How n8n Now Handles Permissions, Roles, and SSO

In enterprise automation, oneweek permission model can jeopardize compliance, introduce data risk, or tank execution volume overnight. That's why we're launching a new set of security controls designed for instance owners who need confidence, and for technical teams who need flexibility. Imagine you're rolling out an ADN across multiple teams. You've got developers and analysts, maybe ops and external contractors. You need granular control. You need guard rails. And you need to know people can only access what they're supposed to. Until now, this level of control wasn't possible in N8N. That changes today. First up, custom project roles. We're able to define exactly what each team can see, edit, transfer, or publish. Next, we have SSO user provisioning. You're able to automatically onboard and manage users through your identity provider. Now, let's look at what this actually looks like inside of NADN.

Custom project roles give you fine grain control over every resource inside a project. Whether that's workflows or credentials, data tables or variables or folders and source control. For each of these, you can set exactly what someone can do, whether it's view, create, edit, delete, or transfer, all independently. This level of granularity is what makes it safe to scale NAN across teams. The real power comes from shaping roles around actual team responsibilities. For example, you might have builders who should create and edit workflows but shouldn't manage credentials or provers who can push changes to production but can't edit workflows themselves or contributors who can view and clone workflows without modifying production. With custom roles, you can model exactly how your teams work. Here's a real world scenario. We need to give the data team the ability to build and edit workflows, but they shouldn't be able to manage credentials or deploy to production. To accomplish that, we're going to jump into our NADN platform. And from there, we're going to head into our settings. From there, I'll jump into project ROS. And here you can see we have our current system roles. So, as you can see, these are labeled with the word system and cannot be deleted or edited. However, now what we can do is create new roles. So, I'll go ahead and create a new role. And let's go ahead and call this data team. So, again, we want them to be able to have full access to workflows. So, I'm going to go ahead and give them full access to create, edit, delete, and even folders so they can get organized. And from there, that's it. We're going to take away the ability to view credentials. And that's it. Now, I'm going to go ahead and create. Perfect. Now, we can go ahead and head into our project. So, I'm going to go into our Call Forge project. And here, project settings. Here we have a second project user that we're going to go ahead and give access to the custom role. So I'm going to go ahead and click on data team. There we go. Perfect. Now I'm going to go ahead head back to settings. And from here you'll see that this custom role has one user assigned to it. So if I was to go in and try to delete this, it won't let me until I remove this assigned user. So here I can go ahead and go back to project viewer. We can go ahead and save. Now, if we go back to project roles, we'll see we have zero users, which then allows us to delete. With custom roles, the separation of duties is straightforward. Once you've created these roles, they become reusable templates across all of your projects. Assigning them is simple. You select a project, choose the role, and assign it to users. The permissions take effect immediately, and you can use the same role definitions across multiple projects for consistency. This granular approach helps avoid the classic problem of overpermissioning where you give someone administrative access just because you need them to do one specific thing. Now you can give them exactly the access they need and nothing more. And if their needs change, you can just adjust that singular role. Next up is

SSO user provisioning. SSO user provisioning takes this a step further. When someone logs in through your identity provider for the first time, they're automatically created as a user in NADN. Even better, roles can be assigned immediately on first login based on attributes from your identity provider. So a user from your engineering group in your IDP can automatically get the developer role in NADN. Now let's see this in action. Let's go ahead and take a look at NADN. So from here I can go ahead and head into my settings and go into SSO. From here I can go ahead and click here to see how to configure SAML or OIDC. Once all of this has been implemented, you can go ahead and select which level of user role provisioning you'd prefer. By default, user roles are managed by NADN. And you can see that listed here in this setting. If you'd like your IDP to manage your users, you can set it to instance ro. And if you'd like your IDP to manage your instance and project roles, you can set it to this setting here. So here, what we would do is we would set it to our instance ro. And then we would turn on single sign on to turn on to give us the option to actually sign on which looks like this. So from here I can continue with SSO. Don't forget to hit test settings once you're done and then hit save to go ahead and apply your changes. As you can

see this dramatically reduces administrative overhead. In the past you might have built an NAN workflow just to synchronize users and roles from your identity provider and now it's built right in and it's more reliable than any custom solution. These features operate together as a comprehensive security layer. Role control leads to identity control which leads to behavior control, essentially a governance stack. If security and governance concerns blocked your NAD roll out before, these features might change the equation. Contact your NAD representative to enable these on your instance today. And don't forget to check out the documentation interactive demos. If you want to test these features today, the links are in the description below. Automation grows fast and governance has to grow with it. With these new security controls, NAN gives enterprises the clarity, safety, and flexibility they've been asking for. Enable them today and give your teams the freedom to build with confidence. As always, this is Angel signing off and reminding you to stay curious.