Create a worker application
A Worker application is an administrator application that can have the same roles as human administrators. Creating a worker application creates a sync destination or source for synchronizing changes to and from PingOne.
Before you begin
Before you create a Worker application, have the following information ready:
-
The app name and description
-
Redirect URLs for authentication (required for interactive applications only)
About this task
You can use Worker applications to create a userless service app that can perform administrator functions. Role assignments determine the functions that the app can perform.
- Required grant type
-
By default, Worker applications are configured with the required Client Credentials grant type. They can also be configured to support additional grant/response types, similar to the other app types. The Worker application can also perform administrator functions with the role of its user. To accomplish this task, give the app one or more additional grant types, which are used instead of the role assignments.
- Required roles
-
A role is a collection of permissions that can be assigned to a user. Of the many roles that PingOne includes by default, only the Identity Data Admin role, which manages identities and identity data, is required for the Worker app that you need to create. Permissions center around managing user identities and include functions like creating users, resetting a user’s password, and creating, editing, and deleting populations.
To create and configure a Worker app in PingOne:
Steps
-
In the PingOne admin portal, go to Connections → Applications.
-
Click the icon.
-
Create the application profile by entering the following:
-
Application name: A unique identifier for the application.
-
Description (optional): A brief characterization of the application.
-
Icon (optional): A graphic representation of the application. Use a file up to 1MB in JPG, JPEG, GIF, or PNG format.
-
-
In the Choose Application Type section, click Worker.
-
Click Save.
Result:
The app is displayed on the Applications page.
-
Make note of the OAuth Client ID, which appears directly below the name of the app.
This value is required when creating a PingOne sync destination or source.
-
Click the Configuration tab, and then click the Pencil icon to edit the configuration:
-
In the General section, make note of the Client Secret.
This value is required when creating a PingOne sync destination or source.
-
For Grant Type, select the Client Credentials check box.
-
For a token endpoint authentication method, click Client Secret Post.
-
Click Save.
-
-
Click the toggle to enable the application.
-
In the left navigation pane, click Environment → Properties.
-
Make note of the Environment ID.
This value is required when creating a PingOne sync destination or source.
Next steps
Use your Worker application as a sync source or destination for PingOne: