A Worker application is an administrator application that can have the same roles as human administrators. You can use Worker applications to create a userless service app that can perform administrator functions. Role assignments determine the functions that the app can perform.

Required grant type

By default, Worker applications are configured with the required Client Credentials grant type. They can also be configured to support additional grant/response types, similar to the other app types.

The Worker application can also perform administrator functions with the role of its user. To accomplish this task, give the app one or more additional grant types, which are used instead of the role assignments.

Required roles

A role is a collection of permissions that can be assigned to a user. Of the many roles that PingOne for Customers includes by default, only the Identity Data Admin role, which manages identities and identity data, is required for the Worker app that you need to create. Permissions center around managing user identities and include functions like creating users, resetting a user's password, and creating, editing, and deleting populations.

Create a Worker application

Before you create a Worker application, make certain you have the following information ready:
  • The app name and description
  • Redirect URLs for authentication (required for interactive applications only)
Perform the following steps to create a Worker app:
  1. At the top of the Administrator Console, click Connections.
  2. Click Applications, and then click + Application.
  3. From the list of application types, select Worker.
  4. Click Configure to view the Create App Profile page.
  5. Specify the following information:
    • Application name – Unique identifier for the app.
    • Optional: Description – Brief characterization of the app.
    • Optional: Icon – Pictorial representation of the app. Use a file up to 1MB in JPG, JPEG, GIF, or PNG format.
  6. Click Save and Close.

    The app is displayed on the Applications page.

  7. Make note of the OAuth client ID, which appears directly below the name of the app.

    This value is required when creating a PingOne for Customers sync destination or source.

  8. From the drop-down list to the right of the app, select Edit (Pencil).
  9. Click Configuration.
  10. In the Basic Configuration section, make a note of the client secret.

    This value is required when creating a PingOne for Customers sync destination or source.

  11. In the Advanced Configuration section, make the following selections:
    • For grant type, select Client Credentials.
    • For a token endpoint authentication method, select Client Secret Post.
  12. Click Save.
  13. In the upper-left corner, click To Application List.
  14. Enable the app by toggling the corresponding on/off switch.

    The switch appears green when the app is enabled.

  15. At the top of the Administrator Console, click Settings.
  16. In the navigation panel to the left, click Environment > > > Properties.
  17. Make note of the environment ID.

    This value is required when creating a PingOne for Customers sync destination or source.

For more information, refer to PingOne for Customers Administration Guide.