap.org/ws/2005/05/identity/claims/firstname, http://schemas.xmlsoap.org/ws/2005/05/identity/claims/lastname)."}

Please share your workflow

N/A

Share the output returned by the last node

Information on your n8n setup

n8n version: Version 2.0.2
Database (default: SQLite):
n8n EXECUTIONS_PROCESS setting (default: own, main):
Running n8n via (Docker, npm, n8n cloud, desktop app):
Operating system:

Wouter_Nigrini · January 5, 2026, 3:09pm

Hi @Leigh_Gallagher,

Please can you provide us with more context of your current setup? Providing a statement only is not very helpful.

Are you referring to Microsoft Entra?

Are you using the graph api’s?

Leigh_Gallagher · January 5, 2026, 3:42pm

We are using Entra as our identity provider and would like to set up SSO via SAML. I have set up the attributes according to the documentation, but they are not being recognised when I test the SAML connection

Wouter_Nigrini · January 5, 2026, 4:42pm

I assume you have an enterprise plan and trying to setup SSO through the n8n settings then? If so, I will not be able to assist.

Leigh_Gallagher · January 6, 2026, 11:18am

We have the business plan and are trying to set up SSO through n8n settings with Entra.

Jon · January 6, 2026, 11:28am

Can you update your Claim Names to use the ones we document? It looks like you have included the value at the end of the name which isn’t needed so they should just be…

Leigh_Gallagher · January 6, 2026, 11:49am

I have updated the claims, but emailaddress is somehow still flagging an error:

{“code”:401,“message”:“SAML Authentication failed: SAML Authentication failed. Invalid SAML response (missing attributes: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress).”}

Jon · January 6, 2026, 2:31pm

@Leigh_Gallagher do you know if it is actually sending the correct value for user.mail or any value? Don’t forget we also suggest to map claim/upn to the user email as well rather than then user principal name.

Leigh_Gallagher · January 6, 2026, 3:54pm

I managed to fix it, it seems that user.mail was not being picked up properly. Fixed with the following attributes:

system · January 13, 2026, 3:55pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.