Configure AppsFlyer SSO in Okta

At a glance: Configure the SSO process using Okta as an identity provider (IdP).

The first step in configuring the AppsFlyer SSO process is done on the Okta platform. Follow the steps below:

Create the AppsFlyer app in Okta

Prerequisite: An Okta account with administrative privileges.

  1. In the Admin Console, go to Applications > Applications.

    Okta_side_menu___applications.png

  2. Click Create App Integration.
  3. In the Create a new app integration dialog box, select SAML 2.0, and click Next.
  4. Under (1) General Settings, in the App name field, enter the name that you want to show in the Okta plugin list of apps.

    Okta_app_name_and_icon__1_.png

  5. [Optional] App logo: Add a logo to appear near the app name.
  6. Click Next.
  7. Under (2) Configure SAML Integration, define the integration according to the following fields:

    okta-create-saml-integration.png

    • Single sign-on URL: Enter the endpoint to which Okta sends the user verification. Use the link according to the callback URL configuration described here
    • Audience URI (SP Entity ID): Enter this link: https://hq1.appsflyer.com
    • Name ID format: Select EmailAddress as the format for identifying the user
    • Application username: Select Okta username
      Note: The email of the Okta user must be the same as the user’s AppsFlyer account email
  8. Click Show Advanced Settings and define the integration according to each of the fields shown in the image below:

    Okta_advanecd_settings__1_.png

  9. Scroll to the end of the page, and click Next.
  10. Select I’m an Okta customer adding an internal app, and click Finish

Create Okta users

Now that the Okta SAML application has been created, let’s add users.

  1. From the Admin console, select Directory > People.

    Okta___directory___people.png

  2. Click Add Person.

    Okta___People___Add_person.png

  3. In the Add Person dialog box:

    Okta_Add_person__1_.png

    • For User type, select User.
    • Enter all required fields: First name, Last name, Username (must be an email), and Primary email.
    • For Password, you can choose to have it set by the user or by the admin. 
  4. To continue adding users, click Save and Add Another, then repeat steps 1-4. When done adding all users, click Save

Assign users to your app

  1. From the Admin console, go back to Applications > Applications.
  2. Under Browse App Catalog, select the application you've just created.

    Okta_side_menu___applications.png

  3. From your selected application, under the Assignments tab, click Assign > Assign to People.

    Okta_sso_assign_to_people.png

  4. Find the user to be assigned to your application, and click Assign.
  5. Repeat this step for all users.
  6. Click Done when finished adding all users. The new users now appear under People

Get IdP SSO metadata

  1. From the Admin console, go back to Applications > Applications.
  2. Under Browse App Catalog, select your application. 
  3. Click the Sign On tab.
  4. From the SAML Signing Certificates section, click Actions > View IdP metadata of the active certificate.

    okta_sso_view_idp_metadata.png

  5. Copy the URL from the tab that opened. You’ll use this URL in the next step on the AppsFlyer platform.

Complete the process in AppsFlyer

Now that you've configured the IdP part, go back to AppsFlyer to complete the configuration. You can then test to see that it works.