n8n Community vs Cloud vs Enterprise: Plans, Limits & Features

n8n offers five plans with clear feature differentiation: the free self‑hosted Community Edition for unlimited unrestricted prototyping; Cloud Starter (€20/month or $24/month) and Cloud Pro (€50/month or $60/month) for hassle‑free managed hosting; and two enterprise‑grade tiers—Business (€667/month, billed annually, self‑hosted) and Enterprise (custom pricing)—that unlock RBAC, SSO, Log Streaming, external secrets, queue mode, and dedicated support SLAs. Below is a complete feature‑by‑ feature breakdown to inform your choice. [1] [2] [3]

How does the deployment model differ across n8n plans?

Community Edition is always self‑hosted via npm, Docker, or Kubernetes, requiring users to provision servers, manage SSL, and configure databases and Redis individually. Cloud Starter and Pro are fully managed by n8n— no setup, no server maintenance, and automatic updates. Business is self‑hosted only, while Enterprise offers hosted or self‑hosted options. [1]

Cloud plans eliminate DevOps overhead entirely: n8n manages PostgreSQL, backups, scaling, and TLS certificates. The trade‑off is execution caps and reduced configuration flexibility. For deployment walkthroughs of each model, see the self‑hosting security guide and related first workflow tutorial.

What execution and scaling limits are imposed by n8n plans?

Cloud Starter provides 2,500 executions per month with 5 concurrent executions and 320 MiB memory per run. Cloud Pro increases this to 10,000 executions, 20 concurrent executions, and 640 MiB (with Pro‑2 offering 1,280 MiB). Only Business and Enterprise unlock Queue Mode— backed by Redis—for distributing workloads across multiple workers. [1] [5]

Community Edition has no execution limits by license, but scales only as far as your hardware permits—typically constrained by CPU cores and RAM unless you configure Queue Mode manually. For a typical $20–150/month VPS, you can run thousands of executions without cap [3]. Enterprise pushes to 200+ concurrent executions with environment scaling to dev, staging, and production. For detailed scaling internals of Queue Mode, see the n8n architecture guide.

Which n8n plans support SSO, SAML, LDAP, and RBAC?

SSO (SAML and LDAP) and RBAC are exclusively available on the Business and Enterprise plans—neither Community nor Cloud Starter/Pro include them. The Business plan supports SAML integration with identity providers like Okta, Azure AD, and Auth0, while Enterprise adds Custom Project Roles with granular permissions for workflows, credentials, and variables. [1] [6]

Enterprise SSO user provisioning automatically syncs user accounts from the identity provider—when someone joins the organisation, they appear in n8n with the correct role; when they leave, access is revoked. For a complete setup walkthrough and the required N8N_EDITOR_BASE_URL callback, refer to our n8n security hub.

How does Enterprise log streaming send n8n events to Datadog or Splunk?

Log streaming—exclusive to the Enterprise plan—sends n8n execution events, audit logs, and user activities to external monitoring platforms via Settings → Log Streaming → Add new destination. Supported targets include Datadog, Splunk, and the ELK stack, providing centralised observability alongside your existing infrastructure alerting pipelines. [7] [8]

Enterprise buyers also gain 365 days of insights retention with hourly granularity. For compliance‑heavy industries, this satisfies archival requirements that lower tiers cannot meet. See our DevOps monitoring guide for end‑to‑end observability patterns.

How do shared projects and collaboration features scale across n8n plans?

Cloud Starter includes 1 shared project with unlimited members; Pro expands to 3 shared projects with admin roles and 30 days of workflow history. Business provides 6 projects, RBAC with project admins/editors/ viewers, and Git‑based version control with workflow diffs. Enterprise tops out at unlimited projects with custom role definitions. [1]

Community Edition has no RBAC layer—any user with instance access can edit any workflow. For securing your self‑hosted instance against this gap, combine the self‑hosting security guide with an external identity layer. For further reading, the credential security guide covers how credentials map into project‑scoped access.

How does the Enterprise external secret store integrate with AWS and Vault?

Enterprise enables External Secret Store integration under Settings → External Secrets, supporting AWS Secrets Manager, Azure Key Vault, GCP Secrets Manager, Infisical, and HashiCorp Vault. You configure a vault provider, enter its credentials, and then reference secrets in credential fields using {{$vault.secret.path}} syntax. [10] [11]

This feature decouples secrets from n8n’s database entirely—ideal for SOC2, ISO 27001, and HIPAA compliance workloads. Combined with Log Streaming for audit trails and SSO for access control, Enterprise provides the governance layer required in regulated environments. For detailed step‑by‑step vault configuration, refer to credential security.