Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: fix typos and simplify wording on SSO page #11341

Merged
merged 3 commits into from
Jul 12, 2023
Merged

docs: fix typos and simplify wording on SSO page #11341

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
2213585
docs: fix typos in SSO page
agilgur5 Jul 11, 2023
f2227c9
docs: simplify SSO namespace wording
agilgur5 Jul 11, 2023
de035e4
more copy-edits / simplifications
agilgur5 Jul 11, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions docs/argo-server-sso.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,7 @@ To enable the feature, set env variable `SSO_DELEGATE_RBAC_TO_NAMESPACE=true` in

### Recommended usage

Configure a default account in the installation namespace which would allow all users of your organization. We will use this service account to allow a user to login to the cluster. You could optionally add workflow read-only role and role-binding if you wish to.
Configure a default account in the installation namespace that allows access to all users of your organization. This service account allows a user to login to the cluster. You could optionally add a workflow read-only role and role-binding.

```yaml
apiVersion: v1
Expand All @@ -139,8 +139,8 @@ metadata:
!!! Note
All users MUST map to a cluster service account (such as the one above) before a namespace service account can apply.

Now, for the namespace that you own, configure a service account which would allow members of your team to perform operations in your namespace.
Make sure that the precedence of the namespace service account is higher than the precedence of the login service account. Create appropriate role that you want to grant to this service account and bind it with a role-binding.
Now, for the namespace that you own, configure a service account that allows members of your team to perform operations in your namespace.
Make sure that the precedence of the namespace service account is higher than the precedence of the login service account. Create an appropriate role for this service account and bind it with a role-binding.

```yaml
apiVersion: v1
Expand All @@ -153,7 +153,7 @@ metadata:
workflows.argoproj.io/rbac-rule-precedence: "1"
```

Using this, whenever a user is logged in via SSO and makes a request in 'my-namespace', and the `rbac-rule`matches, we will use this service account to allow the user to perform that operation in the namespace. If no service account matches in the namespace, the first service account(`user-default-login`) and its associated role will be used to perform the operation in the namespace.
With this configuration, when a user is logged in via SSO, makes a request in `my-namespace`, and the `rbac-rule` matches, this service account allows the user to perform that operation. If no service account matches in the namespace, the first service account (`user-default-login`) and its associated role will be used to perform the operation.

## SSO Login Time

Expand Down