You can use Worker applications to create a userless service app that can perform administrator functions. Role assignments determine the functions that the app can perform.

Required grant type

By default, Worker applications are configured with the required Client Credentials grant type. They can also be configured to support additional grant/response types, similar to the other app types.

The Worker application can also perform administrator functions with the role of its user. To accomplish this task, give the app one or more additional grant types, which are used instead of the role assignments.

Required roles

A role is a collection of permissions that can be assigned to a user. Of the many roles that PingOne includes by default, only the Identity Data Admin role, which manages identities and identity data, is required for the Worker app that you need to create. Permissions center around managing user identities and include functions like creating users, resetting a user's password, and creating, editing, and deleting populations.