At a glance: Configure the SSO process using Ping Identity as an identity provider (IdP).
The first step in configuring the AppsFlyer SSO process is done on the Ping Identity platform. Follow the steps below:
Create the AppsFlyer app in Ping Identity
Prerequisite: A Ping Identity account with administrative privileges.
- In the Ping Identity admin menu, go to Applications and click +.
- From the section opened on the right:
- Enter the name that you want to show in the Ping Identity plugin list of apps.
- Select SAML Application as the app type.
- Click Configure. SAML Configuration appears.
- For authentication starting from the service provider (AppsFlyer), select Import From URL:
- Import URL: https://hq1.appsflyer.com/auth/sso-metadata
- ACS URLs: Enter the following link using your AppsFlyer account ID:
https://hq1.appsflyer.com/auth/sso-callback - Entity ID: Enter the following link: https://hq1.appsflyer.com/
- For authentication starting from the IdP (Ping Identity), select Manually Enter:
- ACS URLs: Enter the following link using your AppsFlyer account ID:
https://hq1.appsflyer.com/auth/sso/acc/<Enter your AppsFlyer account ID here> - Entity ID: Enter the following link: https://hq1.appsflyer.com/
- ACS URLs: Enter the following link using your AppsFlyer account ID:
- For authentication starting from the service provider (AppsFlyer), select Import From URL:
- Click Save.
- Under the Configuration tab:
- Click Download Metadata.
- From the top right corner, click the Edit icon and enter the fields below:
- SIGNING KEY:
- Select Sign Assertion & Response.
- Signing Algorithm: Select RSA_SHA256.
- ENCRYPTION:
- Select Enable Encryption.
- ALGORITHM: Select AES_256.
- CERTIFICATE:
- Select Import and upload the AppsFlyer encryption certificate. This certificate is signed by AppsFlyer and is used to both encrypt and sign the request.
Note: You can upload the AppsFlyer certificate signed by Amazon. Contact your CSM to obtain this certificate. - Select Enforced Signed Authn Request.
- Select Import and upload the AppsFlyer encryption certificate. This certificate is signed by AppsFlyer and is used to both encrypt and sign the request.
- SIGNING KEY:
- Click Save.
- Under the Attribute Mappings tab, click the Edit icon and select Email Address under PingOne Mappings.
- Click Save.
Create Ping Identity groups
Now that the Ping Identity SAML application is created, let’s create user groups and then add users to the groups.
- In the Ping Identity admin menu, go to Identity > Groups and click +.
- From the section opened on the right, enter the group name and click Save.
- Repeat steps 1-2 for all user groups.
Create Ping identity users and assign them to groups and roles
- In the Ping Identity admin menu, go to Identity > Users and click +.
- From the section opened on the right:
- Enter the user's name and email address.
- Select Administrator Population.
- Create a one-time password for the user or click Generate Password to have one generated for the user. When the user enters Ping Identity, they'll need to create
- Click Save.
- Click the Edit button for Groups, check the group to add the user, and click Save.
- Click the Roles tab > Grant roles, select the roles for the user, and click Save.
Provide access to your groups and activate the app
Provide access to your groups
- In the Ping Identity admin menu, go to Connections > Applications and select the app you created.
- From the section opened on the right, select the Access tab and click the Edit button.
- Select the group or groups you created, and click Save.
Activate the app
- In the Ping Identity admin menu, go to Connections > Applications and select the app you created.
- Activate the app.
Complete the process in AppsFlyer
Now that you've configured the IdP part, go back to AppsFlyer to complete the configuration. You can then test to see that it works.