I’m starting an AI automation agency and I’m creating AI agents for my clients.
When the client is self-employed, it’s pretty straightforward. Either I help them set up their n8n cloud account and give them their workflows with their own credentials (Google Workspace, external database, Slack, HubSpot, etc.) or I help them setup a self-hosted server on DigitalOcean and all other nuts and bolts to make it work. I give them the key of their kingdom, they give me some cash and we go in our own separate way.
My question is when my client is a small business, 5-20 employees, what is the proper strategy ? Let’s say they use Google Workspace and HubSpot and each employee would get their own AI agents to act on their behalf. Since each employees have different credentials do I understand correctly that I would need to duplicate the workflows for each employee and set their credentials manually into each of them?
So in the cloud or self-hosted n8n instance I would have a bunch of duplicated workflows? And whenever we need to update something we go through each workflow and modify them individually? When a new employees arrive we duplicate again and when they leave we delete the workflow.
Is that how we are supposed to handle multiple users?
I understand enterprise version has SSO which, if I understand correctly, would make this seamless. Just want to make sure I understand correctly this is how it is expected to work.
As long as the users belong to the same company and everything is for business internal use you should be fine with creating workflows with multi-user support. The sustainable use license prohibits the use of credentials from external users.
Alright, so one n8n user per employees. Each gets their own workflows and when a new employee arrive, we create a new n8n user, copy the workflows we want the employee to use, set their credentials and we are good.
Makes me think, with the cloud version there’s a limit of active workflows, so if my AI agent use 1 workflow (plus a bunch of sub-workflows), and if I am allowed to have 15 active workflows, we’ll be ok for 15 employees before needing to go up the next cloud plan. In practice an employee would probably use more than one active workflow though, so this could go up a bit faster too.
Why should every “employee” have an own “AI Agent”? I would say it is more reasonable checking first what can be automated. Lets say you want to build different chatbots with different RAG Sources (maybe some employees should not have access to certain data) You could use Basic Auth within the Chat Node. Creating one n8n user per employee does not make much sense if they dont build own workflows. For credentials you can use Projects, Or dependig on the worfklows just different credentials. For example you can have 99+ Logins for Google Sheet. External Credential Storage would also be possible.
It all depends on you use case, but most probably you don’t need a workflow per user. What I meant with multi-user support is, that you could build your AI supported workflows in a way, that they match the credentials automatically.
In case you rely on the chat trigger as interface it might be a bit trickier to match the user at the beginning without the need to ask him to identify. If you use it in embed mode, there is a way to send custom headers, but I am not sure if you have access to them in the workflow.
Ok, thank you both. Let me verify if I understand the big picture correctly. My use case would be a personal AI agent for company employees who use Google Workspace for their emails, sheets, calendars, etc. Employees would interact with the AI agent through a Flutter app installed on their iPhone/Android devices (like Vagent.io from @octionic).
Here’s the flow:
When an employee first uses the AI agent, they sign in using their Google account through the Flutter app.
This authentication generates an ID token and an Access token, which are sent to a custom n8n authentication workflow (or another production grade authentication server maybe ?).
The authentication workflow verifies if the email exists in an internal employee database. If yes, it stores the Google ID token and access token in the internal database.
The authentication workflow then generates a JWT token and sends it back to the user’s Flutter app.
For all subsequent requests to the AI agent, the Flutter app includes this JWT token as a parameter.
The AI agent workflow validates the JWT against its internal database, retrieves the associated Google access token, and uses it to make an authorized HTTP requests to Google services on behalf of the user.
The only drawback would be that I can’t use the Gmail Nodes cause I need to set the credentials manually.
If the company set that up on their own server, we could use the free community edition. If we set that up on their n8n cloud account, the starter plan would be sufficient from a technical perspective.
Now if I wanted to create my own AI agent SaaS , I would need an embed license.
