To configure PingOne as an identity provider for Amazon Alexa Skills, perform the following steps.

  1. Build a new PingOne application.
    1. Log in to your PingOne Administration console.
    2. Go to Connections > Applications.
    3. Click + Application.
    4. Click Advanced Configuration and then click Configure OIDC.
    5. Enter your application name. Click Next.
    6. Enter a dummy URL in the Redirect URLs field. Click Save and Continue.
      Note: You will update the URL after you have configured Amazon Alexa.
    7. On the Grant Access page, click Save and Continue.
    8. On the Applications page, click the expand icon on your new application and then click the pencil icon to edit.
    9. On the Configuration tab, click Generate New Secret and then configure your application using the following table as a guide.
      Parameter Value
      Response Type Code and Token
      Grant Type Authorization Code, Implicit, Client Credentials, and Refresh Token
      Redirect URLs https://www.example.com
      Token Endpoint Authentication Method Client Secret Basic
      Note: Copy your Client ID, Client Secret, Authorization URL, and Token Endpoint as they are required for Alexa skills configurations later.
    10. On the Access tab, click the plus icon for the email and p1:read:user scopes to add them to the Scopes Grant list. Click Save.
      Note: You can add more scope grants, but only the previous two are required.
    11. Return to the Application page and click the toggle to enable your application.
  2. Build a new Amazon Alexa skill.
    1. Log in to Amazon Alexa Developer Console.
    2. Go to Your Alexa Consoles > Skills and click Create Skill.
    3. Build your Alexa skill with a custom configuration.
      Note: For documentation on building an Alexa skill, see Steps to Build a Custom Skill
  3. Link your PingOne application to your Alexa skill.
    1. In your Alexa Developer Console, select your Alexa skill and click Account Linking on the sidebar.
    2. Enter the information for your PingOne application using the following table as a guide.
      Parameter Value
      Do you allow users to create an account or link to an existing account with you? Enabled
      Allow users to enable skill without account linking Disabled
      Authorization grant type Auth Code Grant
      Authorization URI Your PingOne Authorization URI
      Access Token URI Your PingOne Token Endpoint
      Client ID Your PingOne Client ID from step 9
      Client Secret Your PingOne Client Secret from step 9
      Client Authentication Scheme HTTP Basic
      Scope email, p1:read:user, and p1:read:environment
      Domain List auth.pingone.com and api.pingone.com
      Default Access Token Expiration Time 30
      Note: Copy the URLs from the Redirect URLs field as they are required in the next step.
  4. Enter the redirect URLs from your Alexa skill into PingOne.
    1. Log into your PingOne Administration Console.
    2. Go to Connections > Applications.
    3. To edit your application, click the expand icon and then click the pencil icon.
    4. Click the Configuration tab and then paste the redirect URLs into the Redirect URLs field. Click Save.
  5. To beta test your Alexa skills, register your Alexa Account as a beta tester.
    1. In your Alexa Developer Console, go to Distribution > Availability and expand the Beta Test section.
    2. Add your email address to Beta Test Administrator Email Address and click Add.
  6. Test account linking on the Amazon Alexa site.
    1. Log in to Amazon Alexa.
    2. Locate your skill and then click Link Account.
    3. You will be redirected to PingOne. Provide your credentials.
    Once successfully linked, a confirmation screen will appear.