Configure AppsFlyer SSO in Ping Identity

At a glance: Configure the SSO process using Ping Identity as an identity provider (IdP).

The first step in configuring the AppsFlyer SSO process is done on the Ping Identity platform. Follow the steps below: 

Create the AppsFlyer app in Ping Identity

Prerequisite: A Ping Identity account with administrative privileges.

  1. In the Ping Identity admin menu, go to Applications and click +.
  2. From the section opened on the right:
    • Enter the name that you want to show in the Ping Identity plugin list of apps.
    • Select SAML Application as the app type.
  3. Click Configure. SAML Configuration appears.      
  4. Click Save
  5. Under the Configuration tab:
    1. Click Download Metadata
    2. From the top right corner, click the Edit icon and enter the fields below:

      ping

      • SIGNING KEY:
        • Select Sign Assertion & Response
        • Signing Algorithm: Select RSA_SHA256.
      • ENCRYPTION:
        • Select Enable Encryption.
        • ALGORITHM: Select AES_256.
      • CERTIFICATE: 
        • Select Import and upload the AppsFlyer encryption certificate. This certificate is signed by AppsFlyer and is used to both encrypt and sign the request.
          Note: You can upload the AppsFlyer certificate signed by Amazon. Contact your CSM to obtain this certificate.
        • Select Enforced Signed Authn Request.
  6. Click Save.
  7. Under the Attribute Mappings tab, click the Edit icon and select Email Address under PingOne Mappings.

    ping-identity

  8. Click Save.

Create Ping Identity groups

Now that the Ping Identity SAML application is created, let’s create user groups and then add users to the groups.

  1. In the Ping Identity admin menu, go to Identity > Groups and click +.

    ping

  2. From the section opened on the right, enter the group name and click Save.
  3. Repeat steps 1-2 for all user groups.

Create Ping identity users and assign them to groups and roles

  1. In the Ping Identity admin menu, go to Identity > Users and click +.

    ping

  2. From the section opened on the right:
    1. Enter the user's name and email address.
    2. Select Administrator Population.
    3. Create a one-time password for the user or click Generate Password to have one generated for the user. When the user enters Ping Identity, they'll need to create 
    4. Click Save.
  3. Click the Edit button for Groups, check the group to add the user, and click Save
  4. Click the Roles tab > Grant roles, select the roles for the user, and click Save.

Provide access to your groups and activate the app

Provide access to your groups

  1. In the Ping Identity admin menu, go to ConnectionsApplications and select the app you created.

    pi-applications.png

  2. From the section opened on the right, select the Access tab and click the Edit button.
  3. Select the group or groups you created, and click Save.

Activate the app

  1. In the Ping Identity admin menu, go to ConnectionsApplications and select the app you created.
  2. Activate the app.

    pi-appsflyer

Complete the process in AppsFlyer

Now that you've configured the IdP part, go back to AppsFlyer to complete the configuration. You can then test to see that it works.