authelia/docs/content/en/integration/openid-connect/argocd/index.md

---
title: "Argo CD"
description: "Integrating Argo CD with the Authelia OpenID Connect Provider."
lead: ""
date: 2022-07-13T04:27:30+10:00
draft: false
images: []
menu:
  integration:
    parent: "openid-connect"
weight: 620
toc: true
community: true
---

## Tested Versions

* [Authelia]
  * [v4.36.2](https://github.com/authelia/authelia/releases/tag/v4.36.2)
* [Argo CD]
  * v2.4.5

## Before You Begin

You are required to utilize a unique client id and a unique and random client secret for all [OpenID Connect] relying
parties. You should not use the client secret in this example, you should randomly generate one yourself. You may also
choose to utilize a different client id, it's completely up to you.

This example makes the following assumptions:

* __Application Root URL:__ `https://argocd.example.com`
* __Authelia Root URL:__ `https://auth.example.com`
* __Client ID:__ `argocd`
* __Client Secret:__ `argocd_client_secret`
* __CLI Client ID:__ `argocd-cli`

## Configuration

### Application

To configure [Argo CD] to utilize Authelia as an [OpenID Connect] Provider use the following configuration:

```yaml
name: Authelia
issuer: https://auth.example.com
clientID: argocd
clientSecret: argocd_client_secret
cliClientID: argocd-cli
requestedScopes:
  - openid
  - profile
  - email
  - groups
```

### Authelia

The following YAML configuration is an example __Authelia__
[client configuration](../../../configuration/identity-providers/open-id-connect.md#clients) for use with [Argo CD]
which will operate with the above example:

```yaml
- id: argocd
  description: Argo CD
  secret: '$plaintext$argocd_client_secret'
  public: false
  authorization_policy: two_factor
  redirect_uris:
    - https://argocd.example.com/auth/callback
  scopes:
    - openid
    - groups
    - email
    - profile
  userinfo_signing_algorithm: none
- id: argocd-cli
  description: Argo CD (CLI)
  public: true
  authorization_policy: two_factor
  redirect_uris:
    - http://localhost:8085/auth/callback
  scopes:
    - openid
    - groups
    - email
    - profile
    - offline_access
  userinfo_signing_algorithm: none
```

## See Also

* [Argo CD OpenID Connect Documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/user-management/#existing-oidc-provider)

[Authelia]: https://www.authelia.com
[Argo CD]: https://argo-cd.readthedocs.io/en/stable/
[OpenID Connect]: ../../openid-connect/introduction.md
docs: add argocd oidc integration (#3691) 2022-07-12 18:27:30 +00:00			`---`
fix(commands): acl check panic on decode failure (#3697) This fixes an issue with the authelia access-control check-policy command which potentially panics when a decode hook fails to parse an item. 2022-07-13 07:22:42 +00:00			`title: "Argo CD"`
			`description: "Integrating Argo CD with the Authelia OpenID Connect Provider."`
docs: add argocd oidc integration (#3691) 2022-07-12 18:27:30 +00:00			`lead: ""`
docs: remove cobra auto gen tags (#3937) 2022-09-01 02:24:47 +00:00			`date: 2022-07-13T04:27:30+10:00`
docs: add argocd oidc integration (#3691) 2022-07-12 18:27:30 +00:00			`draft: false`
			`images: []`
			`menu:`
			`integration:`
			`parent: "openid-connect"`
			`weight: 620`
			`toc: true`
			`community: true`
			`---`

			`## Tested Versions`

			`* [Authelia]`
			`* [v4.36.2](https://github.com/authelia/authelia/releases/tag/v4.36.2)`
fix(commands): acl check panic on decode failure (#3697) This fixes an issue with the authelia access-control check-policy command which potentially panics when a decode hook fails to parse an item. 2022-07-13 07:22:42 +00:00			`* [Argo CD]`
docs: add argocd oidc integration (#3691) 2022-07-12 18:27:30 +00:00			`* v2.4.5`

			`## Before You Begin`

			`You are required to utilize a unique client id and a unique and random client secret for all [OpenID Connect] relying`
			`parties. You should not use the client secret in this example, you should randomly generate one yourself. You may also`
			`choose to utilize a different client id, it's completely up to you.`

			`This example makes the following assumptions:`

			* __Application Root URL:__ `https://argocd.example.com`
			* __Authelia Root URL:__ `https://auth.example.com`
			* __Client ID:__ `argocd`
			* __Client Secret:__ `argocd_client_secret`
fix(commands): acl check panic on decode failure (#3697) This fixes an issue with the authelia access-control check-policy command which potentially panics when a decode hook fails to parse an item. 2022-07-13 07:22:42 +00:00			* __CLI Client ID:__ `argocd-cli`
docs: add argocd oidc integration (#3691) 2022-07-12 18:27:30 +00:00
			`## Configuration`

			`### Application`

fix(commands): acl check panic on decode failure (#3697) This fixes an issue with the authelia access-control check-policy command which potentially panics when a decode hook fails to parse an item. 2022-07-13 07:22:42 +00:00			`To configure [Argo CD] to utilize Authelia as an [OpenID Connect] Provider use the following configuration:`
docs: add argocd oidc integration (#3691) 2022-07-12 18:27:30 +00:00
			```yaml
			`name: Authelia`
			`issuer: https://auth.example.com`
			`clientID: argocd`
			`clientSecret: argocd_client_secret`
fix(commands): acl check panic on decode failure (#3697) This fixes an issue with the authelia access-control check-policy command which potentially panics when a decode hook fails to parse an item. 2022-07-13 07:22:42 +00:00			`cliClientID: argocd-cli`
docs: add argocd oidc integration (#3691) 2022-07-12 18:27:30 +00:00			`requestedScopes:`
			`- openid`
			`- profile`
			`- email`
			`- groups`
			```

			`### Authelia`

			`The following YAML configuration is an example __Authelia__`
fix(commands): acl check panic on decode failure (#3697) This fixes an issue with the authelia access-control check-policy command which potentially panics when a decode hook fails to parse an item. 2022-07-13 07:22:42 +00:00			`[client configuration](../../../configuration/identity-providers/open-id-connect.md#clients) for use with [Argo CD]`
docs: add argocd oidc integration (#3691) 2022-07-12 18:27:30 +00:00			`which will operate with the above example:`

			```yaml
			`- id: argocd`
fix(commands): acl check panic on decode failure (#3697) This fixes an issue with the authelia access-control check-policy command which potentially panics when a decode hook fails to parse an item. 2022-07-13 07:22:42 +00:00			`description: Argo CD`
feat(oidc): hashed client secrets (#4026) Allow use of hashed OpenID Connect client secrets. 2022-10-20 03:21:45 +00:00			`secret: '$plaintext$argocd_client_secret'`
docs: misc consistency adjustments (#3904) 2022-08-26 03:26:58 +00:00			`public: false`
			`authorization_policy: two_factor`
docs: add argocd oidc integration (#3691) 2022-07-12 18:27:30 +00:00			`redirect_uris:`
			`- https://argocd.example.com/auth/callback`
			`scopes:`
			`- openid`
			`- groups`
			`- email`
			`- profile`
			`userinfo_signing_algorithm: none`
docs: fix example (#3694) 2022-07-12 18:37:23 +00:00			`- id: argocd-cli`
fix(commands): acl check panic on decode failure (#3697) This fixes an issue with the authelia access-control check-policy command which potentially panics when a decode hook fails to parse an item. 2022-07-13 07:22:42 +00:00			`description: Argo CD (CLI)`
docs: add argocd oidc integration (#3691) 2022-07-12 18:27:30 +00:00			`public: true`
docs: misc consistency adjustments (#3904) 2022-08-26 03:26:58 +00:00			`authorization_policy: two_factor`
docs: add argocd oidc integration (#3691) 2022-07-12 18:27:30 +00:00			`redirect_uris:`
			`- http://localhost:8085/auth/callback`
			`scopes:`
			`- openid`
			`- groups`
			`- email`
			`- profile`
docs: add offline_access scope to argocd cli (#3704) Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com> 2022-07-14 00:13:18 +00:00			`- offline_access`
docs: add argocd oidc integration (#3691) 2022-07-12 18:27:30 +00:00			`userinfo_signing_algorithm: none`
			```

			`## See Also`

fix(commands): acl check panic on decode failure (#3697) This fixes an issue with the authelia access-control check-policy command which potentially panics when a decode hook fails to parse an item. 2022-07-13 07:22:42 +00:00			`* [Argo CD OpenID Connect Documentation](https://argo-cd.readthedocs.io/en/stable/operator-manual/user-management/#existing-oidc-provider)`
docs: add argocd oidc integration (#3691) 2022-07-12 18:27:30 +00:00
			`[Authelia]: https://www.authelia.com`
fix(commands): acl check panic on decode failure (#3697) This fixes an issue with the authelia access-control check-policy command which potentially panics when a decode hook fails to parse an item. 2022-07-13 07:22:42 +00:00			`[Argo CD]: https://argo-cd.readthedocs.io/en/stable/`
docs: add argocd oidc integration (#3691) 2022-07-12 18:27:30 +00:00			`[OpenID Connect]: ../../openid-connect/introduction.md`