Yes. Self-hosted n8n supports SAML and LDAP single sign-on natively on its enterprise edition, so you can connect it to Okta, Azure AD/Entra, Google Workspace, or another IdP. If you are on the community edition, the common pattern is to put n8n behind an SSO-aware reverse proxy or an identity-aware proxy (for example oauth2-proxy in front of Caddy or Nginx), so users authenticate against your IdP before they ever reach the n8n login. Either way the editor ends up gated by your existing identity provider.
Two routes to SSO
- Native (enterprise): configure SAML or LDAP in n8n and point it at your IdP.
- Proxy (any edition): put an authenticating reverse proxy in front of n8n so the IdP login happens before n8n loads.
Both fit the onshore stack in the self-hosting n8n in Australia guide.
Related questions
Does the community edition of n8n support SSO?
Native SAML/LDAP SSO is an enterprise feature. On community edition you achieve the same outcome by fronting n8n with an authenticating proxy (oauth2-proxy, Authelia, or your cloud provider identity-aware proxy), plus an IP allow-list. It is a little more setup but it keeps the editor behind your IdP.
How should I secure a self-hosted n8n editor generally?
Beyond SSO: restrict the editor to a VPN or IP allow-list, disable public sign-up, keep secrets in environment variables, run Postgres (not SQLite), and enable TLS. SSO controls who gets in; the rest reduces the attack surface.
Still need a hand?
Book a 15-minute map (US$50, credited to a build) and we will scope it with you — or send a note and we will add the answer here.