At a glance: Configure the SSO process using Okta as an identity provider (IdP).
The first step in configuring the AppsFlyer SSO process is done on the Okta platform. Follow the steps below:
Create the AppsFlyer app in Okta
Prerequisite: An Okta account with administrative privileges.
- In the Admin Console, go to Applications > Applications.
- Click Create App Integration.
- In the Create a new app integration dialog box, select SAML 2.0, and click Next.
- Under (1) General Settings, in the App name field, enter the name that you want to show in the Okta plugin list of apps.
- [Optional] App logo: Add a logo to appear near the app name.
- Click Next.
- Under (2) Configure SAML Integration, define the integration according to the following fields:
- Single sign-on URL: Enter the endpoint to which Okta sends the user verification. Use the link according to the callback URL configuration described here
- Audience URI (SP Entity ID): Enter this link: https://hq1.appsflyer.com
- Name ID format: Select EmailAddress as the format for identifying the user
- Application username: Select Okta username
Note: The email of the Okta user must be the same as the user’s AppsFlyer account email
-
Click Show Advanced Settings and define the integration according to each of the fields shown in the image below:
-
Assertion Encryption: Change to Encrypted.
- Encryption certificate: Upload the AppsFlyer encryption certificate. This certificate is signed by AppsFlyer and is used to both encrypt and sign the request.
- [Optional] Signature certificate: Upload the AppsFlyer signing certificate.
-
- Scroll to the end of the page, and click Next.
- Select I’m an Okta customer adding an internal app, and click Finish.
Create Okta users
Now that the Okta SAML application has been created, let’s add users.
-
From the Admin console, select Directory > People.
-
Click Add Person.
-
In the Add Person dialog box:
- For User type, select User.
- Enter all required fields: First name, Last name, Username (must be an email), and Primary email.
- For Password, you can choose to have it set by the user or by the admin.
- To continue adding users, click Save and Add Another, then repeat steps 1-4. When done adding all users, click Save.
Assign users to your app
- From the Admin console, go back to Applications > Applications.
- Under Browse App Catalog, select the application you've just created.
- From your selected application, under the Assignments tab, click Assign > Assign to People.
- Find the user to be assigned to your application, and click Assign.
- Repeat this step for all users.
- Click Done when finished adding all users. The new users now appear under People.
Get IdP SSO metadata
- From the Admin console, go back to Applications > Applications.
- Under Browse App Catalog, select your application.
- Click the Sign On tab.
- From the SAML Signing Certificates section, click Actions > View IdP metadata of the active certificate.
- Copy the URL from the tab that opened. You’ll use this URL in the next step on the AppsFlyer platform.
Complete the process in AppsFlyer
Now that you've configured the IdP part, go back to AppsFlyer to complete the configuration. You can then test to see that it works.