Setting up Azure AD Saml using Dex server in ARGOCD

Vidushi BansalStudio-DevOps,
Reading Time: 3 minutes

In this blog, we will go through the steps required to configure Azure AD SAML to authenticate and authorize in ARGOCD application which is hosted in any environment and is accessible over a URL. Lets take a look at the setup which is required in Azure AD and argo-cd config.

Pre-requisites:

  • Requires an Azure AD account
  • Requires ArgoCD setup

Azure AD SAML Enterprise App Auth using Dex

Configure a new Azure AD Enterprise App

  1. Go to Enterprise Applications
  1. Create New Application > Create your own application
  1. Open the newly created application
  1. From Users and groups menu, click on Add user/group
  1. Go to Single sign-on
  1. Click on SAML
  1. Edit basic SAML configuration
  1. Set Identity URL as:
  1. Set remaining fields as:
  2. Reply URL: https://<argocd-url>/api/dex/callback
  3. Sign on URL: https://<argocd-url>/auth/login
  4. Relay State: empty
  5. Logout URL: empty
  6. Click Save
  7. Edit Attributes and Claims, Add New Claim:
  1. Fill in the following fields
  1. Click Save.
  2. Add a group claim
  1. Download the SAML signing certificate (Base64)
  1. Base64 encodes the contents of the downloaded certificate file, you can check it as:
    cat ArgoCD.cer | base64
  2. Copy the Login URL parameter
  1. Copy the Login URL as:
    https://login.microsoftonline.com/<ID>/saml2

ARGOCD SETUP

Patch configurations in ARGO-CD config map as:

data:
  url: https://<argocd-url>/
  dex.config: |
    logger:
      level: debug
      format: json
    connectors:
    - type: saml
      id: saml
      name: saml
      config:
        entityIssuer: https://<argocd-url>/api/dex/callback
        ssoURL: https://login.microsoftonline.com/11a1111a-1111-111a-111b-11c1d111e1f1/saml2
        caData: |
        BASE64 ENCODED CRT
        redirectURI: https://<argocd-url>/api/dex/callback
        usernameAttr: email
        emailAttr: email
        groupsAttr: Group

Open the ArgoCD URL and now you would be able to see the SAML login option:

Click on Log In via SAML and add your credentials. You will be successfully logged in.

Hey, readers! Thank you for sticking up till the end. If you have any questions/feedbacks regarding this blog, I am reachable at vidushi.bansal@knoldus.com. You can find more of my blogs here.

Written by 

Vidushi Bansal is a Software Consultant [Devops] at Knoldus Inc. She is passionate about learning and exploring new technologies.

Knoldus-logo-final
nashtech-logo-white

COMPANY

Sign up to our newsletter

    Certificates

    IOSTQB Platinum Partner-white
    cmmi5-white
    ISO 27001-white
    ISO 27002-white
    ISO 9001-white
    Previous
    Next

    Partners

    knoldus-lightbend-white.png
    knoldus-databricks-white-.png
    knoldus-confluent-white.png
    knoldus-docker-white.png
    knoldus-hashiCorp-white.png
    knoldus-ibm-white.png
    knoldus-daml-white.png
    knoldus-datastax-white.png
    knoldus-kmine-white.png
    knoldus-rust-foundation-white.png
    knoldus-scala-white-1.png
    knoldus-snowflake-white-1.png
    umbraco 1
    aws-partner-logo 1
    Microsoft Gold Partner_white 1
    Previous
    Next
    © 2023 Knoldus, Inc. All Rights Reserved.
    Part of NashTech
    Privacy Policy | Sitemap