--- title: Prerequisites description: Before attempting to synchronize changes to or from a PingOne environment, make certain the prerequisites in this section are satisfied. component: pingdirectory version: 11.0 page_id: pingdirectory:pingdatasync_server_administration_guide:pd_sync_prerequisites canonical_url: https://docs.pingidentity.com/pingdirectory/11.0/pingdatasync_server_administration_guide/pd_sync_prerequisites.html revdate: September 13, 2023 page_aliases: ["pd_sync_create_p1_worker_app.adoc", "pd_sync_p1_user_resource_model.adoc"] section_ids: pds_create_p1_worker: Create a worker application before-you-begin: Before you begin about-this-task: About this task steps: Steps result: Result: next-steps: Next steps review-the-pingone-user-resource-model: Review the PingOne user resource model --- # Prerequisites Before attempting to synchronize changes to or from a PingOne environment, make certain the prerequisites in this section are satisfied. ## Create a worker application A worker application is an administrator application that can have the same roles as human administrators. Creating a worker application creates a sync destination or source for synchronizing changes to and from PingOne. ### Before you begin Before you create a worker application, have the following information ready: * The app name and description * Redirect URLs for authentication (required for interactive applications only) ### About this task You can use worker applications to create a userless service app that can perform administrator functions. Role assignments determine the functions that the app can perform. * Required grant type By default, worker applications are configured with the required Client Credentials grant type. They can also be configured to support additional grant/response types, similar to the other app types. The worker application can also perform administrator functions with the role of its user. To accomplish this task, give the app one or more additional grant types, which are used instead of the role assignments. * Required roles A role is a collection of permissions that can be assigned to a user. Of the many roles that PingOne includes by default, only the Identity Data Admin role, which manages identities and identity data, is required for the worker app that you need to create. Permissions center around managing user identities and include functions like creating users, resetting a user's password, and creating, editing, and deleting populations. To create and configure a worker app in PingOne: ### Steps 1. In the PingOne admin portal, go to **Connections → Applications**. 2. Click the **[icon: plus, set=fa]**icon. 3. Create the application profile by entering the following: * **Application name**: A unique identifier for the application. * **Description** (optional): A brief characterization of the application. * **Icon** (optional): A graphic representation of the application. Use a file up to 1MB in JPG, JPEG, GIF, or PNG format. ![A screen capture showing the admin console Add Application page with name, description, and icon fields shown.](_images/wgw1648570422457.png) 4. In the **Choose Application Type** section, click **Worker**. ![A screen capture showing the admin portal Add Application page with Worker selected from the Choose Application Type section.](_images/peq1648570481517.png) 5. Click **Save**. #### Result: The app is displayed on the **Applications** page. 6. Make note of the OAuth **Client ID**, which appears directly below the name of the app. This value is required when creating a PingOne sync destination or source. 7. Click the **Configuration** tab, and then click the **Pencil** icon to edit the configuration: 1. In the **General** section, make note of the **Client Secret**. This value is required when creating a PingOne sync destination or source. ![A screen capture showing the admin portal Edit Configuration page with the Client Secret section highlighted.](_images/qbs1648838051417.png) 2. For **Grant Type**, select the **Client Credentials** check box. ![A screen capture showing the admin portal Edit Configuration page in the Grant Type section with the Client Credentials check box highlighted.](_images/imx1648838162087.png) 3. For a token endpoint authentication method, click **Client Secret Post**. ![A screen capture showing the admin portal Edit Configuration page in the Token Endpoint Authentication Method section with Client Secret Post selected.](_images/kza1648838278466.png) 4. Click **Save**. 8. Click the toggle to enable the application. ![A screen capture showing the admin portal application Profile tab with the enable toggle set to enable.](_images/yhs1648572533325.png) 9. In the left navigation pane, click **Environment → Properties**. 10. Make note of the **Environment ID**. This value is required when creating a PingOne sync destination or source. ### Next steps Use your worker application as a sync source or destination for PingOne: * [Synchronize changes to a PingOne environment](pd_sync_changes_p1_env.html). * [Synchronize changes from a PingOne environment](pd_sync_changes_from_p1.html). ## Review the PingOne user resource model A user resource is a unique identity within PingOne that interacts with the applications and services in the environment to which the user is assigned. Users are associated with an environment and a population, and the service implements directory functions to create, read, update, delete, and search for user resources. Learn more in the [PingOne Platform API Reference](https://developer.pingidentity.com/pingone-api/introduction.html). The **username** field is required with the PingOne user resource model. This field is a string that specifies the user name, which must be unique within an environment. Limited to 128 characters in length, the **username** must be a well-formed email address or a string of any Unicode letter, mark (like an accent or umlaut), dot, underscore, or hyphen.