You should have the following information ready:

  • Client ID
  • Client secret

Ensure that registration is enabled in the authentication policy. See Editing an authentication policy

  1. In PingOne, go to Connections > External IDPs.
  2. Click + Add Provider.
  3. Click Amazon.
  4. On the Create Profile page, enter the following information:
    • Name: A unique identifier for the IdP.
    • Description: (Optional). A brief characterization of the IdP.
      Note:

      You cannot change the icon and login button, in accordance with the provider's brand standards.

  5. Click Next.
  6. On the Configure Connection page, enter the following information:
    • Client ID: The application ID that you copied earlier from the IdP. You can find this information on the Amazon Developer Console.
    • Client secret: The application secret that you copied earlier from the IdP. You can find this information on the Amazon Developer Console.
  7. Click Save and Continue.
  8. On the Map Attributes page, define how the PingOne user attributes are mapped to identity provider attributes. For more information, see Mapping attributes.
    • Enter the PingOne user profile attribute and the external IdP attribute. For more information about attribute syntax, see Identity provider attributes.
    • To add an attribute, click + Add attribute.
    • To use the expression builder, click Build and test or Advanced Expression. See Using the expression builder.
    • Select the update condition, which determines how PingOne updates its user directory with the values from the identity provider. The options are:
      • Empty only: Update the PingOne attribute only if the existing attribute is empty.
      • Always: Always update the PingOne directory attribute.
      Note:
      You can map the following attributes provided by Amazon:
      • email
      • name
      • user_id
      • postal_code
  9. Click Save and Finish.