Single-sign on (SSO) support

The idea is:

Users can login with an IdP like Keycloak, Ory or paid solutions like Okta rather than using a regular user/password based account. This can provide things like 2FA, location-based threat detection, etc without n8n needing to support any specific feature.

My use case:

Nonprofits and communities use free tools like Keycloak for identity management on a budget, and being able to use n8n in this ecosystem would be fantastic.

I think it would be beneficial to add this because:

It would benefit everyone from small communities to large organizations. Many open-core products lock SSO behind an enterprise tier which puts it out of reach not just for communities but also for small and even midsize nonprofits that can’t afford enterprise level pricing (and don’t have enterprise-level needs for the most part).

Are you willing to work on this?

No idea how

Hey @ianhyzy,

Solid request and I suspect it be part of the future expansion plans once user management (User and Privilege Management [GOT CREATED]) has been released.

It may be worth popping a vote on that, I am not sure if @maxT & @sirdavidoff would count this as the same request or treat it as a different one though.

Thanks @Jon - definitely helpful to track this as it’s own feature as it’ll allow us to better prioritize what functionality we add to our initial version of user management.

for now you can use something like Cloudflare for teams, its what I use to expose my internal n8n externally, uses MFA and can support SSO(IIRC) if you so wish

Absolutely this feature will be really helpful and it’ll bring more control to N8N Auth

+1 this is absolutely a security requirement for enterprise deployments

To echo the above, this is a day 1 requirement for any enterprise deployment, specially for regulated industries. Is there any visibility if this request has been accepted, where it sits with overall priorities and when you expect it would land in the product? Thanks and regards, Fuzz

Echoing everyone else expressing the need for this. In some cases it is a hard requirement to have SSO integration and it could be the difference between using this tool or not.

Any updates on this feature? We are using N8N heavily in PROD. And we’ve already have issues managing local users

We strongly need it!

Thanks in advance!

Nico

Hey @Nicolas_Andres_Calvo,

Work has started on part of this, Out of interest what idp are you planning to use?

Hey @Jon,

Ideally, Google, we have SSO with everything. Alternatively, we could use GitHub.

And at mid term, an specific tool such as Keycloak.

Thanks again @Jon

Nico

Hi,
It would be great to have SSO support for Keycloak as it is widely used in companies.

Thanks!

Don’t forget one of the biggest, Azure AD. If you get Authorization Code Flow working it probably will work for most IdP’s but please also verify against Azure AD since I saw some other project that didn’t work against Azure Ad since you got not only an Email claim but also an EmailVerified. Looking forward for OIDC support!

Yes, and more broadly any OIDC compliant provider

Hey @Jon
(tagging you mostly because I don’t know who else to tag in the team)

Any updates to this feature request?

Hey @Loan_J,

You don’t really need to tag any of us, when the feature is released it will be updated here

So currently we have LDAP support which can work with almost IDPs that offer an ldap interface and we are currently working on SAML, I don’t have a timeline for it but I would expect it maybe in a couple of months.

OIDC has not been started on yet (or I am not aware of it being started) but if we do add that it will likely be after SAML and 2FA support.

Hi,

As Jon mentioned we are currently working on SSO SAML 2.0, this feature will be released mid-March and will be initially included in our premium offer (on the Enterprise self-hosted plan).

You can learn more here.

We plan to start working on OIDC right after.

Best,

Romain