Once you’ve set up one of the above integrations, be sure to edit argo-rbac-cm
to configure permissions (as in the example below). See RBAC Configurations for more detailed scenarios.
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-rbac-cm
namespace: argocd
data:
policy.default: role:readonly
G Suite SAML App Auth using Dex
Configure a new SAML App
In the Google admin console, open the left-side menu and select
Apps
>SAML Apps
Under
Add App
selectAdd custom SAML app
Enter a
Name
for the application (e.g.Argo CD
), then chooseContinue
Download the metadata or copy the
SSO URL
,Certificate
, and optionallyEntity ID
from the identity provider details for use in the next section. Choosecontinue
.- Base64 encode the contents of the certificate file, for example:
$ cat ArgoCD.cer | base64
- Keep a copy of the encoded output to be used in the next section.
- Ensure that the certificate is in PEM format before base64 encoding
For both the
ACS URL
andEntity ID
, use your Argo Dex Callback URL, for example:https://argocd.example.com/api/dex/callback
Add SAML Attribute Mapping, Map
Primary email
toname
andPrimary Email
toemail
. and clickADD MAPPING
button.Finish creating the application.
Configure Argo to use the new Google SAML App
Edit argo-cm
and add the following dex.config
to the data section, replacing the caData
, argocd.example.com
, sso-url
, and optionally google-entity-id
with your values from the Google SAML App:
data:
url: https://argocd.example.com
dex.config: |
connectors:
- type: saml
id: saml
name: saml
config:
ssoURL: https://sso-url (e.g. https://accounts.google.com/o/saml2/idp?idpid=Abcde0)
entityIssuer: https://argocd.example.com/api/dex/callback
caData: |
BASE64-ENCODED-CERTIFICATE-DATA
redirectURI: https://argocd.example.com/api/dex/callback
usernameAttr: name
emailAttr: email
# optional
ssoIssuer: https://google-entity-id (e.g. https://accounts.google.com/o/saml2?idpid=Abcde0)