Configure AppsFlyer SSO in OneLogin

At a glance: Configure the SSO process using OneLogin as an identity provider (IdP).

The first stage in configuring the AppsFlyer SSO process is done on the OneLogin platform. Follow the steps below:

Create the AppsFlyer app in OneLogin

Prerequisite: A OneLogin account with administrative privileges.

  1. In the OneLogin admin console, go to Applications > Applications.
  2. From the top right, click Add App.
  3. Search for and select SAML Custom Connector (Advanced).

    onelogin_saml_app.png

  4. In the Display Name field, enter the name to show in the OneLogin plugin list of apps.
  5. [Optional] App logo: Add a logo to appear near the app name.
  6. [Optional] Add a description.
  7. Click Save. A success message appears at the top.
  8. Go to the Configuration tab on the side menu.
  9. Define the integration according to the following fields:
    • Audience (EntityID): Enter this link: https://hq1.appsflyer.com
    • ACS (Consumer) URL Validation, ACS (Consumer) URL: Enter the endpoint to which OneLogin sends the user verification. Use the link according to the callback URL configuration described here
    • Recipient: Enter the same URL as entered in the ACS (Consumer) URL field.
    • Login URL: Enter the AppsFlyer login URL.
    • SAML not valid before, SAML not valid on or after: Specify the time period (in minutes) the assertion is valid for.
    • SAML initiator: Select from where authentication begins:
      • For authentication starting from the IdP, select OneLogin
      • For authentication starting from AppsFlyer, select Service Provider
    • SAML nameID format: Select Email.
    • SAML issuer type: Select Specific.
    • SAML signature element: Select Both.
    • Encrypt assertion: Select this checkbox.
    • SAML encryption method: Select AES-256-CBC.
  10. Click Save.
  11. Assertion encryption: 
    1. Open the SSO metadata URL and copy the encryption certificate value.
    2. Go back to the Configuration tab and paste it into the SAML encryption text box.
    3.  Click Save.

Get IdP SSO metadata

  1. From your selected application (Applications > Applications), select SSO from the side menu.
  2. Copy the Issuer URL and paste it into a new tab to download the SSO metadata.

Create OneLogin users

  1. From the top menu, go to Users > Users
  2. Click New User from the top right.
  3. Enter the user's First name, Last name, and Email
  4. From the top right, click Save User then More Actions, and select Change Password to set the user a password.
  5. Set a password for the user and click Update.

Assign users to your app

  1. Go to the Application tab in the side menu of the selected user.
  2. Click the + sign near Applications.
  3. Select the AppsFlyer app you've created and click Continue.

    onelogin_assign_app.png

  4. From the top menu, go to Applications > Applications.
  5. Select the application you've just created.
  6. Click Save.

Complete the process in AppsFlyer

Now that you've configured the IdP part, go back to AppsFlyer to complete the configuration. You can then test to see that it works.