Maven / ArgoCD interview questions

How does ArgoCD handle SSO and what identity providers does it support?

ArgoCD supports Single Sign-On (SSO) through two integration paths: built-in Dex (bundled OpenID Connect identity broker) and external OIDC providers (configured directly in argocd-cm without Dex).

Built-in Dex

Dex acts as an OIDC proxy that federates authentication to upstream identity providers. You configure connectors in the argocd-cm ConfigMap under the dex.config key. Dex supports: GitHub/GitHub Enterprise (OAuth), GitLab, LDAP, SAML 2.0, Microsoft (Azure AD), Google, and any generic OIDC provider.

# argocd-cm
data:
  dex.config: |
    connectors:
      - type: github
        id: github
        name: GitHub
        config:
          clientID: $dex-github-client-id
          clientSecret: $dex-github-client-secret
          orgs:
            - name: my-org

External OIDC

If you already have an OIDC provider (Okta, Auth0, Keycloak, Azure AD with OIDC), you can bypass Dex entirely by configuring ArgoCD to accept tokens directly:

data:
  oidc.config: |
    name: Okta
    issuer: https://my-org.okta.com
    clientID: <client-id>
    clientSecret: $oidc-client-secret
    requestedScopes: [openid, profile, email, groups]

After SSO is configured, groups from the identity provider are mapped to ArgoCD roles in the RBAC policy using g, <group-name>, <argocd-role> lines. This means managing ArgoCD access becomes a matter of IdP group membership rather than per-user ArgoCD configuration.

What is the role of Dex in ArgoCD's SSO architecture?It replaces the ArgoCD API server for authentication requests

✗ Try again — Dex is a separate service that proxies to upstream IdPs; the API Server still handles ArgoCD requests.

It acts as an OIDC broker that federates authentication to upstream providers like GitHub or LDAP

✓ Well done! Dex translates upstream IdP protocols (OAuth, SAML, LDAP) into OIDC tokens for ArgoCD.

It stores user credentials in a dedicated ArgoCD database

✗ Try again — Dex is stateless (or uses a lightweight store); it does not maintain a credential database for ArgoCD.

After SSO is configured, how are identity provider groups mapped to ArgoCD permissions?By creating a Kubernetes RoleBinding for each group in the argocd namespace

✗ Try again — ArgoCD RBAC uses its own policy.csv in argocd-rbac-cm, not Kubernetes RoleBindings.

Using g, group-name, argocd-role lines in the argocd-rbac-cm policy.csv

✓ Well done! Group-to-role bindings in argocd-rbac-cm connect IdP groups to ArgoCD's Casbin policy roles.

By annotating the Dex connector config with allowed group names

✗ Try again — Dex connector config controls what groups are forwarded; role mapping happens in argocd-rbac-cm separately.

Invest now in Acorns!!! 🚀 Join Acorns and get your $5 bonus!

Invest now in Acorns!!! 🚀
Join Acorns and get your $5 bonus!

Earn passively and while sleeping

Acorns is a micro-investing app that automatically invests your "spare change" from daily purchases into diversified, expert-built portfolios of ETFs. It is designed for beginners, allowing you to start investing with as little as $5. The service automates saving and investing. Disclosure: I may receive a referral bonus.

Invest now!!! Get Free equity stock (US, UK only)!

Use Robinhood app to invest in stocks. It is safe and secure. Use the Referral link to claim your free stock when you sign up!.

The Robinhood app makes it easy to trade stocks, crypto and more.

Webull! Receive free stock by signing up using the link: Webull signup.

More Related questions...

What is ArgoCD and what problem does it solve? What is GitOps and how does ArgoCD implement it? What are the core components of ArgoCD? What is an ArgoCD Application and what fields does its manifest require? What are the different application sync statuses in ArgoCD? How do you install ArgoCD on a Kubernetes cluster? What is an ArgoCD Project and how does it differ from a Kubernetes namespace? How does ArgoCD support Helm charts? How does ArgoCD support Kustomize? What is self-healing in ArgoCD and how do you enable it? What is the difference between ArgoCD automated sync and self-healing? How does ArgoCD handle resource pruning and what risks does enabling it carry? What is the ArgoCD App of Apps pattern and when should you use it? How do ArgoCD Sync Waves and Sync Hooks work together to control deployment ordering? What is an ArgoCD ApplicationSet and how does the Git generator work? How does ArgoCD integrate with external secret management tools like Vault or Sealed Secrets? How do you configure ArgoCD RBAC and what are the built-in roles? What is ArgoCD Image Updater and how does it automate container image updates? How does ArgoCD manage multiple clusters and what are the methods for registering them? What are ArgoCD Sync Windows and how do you configure them? How does ArgoCD handle ignoreDifferences and when should you use it? What are ArgoCD resource health checks and how do you write a custom one? How does ArgoCD handle SSO and what identity providers does it support? What is the ArgoCD CLI and what are the most common commands used day-to-day? How does ArgoCD compare to Flux and when would you choose one over the other? What is server-side apply in ArgoCD and why might you enable it? How does ArgoCD handle notifications and what channels does it support? How do you perform a rollback in ArgoCD? What is the ArgoCD repository server caching strategy and how does it affect performance?

Show more question and Answers...

Testing

	Interviews Questions Java Spring Hibernate Maven Testing API BigData Web DataStructures AI Database MuleESB Cloud Scala Tools	About Javapedia.net Javapedia.net is for Java and J2EE developers, technologist and college students who prepare of interview. Also this site includes many practical examples. This site is developed using J2EE technologies by Steve Antony, a senior Developer/lead at one of the logistics based company.
	contact: javatutorials2016[at]gmail[dot]com
Kindly consider donating for maintaining this website. Thanks.
	Copyright © 2026, javapedia.net, all rights reserved. privacy policy.

Maven / ArgoCD interview questions

How does ArgoCD handle SSO and what identity providers does it support?

Built-in Dex

External OIDC

Comments & Discussions

Recently added...