Setting up Azure AD Saml using Dex server in ARGOCD

Reading Time: 3 minutes

In this blog, we will go through the steps required to configure Azure AD SAML to authenticate and authorize in ARGOCD application which is hosted in any environment and is accessible over a URL. Lets take a look at the setup which is required in Azure AD and argo-cd config.

Pre-requisites:

  • Requires an Azure AD account
  • Requires ArgoCD setup

Azure AD SAML Enterprise App Auth using Dex

Configure a new Azure AD Enterprise App

  1. Go to Enterprise Applications
  1. Create New Application > Create your own application
  1. Open the newly created application
  1. From Users and groups menu, click on Add user/group
  1. Go to Single sign-on
  1. Click on SAML
  1. Edit basic SAML configuration
  1. Set Identity URL as:
  1. Set remaining fields as:
  2. Reply URL: https://<argocd-url>/api/dex/callback
  3. Sign on URL: https://<argocd-url>/auth/login
  4. Relay State: empty
  5. Logout URL: empty
  6. Click Save
  7. Edit Attributes and Claims, Add New Claim:
  1. Fill in the following fields
  1. Click Save.
  2. Add a group claim
  1. Download the SAML signing certificate (Base64)
  1. Base64 encodes the contents of the downloaded certificate file, you can check it as:
    cat ArgoCD.cer | base64
  2. Copy the Login URL parameter
  1. Copy the Login URL as:
    https://login.microsoftonline.com/<ID>/saml2

ARGOCD SETUP

Patch configurations in ARGO-CD config map as:

data:
  url: https://<argocd-url>/
  dex.config: |
    logger:
      level: debug
      format: json
    connectors:
    - type: saml
      id: saml
      name: saml
      config:
        entityIssuer: https://<argocd-url>/api/dex/callback
        ssoURL: https://login.microsoftonline.com/11a1111a-1111-111a-111b-11c1d111e1f1/saml2
        caData: |
        BASE64 ENCODED CRT
        redirectURI: https://<argocd-url>/api/dex/callback
        usernameAttr: email
        emailAttr: email
        groupsAttr: Group

Open the ArgoCD URL and now you would be able to see the SAML login option:

Click on Log In via SAML and add your credentials. You will be successfully logged in.


Hey, readers! Thank you for sticking up till the end. If you have any questions/feedbacks regarding this blog, I am reachable at vidushi.bansal@knoldus.com. You can find more of my blogs here.

Written by 

Vidushi Bansal is a Software Consultant [Devops] at Knoldus Inc. She is passionate about learning and exploring new technologies.