Disable ArgoCD local admin user
I wanted to disable the admin user in Argo, primarily because I wanted to have all logins go through my SAML provider.
I wanted to disable the admin user in Argo, primarily because I wanted to have all logins go through my SAML provider.
With ArgoCD you have the ability to use local users, external users (via SAML) or both.
I wanted to force all logins through the SAML provider and remove the username/password text boxes from the login screen. After a quick look through the source, I found I needed to disable the login on all local users in the Argo system. Since I did not have any users other than the admin, I only needed to disable that one user.
To do this, modify the argocd-cm config map and add a new entry, admin.enabled. Set it to false and apply it.
Below is the relevant parts of the config map.
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-cm
data:
admin.enabled: "false"
Conclusion
Argo is fun and I enjoy learning more about it as time goes on. It only gets better. Before I set the admin.enabled value I had just set the password hash on the admin user to an invalid value, hacky, but that worked. This is a much better solution.