diff --git a/docs/reference/api.html.md b/docs/reference/api.html.md
index 95110070f..df8621f46 100644
--- a/docs/reference/api.html.md
+++ b/docs/reference/api.html.md
@@ -89,19 +89,6 @@ ArgoCDApplicationControllerSpec
 </tr>
 <tr>
 <td>
-<code>dex</code></br>
-<em>
-<a href="#argoproj.io/v1alpha1.ArgoCDDexSpec">
-ArgoCDDexSpec
-</a>
-</em>
-</td>
-<td>
-<p>Dex defines the Dex server options for ArgoCD.</p>
-</td>
-</tr>
-<tr>
-<td>
 <code>gaTrackingID</code></br>
 <em>
 string
@@ -338,6 +325,19 @@ ArgoCDServerSpec
 </tr>
 <tr>
 <td>
+<code>sso</code></br>
+<em>
+<a href="#argoproj.io/v1alpha1.ArgoCDSSOSpec">
+ArgoCDSSOSpec
+</a>
+</em>
+</td>
+<td>
+<p>SSO defines the Single Sign-on configuration for Argo CD.</p>
+</td>
+</tr>
+<tr>
+<td>
 <code>statusBadgeEnabled</code></br>
 <em>
 bool
@@ -583,7 +583,7 @@ bool
 </h3>
 <p>
 (<em>Appears on:</em>
-<a href="#argoproj.io/v1alpha1.ArgoCDSpec">ArgoCDSpec</a>)
+<a href="#argoproj.io/v1alpha1.ArgoCDSSOSpec">ArgoCDSSOSpec</a>)
 </p>
 <p>
 <p>ArgoCDDexSpec defines the desired state for the Dex server component.</p>
@@ -1192,6 +1192,70 @@ ingress supports SNI.</p>
 </tr>
 </tbody>
 </table>
+<h3 id="argoproj.io/v1alpha1.ArgoCDKeycloakSpec">ArgoCDKeycloakSpec
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#argoproj.io/v1alpha1.ArgoCDSSOSpec">ArgoCDSSOSpec</a>)
+</p>
+<p>
+<p>ArgoCDKeycloakSpec Keycloak contains the configuration for Argo CD keycloak authentication (previously found under cr.spec.sso)</p>
+</p>
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>image</code></br>
+<em>
+string
+</em>
+</td>
+<td>
+<p>Image is the Keycloak container image.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>resources</code></br>
+<em>
+<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.13/#resourcerequirements-v1-core">
+Kubernetes core/v1.ResourceRequirements
+</em>
+</td>
+<td>
+<p> Resources defines the Compute Resources required by the container for Keycloak.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>version</code></br>
+<em>
+string
+</em>
+</td>
+<td>
+<p>Version is the Keycloak container image tag.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>verifyTLS</code></br>
+<em>
+bool
+</em>
+</td>
+<td>
+<p>VerifyTLS set to false disables strict TLS validation.</p>
+</td>
+</tr>
+</tbody>
+</table>
 <h3 id="argoproj.io/v1alpha1.ArgoCDPrometheusSpec">ArgoCDPrometheusSpec
 </h3>
 <p>
@@ -2054,6 +2118,19 @@ ArgoCDServerSpec
 </tr>
 <tr>
 <td>
+<code>sso</code></br>
+<em>
+<a href="#argoproj.io/v1alpha1.ArgoCDSSOSpec">
+ArgoCDSSOSpec
+</a>
+</em>
+</td>
+<td>
+<p>SSO defines the Single Sign-on configuration for Argo CD.</p>
+</td>
+</tr>
+<tr>
+<td>
 <code>statusBadgeEnabled</code></br>
 <em>
 bool
@@ -2101,6 +2178,60 @@ string
 </tr>
 </tbody>
 </table>
+<h3 id="argoproj.io/v1alpha1.ArgoCDSSOSpec">ArgoCDSSOSpec
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#argoproj.io/v1alpha1.ArgoCDSpec">ArgoCDSpec</a>)
+</p>
+<p>
+<p>ArgoCDSSOSpec defines the Single Sign-on configuration for Argo CD.</p>
+</p>
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>dex</code></br>
+<em>
+<a href="#argoproj.io/v1alpha1.ArgoCDDexSpec">
+ArgoCDDexSpec
+</em>
+</td>
+<td>
+<p>Dex contains the configuration for Argo CD dex authentication (previously found under cr.spec.Dex)</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>keycloak</code></br>
+<em>
+<a href="#argoproj.io/v1alpha1.ArgoCDKeycloakSpec">
+ArgoCDKeycloakSpec
+</em>
+</td>
+<td>
+<p>Keycloak contains the configuration for Argo CD keycloak authentication (previously found under cr.spec.sso)</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>provider</code></br>
+<em>
+SSOProviderType
+</em>
+</td>
+<td>
+<p>Provider installs and configures the given SSO Provider with Argo CD.
+</td>
+</tr>
+</tbody>
+</table>
 <h3 id="argoproj.io/v1alpha1.ArgoCDStatus">ArgoCDStatus
 </h3>
 <p>
diff --git a/docs/reference/argocd.md b/docs/reference/argocd.md
index 0e801139e..8e19f0a3d 100644
--- a/docs/reference/argocd.md
+++ b/docs/reference/argocd.md
@@ -15,7 +15,6 @@ Name | Default | Description
 [**ApplicationSet**](#applicationset-controller-options) | [Object] | ApplicationSet controller configuration options.
 [**ConfigManagementPlugins**](#config-management-plugins) | [Empty] | Configuration to add a config management plugin.
 [**Controller**](#controller-options) | [Object] | Argo CD Application Controller options.
-[**Dex**](#dex-options) | [Object] | Dex configuration options.
 [**DisableAdmin**](#disable-admin) | `false` | Disable the admin user.
 [**GATrackingID**](#ga-tracking-id) | [Empty] | The google analytics tracking ID to use.
 [**GAAnonymizeUsers**](#ga-anonymize-users) | `false` | Enable hashed usernames sent to google analytics.
@@ -178,14 +177,16 @@ metadata:
   labels:
     example: dex
 spec:
-  dex:
-    config: ""
-    groups:
-      - default
-    image: quay.io/dexidp/dex
-    openShiftOAuth: false
-    resources: {}
-    version: v2.21.0
+  sso:
+    provider: dex
+    dex:
+      config: ""
+      groups:
+        - default
+      image: quay.io/dexidp/dex
+      openShiftOAuth: false
+      resources: {}
+      version: v2.21.0
 ```
 
 ### Dex OpenShift OAuth Example
@@ -202,8 +203,10 @@ metadata:
   labels:
     example: openshift-oauth
 spec:
-  dex:
-    openShiftOAuth: true
+  sso:
+    provider: dex
+    dex:
+      openShiftOAuth: true
   rbac:
     defaultPolicy: 'role:readonly'
     policy: |
diff --git a/docs/usage/dex.md b/docs/usage/dex.md
index d096c4d47..fda222f97 100644
--- a/docs/usage/dex.md
+++ b/docs/usage/dex.md
@@ -22,10 +22,12 @@ metadata:
   labels:
     example: openshift-oauth
 spec:
-  dex:
-    openShiftOAuth: true
-    groups:
-     - default
+  sso:
+    provider: dex
+    dex:
+      openShiftOAuth: true
+      groups:
+      - default
   rbac:
     defaultPolicy: 'role:readonly'
     policy: |
@@ -65,30 +67,41 @@ metadata:
   labels:
     example: openshift-oauth
 spec:
-  dex:
-    config: |
-      connectors:
-        # GitHub example
-        - type: github
-          id: github
-          name: GitHub
-          config:
-            clientID: xxxxxxxxxxxxxx
-            clientSecret: $dex.github.clientSecret # Alternatively $<some_K8S_secret>:dex.github.clientSecret
-            orgs:
-            - name: dummy-org
+  sso:
+    provider: dex
+    dex:
+      config: |
+        connectors:
+          # GitHub example
+          - type: github
+            id: github
+            name: GitHub
+            config:
+              clientID: xxxxxxxxxxxxxx
+              clientSecret: $dex.github.clientSecret # Alternatively $<some_K8S_secret>:dex.github.clientSecret
+              orgs:
+              - name: dummy-org
 ```
 
-## Disable DEX
+## Install/Uninstall DEX
 
-Dex is installed by default for all the Argo CD instances created by the operator. You can disable this behavior using the environmental variable `DISABLE_DEX` on the operator.
+Dex can be enabled by setting `.spec.sso.provider` to `dex` and supplying a non-empty `.spec.sso.dex` section within the Argo CD custom resource. For example: 
 
-Set the `DISABLE_DEX` to `true` in the Subscription resource of the operator.
-
-```yaml
+``` yaml
+apiVersion: argoproj.io/v1alpha1
+kind: ArgoCD
+metadata:
+  name: example-argocd
+  labels:
+    example: openshift-oauth
 spec:
-  config:
-    env:
-    - name: DISABLE_DEX
-      value: "true"
+  sso:
+    provider: dex
+    dex:
+      openShiftOAuth: true
 ```
+Dex can be uninstalled by either deleting the `.spec.sso` field from the Argo CD custom resource, or setting `.spec.sso.provider` to an SSO provider other than dex. Doing so would trigger the removal of all dex related resources created by the operator.
+
+**NOTE:** `.spec.sso.dex` is required and must not be empty if `spec.sso.provider` is set to dex.
+
+**NOTE:** The `DISABLE_DEX` environment variable is no longer supported for enabling/disabling dex.
\ No newline at end of file