Gitpulse
Merged
Size
XL
Change Breakdown
Feature75%
Style25%
#27688feat(editor): Add instance rules editor with drag-to-reorder

Role mapping rules editor added to SSO settings

Role mapping rules editor added to SSO settings
CS
cstuncsik
·Apr 7, 2026

SSO administrators can now define, reorder, and manage role mapping rules directly in the settings UI, with drag-to-reorder functionality and syntax-highlighted expression inputs for fine-grained role assignment based on identity provider claims.

SSO configuration just got more powerful. A new role mapping rules editor has been added to n8n's SSO settings, allowing administrators to define conditional role assignments based on identity provider claims. The editor appears when "Expression-based mapping" is selected in the User role provisioning dropdown.

Users can now add rules with JavaScript expressions (like $claims.groups.includes('admins')), assign instance roles to matching conditions, and reorder rules via drag-and-drop. Each rule row includes a grip handle for reordering, an expression input with n8n syntax highlighting, a role dropdown, and duplicate/delete actions. An expandable expression editor opens in a modal dialog for longer expressions.

The SSO settings page itself received a visual refresh with a card-based layout, making configuration sections easier to scan. Copy inputs for redirect URLs and Entity IDs now use an integrated input group pattern instead of a separate component.

This is part of a larger initiative to bring expression-based role mapping to n8n's SSO system, giving administrators more control over how users are provisioned based on their identity provider data.

View Original GitHub Description

Summary

Builds the instance role rules editor UI for expression-based role mapping. This is PR 2 of 3 for IAM-397.

Stacked on: #27686 (plumbing)

What this PR does:

  • RoleMappingRuleEditor.vue — orchestrator component, shown when "Expression-based mapping" is selected
  • RuleList.vue — sortable container using vuedraggable for drag-to-reorder
  • RuleRow.vue — single rule: drag handle, enable/disable toggle, expression input, role dropdown, delete button
  • RuleSectionHeader.vue — section title + "Add rule" button
  • Integrates the editor into both SamlSettingsForm.vue and OidcSettingsForm.vue

How to test manually

  1. Set N8N_ENV_FEAT_ROLE_MAPPING_RULES=true environment variable
  2. Go to Settings → SSO → configure SAML or OIDC
  3. Select "Expression-based mapping" from the User role provisioning dropdown
  4. The instance rules editor should appear below
  5. Click "Add rule" — a new row appears with expression input and role dropdown
  6. Drag rules by the grip handle to reorder
  7. Toggle rules on/off, delete rules

Key decisions for reviewers

  • Plain N8nInput for expressions instead of InlineExpressionEditorInput — the expression editor has deep workflow/NDV store dependencies. Using a plain text input for now; can upgrade to the expression editor once standalone usage is validated
  • Rule row layout — drag handle | toggle | expression input (flex: 1) | role dropdown (160px) | delete button. Follows the bordered card pattern from the SSO forms Figma
  • Drag-to-reorder uses vuedraggable (already a project dependency) with .drag-handle CSS class for the handle
  • Editor manages its own state via useRoleMappingRules composable and exposes isDirty and save() via defineExpose for parent form integration
  • Project rules section is stubbed with a comment — will be added in PR 3

Related Linear tickets, Github issues, and Community forum posts

https://linear.app/n8n/issue/IAM-482 https://linear.app/n8n/issue/IAM-397

Review / Merge checklist

  • PR title and summary are descriptive. (conventions)
  • Docs updated or follow-up ticket created.
  • Tests included.
  • PR Labeled with release/backport (if the PR is an urgent fix that needs to be backported)
© 2026 · via Gitpulse