n8n Permissions Reference
This section describes all required scopes and access settings for SailPoint Entro's n8n integration.
Required Scopes
The API key must be created with the following scopes:
| Scope | Purpose |
|---|---|
user:list |
Map workflow ownership to n8n user identities |
workflow:list |
Enumerate all workflows for AI agent discovery |
Permissions Justification
-
user:listis required to resolve which n8n user owns each workflow, enabling accurate identity attribution in SailPoint Entro's AI Agents Inventory. -
workflow:listis required to retrieve workflow definitions and inspect node types for LLM usage. -
No
credential:*scopes are requested - SailPoint Entro does not access or retrieve credential values stored in n8n.
Access Summary
-
Authentication uses an API Key (
X-N8N-API-KEYheader) -
All requests performed via the n8n REST API
-
All operations are read-only - no changes are made to workflows or credentials
-
API keys are stored encrypted in SailPoint Entro's Worker Group environment (AES-256)
-
All communication over HTTPS / TLS 1.3