Before you create a Worker application, have the following information ready:

  • The app name and description
  • Redirect URLs for authentication (required for interactive applications only)

You can use Worker applications to create a userless service app that can perform administrator functions. Role assignments determine the functions that the app can perform.

Required grant type
By default, Worker applications are configured with the required Client Credentials grant type. They can also be configured to support additional grant/response types, similar to the other app types. The Worker application can also perform administrator functions with the role of its user. To accomplish this task, give the app one or more additional grant types, which are used instead of the role assignments.
Required roles
A role is a collection of permissions that can be assigned to a user. Of the many roles that PingOne includes by default, only the Identity Data Admin role, which manages identities and identity data, is required for the Worker app that you need to create. Permissions center around managing user identities and include functions like creating users, resetting a user's password, and creating, editing, and deleting populations.

To create and configure a Worker app in PingOne:

  1. In the PingOne admin portal, go to Connections > Applications.
  2. Click the + icon.
  3. Create the application profile by entering the following:
    • Application name: A unique identifier for the application.
    • Description (optional): A brief characterization of the application.
    • Icon (optional): A graphic representation of the application. Use a file up to 1MB in JPG, JPEG, GIF, or PNG format.

    A screen capture showing the PingOne administrative console Add Application page with name, description, and icon fields shown.
  4. In the Choose Application Type section, click Worker.

    A screen capture showing the PingOne admin portal Add Application page with Worker selected from the Choose Application Type section.
  5. Click Save.

    The app is displayed on the Applications page.

  6. Make note of the OAuth Client ID, which appears directly below the name of the app.

    This value is required when creating a PingOne sync destination or source.

  7. Click the Configuration tab, and then click the Pencil icon to edit the configuration:
    1. In the General section, make note of the Client Secret.

      This value is required when creating a PingOne sync destination or source.


      A screen capture showing the PingOne admin portal Edit Configuration page with the Client Secret section highlighted.
    2. For Grant Type, select the Client Credentials check box.

      A screen capture showing the PingOne admin portal Edit Configuration page in the Grant Type section with the Client Credentials check box highlighted.
    3. For a token endpoint authentication method, click Client Secret Post.

      A screen capture showing the PingOne admin portal Edit Configuration page in the Token Endpoint Authentication Method section with Client Secret Post selected.
    4. Click Save.
  8. Click the toggle to enable the application.

    A screen capture showing the PingOne admin portal application Profile tab with the enable toggle set to enable.
  9. In the left navigation pane, click Environment > Properties.
  10. Make note of the Environment ID.

    This value is required when creating a PingOne sync destination or source.

Use your Worker application as a sync source or destination for PingOne: