Use Cases

Configuring PingOne for Amazon Alexa account linking

About this task

To configure PingOne as an identity provider for Amazon Alexa Skills, perform the following steps.

Steps

  1. Build a new PingOne application.

    1. Sign on to your PingOne admin console.

    2. Go to Connections > Applications.

    3. Click Application.

    4. Click Advanced Configuration and then click Configure OIDC.

    5. Enter your application name. Click Next.

    6. Enter a dummy URL in the Redirect URLs field. Click Save and Continue.

      You will update the URL after you have configured Amazon Alexa.
    7. On the Grant Access page, click Save and Continue.

    8. On the Applications page, click the expand icon on your new application and then click the pencil icon to edit.

    9. On the Configuration tab, click Generate New Secret and then configure your application using the following table as a guide.

      Parameter Value

      Response Type

      Code and Token

      Grant Type

      Authorization Code, Implicit, Client Credentials, and Refresh Token

      Redirect URLs

      https://www.example.com

      Token Endpoint Authentication Method

      Client Secret Basic

      Copy your Client ID, Client Secret, Authorization URL, and Token Endpoint. They are required for Alexa skills configurations later.

    10. On the Access tab, click the Plus icon for the email and p1:read:user scopes to add them to the Scopes Grant list. Click Save.

      You can add more scope grants, but only the previous two are required.
    11. Return to the Application page and click the toggle to enable your application.

  2. Build a new Amazon Alexa skill.

    1. Sign on to Amazon Alexa Developer Console.

    2. Go to Your Alexa Consoles > Skills and click Create Skill.

    3. Build your Alexa skill with a custom configuration.

      You can find more information on building an Alexa skill in Steps to Build a Custom Skill

  3. Link your PingOne application to your Alexa skill.

    1. In your Alexa Developer Console, select your Alexa skill and click Account Linking on the sidebar.

    2. Enter the information for your PingOne application using the following table as a guide.

      Parameter Value

      Do you allow users to create an account or link to an existing account with you?

      Enabled

      Allow users to enable skill without account linking

      Disabled

      Authorization grant type

      Auth Code Grant

      Authorization URI

      Your PingOne Authorization URI

      Access Token URI

      Your PingOne Token Endpoint

      Client ID

      Your PingOne Client ID from step 9

      Client Secret

      Your PingOne Client Secret from step 9

      Client Authentication Scheme

      HTTP Basic

      Scope

      email, p1:read:user, and p1:read:environment

      Domain List

      auth.pingone.com and api.pingone.com

      Default Access Token Expiration Time

      30

      Copy the URLs from the Redirect URLs field. They are required in the next step.

  4. Enter the redirect URLs from your Alexa skill into PingOne.

    1. Sign on to your PingOne admin console.

    2. Go to Connections > Applications.

    3. To edit your application, click the Expand icon and then click the Pencil.

    4. Click the Configuration tab and then paste the redirect URLs into the Redirect URLs field. Click Save.

  5. To beta test your Alexa skills, register your Alexa Account as a beta tester.

    1. In your Alexa Developer Console, go to Distribution > Availability and expand the Beta Test section.

    2. Add your email address to Beta Test Administrator Email Address and click Add.

  6. Test account linking on the Amazon Alexa site.

    1. Sign on to Amazon Alexa.

    2. Locate your skill and then click Link Account.

    3. You will be redirected to PingOne. Provide your credentials.

      Result:

      After you’ve successfully linked, a confirmation screen will appear.