Configuring PingOne for Amazon Alexa account linking
About this task
To configure PingOne as an identity provider for Amazon Alexa Skills, perform the following steps.
Steps
-
Build a new PingOne application.
-
Sign on to your PingOne admin console.
-
Go to Connections > Applications.
-
Click Application.
-
Click Advanced Configuration and then click Configure OIDC.
-
Enter your application name. Click Next.
-
Enter a dummy URL in the Redirect URLs field. Click Save and Continue.
You will update the URL after you have configured Amazon Alexa. -
On the Grant Access page, click Save and Continue.
-
On the Applications page, click the expand icon on your new application and then click the pencil icon to edit.
-
On the Configuration tab, click Generate New Secret and then configure your application using the following table as a guide.
Parameter Value Response Type
Code
andToken
Grant Type
Authorization Code
,Implicit
,Client Credentials
, andRefresh Token
Redirect URLs
https://www.example.com
Token Endpoint Authentication Method
Client Secret Basic
Copy your
Client ID,
Client Secret
,Authorization URL
, andToken Endpoint
. They are required for Alexa skills configurations later. -
On the Access tab, click the Plus icon for the
email
andp1:read:user
scopes to add them to the Scopes Grant list. Click Save.You can add more scope grants, but only the previous two are required. -
Return to the Application page and click the toggle to enable your application.
-
-
Build a new Amazon Alexa skill.
-
Sign on to Amazon Alexa Developer Console.
-
Go to Your Alexa Consoles > Skills and click Create Skill.
-
Build your Alexa skill with a custom configuration.
You can find more information on building an Alexa skill in Steps to Build a Custom Skill
-
-
Link your PingOne application to your Alexa skill.
-
In your Alexa Developer Console, select your Alexa skill and click Account Linking on the sidebar.
-
Enter the information for your PingOne application using the following table as a guide.
Parameter Value Do you allow users to create an account or link to an existing account with you?
Enabled
Allow users to enable skill without account linking
Disabled
Authorization grant type
Auth Code Grant
Authorization URI
Your PingOne Authorization URI
Access Token URI
Your PingOne Token Endpoint
Client ID
Your PingOne Client ID from step 9
Client Secret
Your PingOne Client Secret from step 9
Client Authentication Scheme
HTTP Basic
Scope
email
,p1:read:user
, andp1:read:environment
Domain List
auth.pingone.com
andapi.pingone.com
Default Access Token Expiration Time
30
Copy the URLs from the Redirect URLs field. They are required in the next step.
-
-
Enter the redirect URLs from your Alexa skill into PingOne.
-
Sign on to your PingOne admin console.
-
Go to Connections > Applications.
-
To edit your application, click the Expand icon and then click the Pencil.
-
Click the Configuration tab and then paste the redirect URLs into the Redirect URLs field. Click Save.
-
-
To beta test your Alexa skills, register your Alexa Account as a beta tester.
-
In your Alexa Developer Console, go to Distribution > Availability and expand the Beta Test section.
-
Add your email address to Beta Test Administrator Email Address and click Add.
-
-
Test account linking on the Amazon Alexa site.
-
Sign on to Amazon Alexa.
-
Locate your skill and then click Link Account.
-
You will be redirected to PingOne. Provide your credentials.
Result:
After you’ve successfully linked, a confirmation screen will appear.
-