To configure PingOne as an identity provider for Amazon Alexa Skills, perform the following steps.
-
Build a new PingOne
application.
- Log in to your PingOne Administration console.
- Go to Connections > Applications.
- Click + Application.
- Click Advanced Configuration and then click Configure OIDC.
- Enter your application name. Click Next.
-
Enter a dummy URL in the Redirect URLs field. Click
Save and Continue.
Note: You will update the URL after you have configured Amazon Alexa.
- On the Grant Access page, click Save and Continue.
- On the Applications page, click the expand icon on your new application and then click the pencil icon to edit.
-
On the Configuration tab, click Generate
New Secret and then configure your application using the
following table as a guide.
Parameter Value Response Type Code and Token Grant Type Authorization Code, Implicit, Client Credentials, and Refresh Token Redirect URLs https://www.example.com Token Endpoint Authentication Method Client Secret Basic Note: Copy your Client ID, Client Secret, Authorization URL, and Token Endpoint as they are required for Alexa skills configurations later. -
On the Access tab, click the plus icon for the
email
andp1:read:user
scopes to add them to the Scopes Grant list. Click Save.Note: You can add more scope grants, but only the previous two are required. - Return to the Application page and click the toggle to enable your application.
-
Build a new Amazon Alexa skill.
- Log in to Amazon Alexa Developer Console.
- Go to Your Alexa Consoles > Skills and click Create Skill.
-
Build your Alexa skill with a custom configuration.
Note: For documentation on building an Alexa skill, see Steps to Build a Custom Skill
-
Link your PingOne application
to your Alexa skill.
- In your Alexa Developer Console, select your Alexa skill and click Account Linking on the sidebar.
-
Enter the information for your PingOne application using the following table as a guide.
Parameter Value Do you allow users to create an account or link to an existing account with you? Enabled Allow users to enable skill without account linking Disabled Authorization grant type Auth Code Grant Authorization URI Your PingOne Authorization URI Access Token URI Your PingOne Token Endpoint Client ID Your PingOne Client ID from step 9 Client Secret Your PingOne Client Secret from step 9 Client Authentication Scheme HTTP Basic Scope email, p1:read:user, and p1:read:environment Domain List auth.pingone.com and api.pingone.com Default Access Token Expiration Time 30 Note: Copy the URLs from the Redirect URLs field as they are required in the next step.
-
Enter the redirect URLs from your Alexa skill into PingOne.
- Log into your PingOne Administration Console.
- Go to Connections > Applications.
- To edit your application, click the expand icon and then click the pencil icon.
- Click the Configuration tab and then paste the redirect URLs into the Redirect URLs field. Click Save.
-
To beta test your Alexa skills, register your Alexa Account as a beta tester.
- In your Alexa Developer Console, go to Distribution > Availability and expand the Beta Test section.
- Add your email address to Beta Test Administrator Email Address and click Add.
-
Test account linking on the Amazon Alexa site.
- Log in to Amazon Alexa.
- Locate your skill and then click Link Account.
- You will be redirected to PingOne. Provide your credentials.
Once successfully linked, a confirmation screen will appear.