In this blog, we will go through the steps required to configure Azure AD SAML to authenticate and authorize in ARGOCD application which is hosted in any environment and is accessible over a URL. Lets take a look at the setup which is required in Azure AD and argo-cd config.
Pre-requisites:
- Requires an Azure AD account
- Requires ArgoCD setup
Azure AD SAML Enterprise App Auth using Dex
Configure a new Azure AD Enterprise App
- Go to Enterprise Applications
- Create New Application > Create your own application
- Open the newly created application
- From Users and groups menu, click on Add user/group
- Go to Single sign-on
- Click on SAML
- Edit basic SAML configuration
- Set Identity URL as:
- Set remaining fields as:
- Reply URL: https://<argocd-url>/api/dex/callback
- Sign on URL: https://<argocd-url>/auth/login
- Relay State: empty
- Logout URL: empty
- Click Save
- Edit Attributes and Claims, Add New Claim:
- Fill in the following fields
- Click Save.
- Add a group claim
- Download the SAML signing certificate (Base64)
- Base64 encodes the contents of the downloaded certificate file, you can check it as:
cat ArgoCD.cer | base64 - Copy the Login URL parameter
- Copy the Login URL as:
https://login.microsoftonline.com/<ID>/saml2
ARGOCD SETUP
Patch configurations in ARGO-CD config map as:
data:
url: https://<argocd-url>/
dex.config: |
logger:
level: debug
format: json
connectors:
- type: saml
id: saml
name: saml
config:
entityIssuer: https://<argocd-url>/api/dex/callback
ssoURL: https://login.microsoftonline.com/11a1111a-1111-111a-111b-11c1d111e1f1/saml2
caData: |
BASE64 ENCODED CRT
redirectURI: https://<argocd-url>/api/dex/callback
usernameAttr: email
emailAttr: email
groupsAttr: Group
Open the ArgoCD URL and now you would be able to see the SAML login option:
Click on Log In via SAML and add your credentials. You will be successfully logged in.
Hey, readers! Thank you for sticking up till the end. If you have any questions/feedbacks regarding this blog, I am reachable at vidushi.bansal@knoldus.com. You can find more of my blogs here.