n8n Fundamentals & Deployment Planning

n8n (pronounced "nodemation") is an open-source workflow automation platform that lets you connect any service with an API to any other service, using a visual node-based editor. Think of it as the plumbing layer between your business applications: when something happens in one system, n8n can read that event, transform the data, apply logic, and push results to one or more destination systems - all without writing traditional application code.

What sets n8n apart from platforms like Zapier or Make is control. n8n can be fully self-hosted, meaning your data never leaves your infrastructure. This is not a theoretical benefit - it is a hard requirement for organizations handling sensitive data, operating in regulated industries, or running workflows that touch internal systems behind a firewall. Self-hosting also eliminates per-execution pricing. Whether your instance handles 100 executions per day or 100,000, the cost is the same: your server compute.

n8n ships with 400+ built-in integrations covering CRM, ERP, ITSM, communication, databases, developer tools, and AI/ML services. For anything without a dedicated node, the HTTP Request node lets you call any REST or GraphQL API directly. The Code node supports JavaScript and Python for complex data transformations that visual nodes cannot handle. Webhook nodes let external systems trigger n8n workflows in real time. This combination of visual building blocks and code-level flexibility means n8n scales from simple two-step automations to enterprise-grade integration pipelines.

The practical value is straightforward: every hour your team spends manually copying data between systems, reformatting reports, sending status notifications, or running repetitive multi-step procedures is an hour that automation can reclaim. The most common starting points are notification workflows (something happens in system A, send an alert to Slack or Teams), data sync workflows (keep records consistent across two or more systems), and approval workflows (route requests through a structured review process). Once you build and trust your first few automations, the compound effect accelerates quickly.

The first decision in any n8n deployment is whether to use n8n Cloud (the hosted SaaS offering) or self-host on your own infrastructure. This is not a minor configuration choice - it shapes your security posture, cost model, scaling path, and operational responsibilities for the life of the deployment.

n8n Cloud is the managed option. n8n Inc. handles the server infrastructure, database management, SSL certificates, updates, backups, and uptime monitoring. You sign up, create workflows, and run them. Cloud pricing is based on your plan tier, which determines execution limits, user seats, and available features. The Starter plan covers basic needs. Pro and Enterprise tiers unlock features like SSO, custom variables, external secrets, and source control integration. The key advantage is zero infrastructure management. The key constraint is that your workflow data and execution logs live on n8n's infrastructure.

Self-hosted n8n gives you full control over the environment. You run the n8n application on your own servers (physical, virtual, or cloud), connect it to your own PostgreSQL database, manage your own SSL termination and reverse proxy, and handle updates on your own schedule. The community edition is free and open source with no execution limits. Enterprise self-hosted adds SSO, RBAC, source control, and support contracts. Self-hosting is the right choice when you need to keep all data on-premises, must comply with data residency regulations, want to eliminate per-execution costs at scale, or need to integrate with systems only accessible inside your network.

Here is a practical comparison:

For most teams starting out, n8n Cloud is the fastest path to value. For production workloads with compliance requirements, high execution volumes, or internal system access needs, self-hosted is the long-term answer. Many organizations start on Cloud and migrate to self-hosted once the automation practice matures.

If you choose self-hosted, your next decision is how to run n8n. Each deployment method has different complexity, scaling characteristics, and operational requirements. Choosing the wrong method for your scale creates unnecessary friction, while over-engineering the deployment wastes setup time.

Docker (single container) is the simplest self-hosted option. A single docker run command pulls the n8n image and starts the application with SQLite as the default database. This is ideal for development, testing, and personal use. It takes under five minutes to get running. The limitation is that SQLite does not support concurrent writes well, making it unsuitable for production workloads or multi-user environments. Use this for prototyping and proof-of-concept work.

Docker Compose is the recommended production deployment for most organizations. A docker-compose.yml file defines n8n alongside a PostgreSQL database (and optionally Redis for queue mode) as a multi-container application. Docker Compose handles container networking, volume management, restart policies, and service dependencies. Updates are a two-command process: change the image tag, then docker compose up -d. This method handles the majority of production workloads up to tens of thousands of executions per day on a single server.

Kubernetes with Helm charts is the enterprise-scale option for organizations that need horizontal scaling, high availability, and automated failover. n8n provides official Helm charts that deploy the main application, worker pods (for queue mode), and webhook processors as separate scalable components. Kubernetes adds complexity, but it enables auto-scaling workers based on queue depth, rolling updates with zero downtime, and multi-main setups for high availability. Choose this when you are already running Kubernetes and need to handle high execution volumes or strict uptime SLAs.

Windows Server (npm) installs n8n directly via Node.js and npm on a Windows Server machine. This is not the recommended production approach due to the operational overhead of managing Node.js processes, npm dependencies, and Windows service scheduling. However, it has a specific strategic value: when n8n runs natively on Windows Server, it can invoke PowerShell directly through the Execute Command node, giving access to enterprise tools like Active Directory, Exchange Online, VMware PowerCLI, SCCM, and any other software with a PowerShell interface. Module 3 covers this approach in detail, including its limitations.

n8n supports multiple authentication methods for controlling who can access the platform and what they can do once they are in. Getting authentication right at the start prevents security gaps and permission sprawl as your automation practice grows.

Email and password is the default authentication method. The first user to access a new n8n instance becomes the owner account with full administrative privileges. Additional users can be invited via email. This is sufficient for small teams and development environments, but it lacks the identity governance features that enterprise environments require.

SSO (Single Sign-On) with SAML allows n8n to delegate authentication to your organization's identity provider. Supported providers include Okta, Azure Entra ID (formerly Azure AD), Google Workspace, and any SAML 2.0 compliant IdP. When SSO is enabled, users authenticate through your IdP's login flow, and n8n receives a SAML assertion containing the user's identity and role attributes. This eliminates separate n8n passwords, enforces your organization's MFA policies, and centralizes user lifecycle management. SSO is available on the Enterprise plan.

LDAP integration connects n8n to an LDAP directory (typically Active Directory) for authentication and user provisioning. Users log in with their directory credentials, and n8n can automatically create accounts for authenticated users. LDAP is a good fit for organizations that have not migrated to cloud-based identity providers and still rely on on-premises Active Directory.

n8n's Role-Based Access Control (RBAC) system defines what each user can do within the platform. The built-in roles are:

• Admin - Full platform access including user management, settings, and all workflows
• Project Member (Editor) - Can create, edit, and execute workflows within assigned projects
• Project Member (Viewer) - Can view workflows and execution history but cannot modify or run them

Enterprise editions support custom roles that let you define granular permission sets. For example, you might create an "Operator" role that can execute existing workflows and view logs but cannot edit workflow logic or manage credentials. Or a "Credential Manager" role that can create and update credentials but cannot build workflows.

The recommended starting pattern for teams is: one or two Admin accounts for platform management, Editor access for developers building workflows, and Viewer access for stakeholders who need to monitor execution results. As your automation practice scales, organize workflows into Projects (n8n's workspace isolation feature) to separate workflows by department, team, or environment.