How do I set up n8n Business (self-hosted) for my team—license key, SSO (SAML/LDAP), and RBAC?
Workflow Automation Platforms

How do I set up n8n Business (self-hosted) for my team—license key, SSO (SAML/LDAP), and RBAC?

7 min read

Quick Answer: To set up n8n Business self-hosted for your team, you apply your Business license key to your existing instance, then configure SSO (SAML or LDAP) for central identity, and finally enforce team access with RBAC so people only see and change what they should.

Frequently Asked Questions

How do I upgrade my self-hosted n8n instance to the Business plan with a license key?

Short Answer: After purchasing n8n Business, you’ll receive a license key by email. You add that key to your existing self-hosted instance and restart n8n to unlock Business features like SSO and RBAC.

Expanded Explanation:
When you subscribe to n8n Business, the upgrade doesn’t create a new instance. You keep your current self-hosted deployment (Docker, Kubernetes, bare metal, etc.) and simply apply the license key you receive by email. That key is what activates Business and Enterprise features on your self-hosted instance, including SSO (SAML/LDAP), role-based access control, audit-friendly logging, and more.

Your instance pings the n8n license server daily to validate the key and report usage such as the number of production executions. This is how n8n tracks your Business plan usage while still letting you run workflows entirely in your own environment. If you have any other existing plans (Starter, Pro, Startup, Enterprise, or another Business plan), they are not canceled automatically—you have to cancel or change them yourself.

Key Takeaways:

  • You receive your n8n Business license key by email after subscribing.
  • You apply the key to your current self-hosted instance; n8n doesn’t auto-cancel older plans.

What is the process to apply the n8n Business license key on a self-hosted instance?

Short Answer: Add the license key to your n8n configuration (usually via environment variable or config file), restart the instance, and confirm Business features are available in the UI.

Expanded Explanation:
The exact mechanics depend on how you deploy n8n (Docker, Docker Compose, Kubernetes, or a systemd-style service), but the pattern is always the same: you store the license key as a configuration value, restart n8n, and let it perform its daily license check. This check sends metadata like production execution counts back to n8n so your Business quota can be monitored. If you’re on an annual Business plan, the n8n team will contact you as you approach about 80% of your annual execution quota.

If you are migrating from another paid plan, you’ll want to align billing dates and cancel any old subscriptions you no longer need. For annual upgrades from other plans to Business, coordinate with the n8n sales team to avoid overlapping or redundant billing.

Steps:

  1. Locate your license key in the confirmation email you receive after subscribing to n8n Business.
  2. Set the license key in your deployment (for example, as an environment variable in Docker/Kubernetes or in your config) and restart your n8n instance.
  3. Verify activation by logging into n8n, checking that Business features (like SSO and RBAC settings) are available, and monitoring that executions are counted under your Business quota.

What’s the difference between n8n Cloud and self-hosted Business for SSO and RBAC?

Short Answer: n8n Cloud abstracts away infrastructure, while self-hosted Business gives you full control over hosting plus the same enterprise features like SSO (SAML/LDAP) and RBAC.

Expanded Explanation:
If you choose n8n Cloud, n8n runs and manages the infrastructure for you—you don’t need to install anything. Cloud is suited for teams that want fast setup with enterprise features but don’t have strict on-prem or data locality requirements beyond n8n’s standard EU hosting (Frankfurt, Germany) and SOC2/GDPR posture.

Self-hosted Business is for teams that want full control over where n8n runs, how it’s networked, and how it’s monitored. You deploy n8n yourself (often via Docker or Kubernetes), then unlock Business features with your license key. From there, you can hook n8n into your own SSO (SAML or LDAP) provider, enforce RBAC aligned with your internal policies, stream logs to your SIEM, and integrate n8n into your broader platform stack.

Comparison Snapshot:

  • Option A: n8n Cloud: No install; infrastructure managed by n8n; EU hosting; SSO/RBAC available on eligible plans.
  • Option B: Self-hosted Business: You host n8n; full control over infra, networking, and monitoring; SSO (SAML/LDAP), RBAC, and other enterprise controls unlocked via license key.
  • Best for: Teams with strict compliance, on-prem, or customization requirements generally lean to self-hosted Business; teams optimizing purely for speed of setup often start on n8n Cloud.

How do I actually set up SSO (SAML/LDAP) and RBAC in n8n Business for my team?

Short Answer: Once the Business license is active, you connect n8n to your identity provider via SAML or LDAP, then define roles and permissions with RBAC so each user only has the access they need.

Expanded Explanation:
In practice, the SSO setup mirrors other modern tools in your stack. You configure a SAML app (e.g., Okta, Azure AD, Google Workspace SAML, Ping) or an LDAP integration against your directory. n8n then authenticates users against that identity provider instead of managing passwords locally. This centralizes access control and enables your usual identity workflows—offboarding, MFA, conditional access, and so on.

RBAC sits on top of that. Once SSO is in place, you map users or groups to roles that control what they can do in n8n: who can create or edit workflows, who can manage credentials, who can change environment-level settings, and who can just view executions or logs. This is critical when you’re running production workflows that impact security, finance, customer operations, or AI-driven decisions. You don’t want “everyone is an admin” to be the failure mode.

What You Need:

  • An identity provider that supports SAML or LDAP (e.g., Okta, Azure AD, Google Workspace SAML, or an internal LDAP directory).
  • A clear role model for RBAC (e.g., Admin, Builder, Reader) that matches how you want teams to use workflows, credentials, and production environments.

How should we structure SSO and RBAC strategically when rolling out n8n Business self-hosted?

Short Answer: Treat n8n like any other production platform: wire it into central SSO, design RBAC roles around blast radius and auditability, and align usage with n8n’s execution-based pricing so costs stay predictable.

Expanded Explanation:
n8n Business is designed for teams that are serious about operational rigor—workflow history, execution search, logs, retries, and error workflows are all there so you can run automation without turning it into a future incident. That same mindset should drive how you design SSO and RBAC.

Use SSO (SAML/LDAP) to tie n8n into your existing security perimeter: enforce MFA, conditional access, and lifecycle management centrally. Use RBAC to separate concerns: a small set of admins who can manage instances and environments, builders who create and modify workflows (and can write JavaScript/Python where needed), and analysts or operators who can inspect executions, logs, and AI evaluation outputs without being able to change the workflows themselves.

From a cost and governance perspective, remember that n8n bills Business plans based on full workflow executions—not per step. One execution is one full run of a workflow, regardless of how many nodes it uses or how many times it branches, merges, or waits on external events. That matters when you’re designing patterns like AI-heavy flows, retries, or human-in-the-loop approvals: you want workflows that are robust and observable without accidentally multiplying cost by over-splitting flows into unnecessary separate tools.

Why It Matters:

  • Security and compliance: Central SSO plus RBAC, audit logs, and log streaming to a SIEM make it easier to show who did what and when—especially important when workflows touch customer data or security tools.
  • Operational control and cost predictability: Execution-based billing, combined with clear roles, keeps you from both over-provisioning access and losing track of which teams are driving workload and spend.

Quick Recap

To set up n8n Business self-hosted for your team, you apply the Business license key you receive by email to your existing instance, which enables enterprise features like SSO (SAML/LDAP), RBAC, and advanced governance tooling. From there, you connect n8n to your identity provider, map users to roles that match their operational responsibilities, and treat n8n like a production-critical platform—using workflow history, logs, and execution visibility to keep your automations fast, auditable, and safe to evolve.

Next Step

Get Started

Back to Workflow Automation Platforms

Keep Reading

More from Workflow Automation Platforms

Automation platforms with strong execution logs and easy troubleshooting (not “set and forget”)

Read more

How do I talk to n8n about Enterprise or n8n Embed pricing for embedding automation in our SaaS?

Read more

How do I enable Git version control in n8n and promote workflows across dev/staging/prod environments?

Read more