--- title: Adding a worker application for the PingOne Authorize service description: After PingOne Authorize is in your PingOne environment, add a worker application to enable dynamic authorization API actions for the service. component: pingone page_id: pingone:authorization_using_pingone_authorize:p1az_adding_worker_app canonical_url: https://docs.pingidentity.com/pingone/authorization_using_pingone_authorize/p1az_adding_worker_app.html revdate: May 28, 2025 section_ids: steps: Steps result: Result: next-steps: Next steps --- # Adding a worker application for the PingOne Authorize service After PingOne Authorize is in your PingOne environment, add a worker application to enable dynamic authorization API actions for the service. PingOne integrates with client applications through application connections that define access to PingOne resources. A worker application is a userless service application connection that can perform administrator functions. Access is encoded in the worker application's access token, which you submit with API requests. Learn more about how PingOne manages access to applications in [Applications](../applications/p1_application_types.html). | | | | - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | You must assign the Environment Admin and Identity Data Admin roles, or a custom role with equivalent permissions, to the worker application after you create it. Learn more in [Configuring roles for a worker application](../applications/p1_configurerolesforworkerapplication.html). | ## Steps 1. In the PingOne admin console, go to **Applications > Applications**. 2. Click the **[icon: plus, set=fa]**icon next to **Applications**. 3. For **Application Name** and **Description**, enter a unique identifier for the application and a brief characterization of the application. ![Screen capture showing the name and description of the worker app on the Create App Profile page.](_images/asu1638650528863.png) 4. For the **Application Type**, click **Worker**. 5. Click **Save**. ### Result: The **Applications** page displays your worker application. 6. On the **Roles** tab, click **Grant Roles**. 7. In **Available responsibilities**, select the following roles: * **Identity Data Admin** role for your environment * **Environment Admin** role for your organization, or for a specific environment The **Granted responsibilities** tab provides a simplified view of your selected roles. ![Screen capture showing the name and description of the worker app on the Create App Profile page.](_images/p1az-worker-app-roles.png) 8. Click **Save**. 9. []()(Optional) Configure the **Token Endpoint Authentication Method**. [HTTP services](p1_az_connecting_an_http_service.html) that access PingOne APIs with the client credentials grant type expect credentials in the body of a token request (`client_secret_post`) instead of in the `Authorization` header (`client_secret_basic`). 1. On the **Configuration** tab, click the **[icon: pencil, set=fa]**icon. 2. In the **Token Endpoint Authentication Method** list, select **Client Secret Post**. 3. Click **Save**. 10. To enable the application, click the **Enable** toggle. ![Screen capture showing the enable toggle for the worker app.](_images/xiz1638651053664.png) ## Next steps Complete these tutorials to familiarize yourself with PingOne Authorize capabilities: * [Manage API access](p1az_aam_tutorial_manage_api_access.html) * [Build dynamic authorization policies](p1az_dynamic_authorization_tutorials.html)