diff --git a/README.md b/README.md
index 141ad1f..fa6aa25 100644
--- a/README.md
+++ b/README.md
@@ -5,5 +5,6 @@ Supplemental documentation and examples in addition to the provider-specific doc
 ## Published Providers
 
 * [PingDirectory](https://registry.terraform.io/providers/pingidentity/pingdirectory/latest)
+* [PingFederate](https://registry.terraform.io/providers/pingidentity/pingfederate/latest)
 * [PingOne](https://registry.terraform.io/providers/pingidentity/pingone/latest)
 * [PingOne DaVinci](https://registry.terraform.io/providers/pingidentity/davinci/latest)
diff --git a/docs/best-practices/davinci/index.md b/docs/best-practices/davinci/index.md
index d07b450..cd1900b 100644
--- a/docs/best-practices/davinci/index.md
+++ b/docs/best-practices/davinci/index.md
@@ -32,14 +32,15 @@ resource "pingone_environment" "my_environment" {
   type        = "SANDBOX"
   license_id  = var.license_id
 
-  service {
-    type = "SSO"
-  }
-
-  service {
-    type = "DaVinci"
-    tags = ["DAVINCI_MINIMAL"]
-  }
+  services = [
+    {
+      type = "SSO"
+    },
+    {
+      type = "DaVinci"
+      tags = ["DAVINCI_MINIMAL"]
+    }
+  ]
 }
 ```
 
diff --git a/docs/best-practices/index.md b/docs/best-practices/index.md
index c12aeee..7909900 100644
--- a/docs/best-practices/index.md
+++ b/docs/best-practices/index.md
@@ -319,7 +319,7 @@ terraform {
   required_providers {
     pingone = {
       source  = "pingidentity/pingone"
-      version = "~> 0.27"
+      version = "~> 1.0"
     }
     time = {
       source  = "hashicorp/time"
diff --git a/docs/best-practices/pingone/index.md b/docs/best-practices/pingone/index.md
index 57acf89..687b9b5 100644
--- a/docs/best-practices/pingone/index.md
+++ b/docs/best-practices/pingone/index.md
@@ -106,13 +106,13 @@ resource "pingone_password_policy" "my_password_policy" {
 
   name        = "My awesome password policy"
   
-  exclude_commonly_used_passwords = true
-  exclude_profile_data            = true
-  not_similar_to_current          = true
+  excludes_commonly_used_passwords = true
+  excludes_profile_data            = true
+  not_similar_to_current           = true
 
-  password_history {
-    prior_password_count = 6
-    retention_days       = 365
+  history = {
+    count          = 6
+    retention_days = 365
   }
 
   # ... other configuration parameters
@@ -149,10 +149,10 @@ resource "pingone_application" "my_application" {
   name = "My Awesome App"
   enabled        = true
 
-  oidc_options {
+  oidc_options = {
     type                        = "WORKER"
     grant_types                 = ["CLIENT_CREDENTIALS"]
-    token_endpoint_authn_method = "CLIENT_SECRET_BASIC"
+    token_endpoint_auth_method  = "CLIENT_SECRET_BASIC"
   }
 
   # ... other configuration parameters
@@ -178,15 +178,18 @@ The PingOne Terraform provider has a provider-level parameter named `global_opti
 
 There are two parameters that allow force-deletion of configuration, which could result in loss of data if not correctly used.
 
-### `environment.production_type_force_delete`<a href="https://registry.terraform.io/providers/pingidentity/pingone/latest/docs#production_type_force_delete" target="_blank">:octicons-link-external-16:</a>
+### `global_options.environment.production_type_force_delete`<a href="https://registry.terraform.io/providers/pingidentity/pingone/0.29.2/docs#production_type_force_delete" target="_blank">:octicons-link-external-16:</a>
 
-The purpose of the parameter is to override the API level restriction of not being able to destroy environments of type "PRODUCTION".  The default value of this parameter is `false`, meaning that environments will not be force-deleted if a `pingone_environment`<a href="https://registry.terraform.io/providers/pingidentity/pingone/latest/docs/resources/environment" target="_blank">:octicons-link-external-16:</a> resource that has a `type` value of `PRODUCTION` has a destroy plan when run in the `terraform apply` phase.  Use of this parameter is designed to help facilitate development, testing or demonstration purposes and should be set to `false` (or left undefined) for environments that carry production data.
+!!! warning "Legacy Functionality"
+    The `global_options.environment.production_type_force_delete` global option was removed in the PingOne Terraform provider version `v1.0`.  This section applies to prior provider versions (`<= v0.29`).
+
+The purpose of the parameter is to override the API level restriction of not being able to destroy environments of type "PRODUCTION".  The default value of this parameter is `false`, meaning that environments will not be force-deleted if a `pingone_environment`<a href="https://registry.terraform.io/providers/pingidentity/pingone/0.29.2/docs/resources/environment" target="_blank">:octicons-link-external-16:</a> resource that has a `type` value of `PRODUCTION` has a destroy plan when run in the `terraform apply` phase.  Use of this parameter is designed to help facilitate development, testing or demonstration purposes and should be set to `false` (or left undefined) for environments that carry production data.
 
 The implementation of this option is that the environment type will be changed from `PRODUCTION` to `SANDBOX` before a delete API request is issued.  Consider instead changing the type to `SANDBOX` manually before running a plan that destroys an environment, instead of using this parameter.
 
 Misuse of the parameter may lead to unintended data loss and must be used with caution.
 
-### `population.contains_users_force_delete`<a href="https://registry.terraform.io/providers/pingidentity/pingone/latest/docs#contains_users_force_delete" target="_blank">:octicons-link-external-16:</a>
+### `global_options.population.contains_users_force_delete`<a href="https://registry.terraform.io/providers/pingidentity/pingone/latest/docs#contains_users_force_delete" target="_blank">:octicons-link-external-16:</a>
 
 The purpose of the parameter is to override the API level restriction of not being able to destroy populations that contain user data.  The default value of this parameter is `false`, meaning that populations that contain user data will not be force-deleted if a `pingone_population`<a href="https://registry.terraform.io/providers/pingidentity/pingone/latest/docs/resources/population" target="_blank">:octicons-link-external-16:</a> resource has a destroy plan when run in the `terraform apply` phase.  Use of this parameter is designed to help facilitate development, testing or demonstration purposes where non-production user data is created and can be safely discarded.  The parameter should be set to `false` (or left undefined) for environments that carry production data.
 
@@ -205,7 +208,7 @@ For example:
 resource "pingone_schema_attribute" "my_attribute" {
   environment_id = pingone_environment.my_environment.id
 
-  name         = "myAttribute"
+  name = "myAttribute"
   
   # ... other configuration parameters
 
diff --git a/docs/examples/pingone/role-assignment.md b/docs/examples/pingone/role-assignment.md
index 873e54e..42fb3ac 100644
--- a/docs/examples/pingone/role-assignment.md
+++ b/docs/examples/pingone/role-assignment.md
@@ -35,9 +35,9 @@ Next, we fetch the required roles using the `pingidentity/utils/pingone`<a href=
 ``` terraform
 module "admin_utils" {
   source  = "pingidentity/utils/pingone"
-  version = "0.0.8"
+  version = "0.1.0"
   
-  region         = "EU" // Will be either NA, EU, CA or AP depending on your tenant region.
+  region_code    = "EU" // Will be either NA, EU, CA, AU or AP depending on your tenant region.
   environment_id = var.pingone_admin_environment_id
 }
 ```
@@ -49,9 +49,11 @@ resource "pingone_environment" "my_environment" {
   type        = "SANDBOX"
   license_id  = var.license_id
 
-  service {
-    type = "SSO"
-  }
+  services = [
+    {
+      type = "SSO"
+    }
+  ]
 }
 ```
 
diff --git a/docs/faq/pingone.md b/docs/faq/pingone.md
index 4e65d0d..5de11b2 100644
--- a/docs/faq/pingone.md
+++ b/docs/faq/pingone.md
@@ -15,19 +15,7 @@ Check the admin user's role permissions.  The admin user will need any of the fo
 * **Identity Data Read Only**
 * **Configuration Read Only**
 
-Some roles can be scoped to individual environments, including the **Environment Admin** role:
-
-* If the admin user has the **Environment Admin** role scoped to the organization, the admin user will automatically inherit this permission for new environments.
-* If the admin user has the **Environment Admin** role scoped to individual environments, the admin user will need the environment permission assigned after the environment has been created.
-
-!!! warning "Role grant restrictions"
-    Admins cannot grant roles that they haven't already been granted themselves.  This can mean that admins cannot grant the appropriate role themselves, but would need to be granted through Terraform, or by another admin that has the equivalent role, or that has the **Environment Admin** role scoped to the entire organization.
-
-!!! note "Assigning Environment Permissions with Terraform"
-    Admin permissions can be assigned using Terraform after environment creation.  See [PingOne Role Permission Assignment](../../examples/pingone/role-assignment/) for an example of assigning roles using the PingOne Terraform provider.
-
-!!! note "Read more about PingOne Roles"
-    More information about role permissions can be found at the [PingOne Cloud Platform online documentation](https://docs.pingidentity.com/r/en-us/pingone/p1_c_roles)
+Please see the [Admin Role Management Considerations](https://registry.terraform.io/providers/pingidentity/pingone/latest/docs/guides/admin-role-management) guide on the provider's registry documentation for details on role assignment and considerations for admin role management when using Terraform.
 
 ## I've created a new environment (or population) with Terraform, but my admins can't view users, or manage group/population based configuration
 
@@ -36,18 +24,12 @@ Check the admin user's role permissions.  The admin user will need any of the fo
 * **Identity Data Admin**
 * **Identity Data Read Only**
 
-These roles are scoped to individual environments.  The admin user will need the environment level permission assigned after the new environment has been created.
-
-!!! warning "Role grant restrictions"
-    Admins cannot grant roles that they haven't already been granted themselves.  This can mean that admins cannot grant the appropriate role themselves, but would need to be granted through Terraform, or by another admin that has the equivalent role.
+Please see the [Admin Role Management Considerations](https://registry.terraform.io/providers/pingidentity/pingone/latest/docs/guides/admin-role-management) guide on the provider's registry documentation for details on role assignment and considerations for admin role management when using Terraform.
 
-!!! note "Assigning Environment Permissions with Terraform"
-    Admin permissions can be assigned using Terraform after environment creation.  See [PingOne Role Permission Assignment](../../examples/pingone/role-assignment/) for an example of assigning roles using the PingOne Terraform provider.
+## I get an error "Actor does not have permissions to access worker application client secrets"
 
-These roles may be scoped by environment, but can also be scoped to individual populations of users.  With **Identity Data Admin** as an example:
+Admin actors (users, worker applications, connections) may not be able to view or rotate a worker application's secret when they previously have been able to as an unexpected change of behaviour.
 
-* If the admin user has the **Identity Data Admin** role scoped to the environment, the admin user will automatically inherit this permission for new populations in the environment.
-* If the admin user has the **Identity Data Admin** role scoped to individual populations, the admin user will need the population level permission assigned after the population has been created.
+The change in ability to manage a worker application's client secret typically occurs when the worker application is granted additional role permissions that the user, admin worker application or connection doesn't have. In effect, it means the worker application whose secret cannot be managed has a higher level of privilege to manage configuration and data within the tenant. The ability to view and change the secret is therefore restricted to mitigate privilege escalation issues where admin actors could potentially use the higher privileged worker application to make changes they are not authorised to make in the platform.
 
-!!! note "Read more about PingOne Roles"
-    More information about role permissions can be found at the [PingOne Cloud Platform online documentation](https://docs.pingidentity.com/r/en-us/pingone/p1_c_roles)
\ No newline at end of file
+For more information, and guidance on how to resolve this error, see the [Admin Role Management Considerations - When Admins Cannot View or Manage a Worker Application Secret](https://registry.terraform.io/providers/pingidentity/pingone/latest/docs/guides/admin-role-management#when-admins-cannot-view-or-manage-a-worker-application-secret) guide on the provider's registry documentation.
diff --git a/docs/getting-started/pingone.md b/docs/getting-started/pingone.md
index 8551795..0e405df 100644
--- a/docs/getting-started/pingone.md
+++ b/docs/getting-started/pingone.md
@@ -9,7 +9,7 @@
 
 ## Requirements
 
-* Terraform CLI 1.3+
+* Terraform CLI 1.4+
 * A licensed or trial PingOne cloud subscription - [Try Ping here](https://www.pingidentity.com/en/try-ping.html)
 * Administrator access to the [PingOne Administration Console](https://docs.pingidentity.com/r/en-us/pingone/p1_access_admin_console)
 
diff --git a/examples/pingone-custom-domain-with-cloudflare-dns/supporting-configuration.tf b/examples/pingone-custom-domain-with-cloudflare-dns/supporting-configuration.tf
index c508f3f..74eb24f 100644
--- a/examples/pingone-custom-domain-with-cloudflare-dns/supporting-configuration.tf
+++ b/examples/pingone-custom-domain-with-cloudflare-dns/supporting-configuration.tf
@@ -8,16 +8,16 @@ resource "pingone_environment" "my_environment" {
   type        = "SANDBOX"
   license_id  = var.pingone_environment_license_id
 
-  service {
+  services = [{
     type = "SSO"
-  }
+  }]
 }
 
 module "pingone_utils" {
   source  = "pingidentity/utils/pingone"
-  version = "0.0.8"
+  version = "0.1.0"
 
-  region         = pingone_environment.my_environment.region
+  region_code    = pingone_environment.my_environment.region
   environment_id = pingone_environment.my_environment.id
 
   custom_domain = pingone_custom_domain.my_custom_domain.domain_name
diff --git a/examples/pingone-custom-domain-with-cloudflare-dns/versions.tf b/examples/pingone-custom-domain-with-cloudflare-dns/versions.tf
index 8749ec8..0e5fde6 100644
--- a/examples/pingone-custom-domain-with-cloudflare-dns/versions.tf
+++ b/examples/pingone-custom-domain-with-cloudflare-dns/versions.tf
@@ -8,7 +8,7 @@ terraform {
     }
     pingone = {
       source  = "pingidentity/pingone"
-      version = ">= 0.23.0, < 1.0.0"
+      version = ">= 1.0.0, < 2.0.0"
     }
     time = {
       source  = "hashicorp/time"
diff --git a/examples/pingone-neo-getting-started/main.tf b/examples/pingone-neo-getting-started/main.tf
index b46ddbf..e11499c 100644
--- a/examples/pingone-neo-getting-started/main.tf
+++ b/examples/pingone-neo-getting-started/main.tf
@@ -132,17 +132,17 @@ resource "pingone_application" "my_native_app" {
   name           = "PingOne Credentials Sample Wallet App"
   enabled        = true
 
-  oidc_options {
-    type                        = "NATIVE_APP"
-    grant_types                 = ["AUTHORIZATION_CODE"]
-    response_types              = ["CODE"]
-    pkce_enforcement            = "S256_REQUIRED"
-    token_endpoint_authn_method = "NONE"
+  oidc_options = {
+    type                       = "NATIVE_APP"
+    grant_types                = ["AUTHORIZATION_CODE"]
+    response_types             = ["CODE"]
+    pkce_enforcement           = "S256_REQUIRED"
+    token_endpoint_auth_method = "NONE"
     redirect_uris = [
       "https://shocard.pingone.com/callback",
     ]
 
-    mobile_app {
+    mobile_app = {
       bundle_id    = "com.pingidentity.PingOneWalletSample"
       package_name = "com.pingidentity.shocard"
     }
@@ -185,8 +185,8 @@ resource "pingone_credential_type" "getting_started_credential" {
     bg_opacity_percent = 30
 
     # ensure images have content-type prefix defined and are base64 encoded
-    background_image = pingone_image.credentials_card_getting_started_background_image.uploaded_image[0].href
-    logo_image       = pingone_image.credentials_card_getting_started_logo_image.uploaded_image[0].href
+    background_image = pingone_image.credentials_card_getting_started_background_image.uploaded_image.href
+    logo_image       = pingone_image.credentials_card_getting_started_logo_image.uploaded_image.href
 
     card_color = "#69747d"
     text_color = "#ffffff"
@@ -279,8 +279,8 @@ resource "pingone_credential_type" "verifiedemployee" {
     description        = "Demo Proof of Employment"
     bg_opacity_percent = 100
 
-    background_image = pingone_image.credentials_card_verified_employee_background_image.uploaded_image[0].href
-    logo_image       = pingone_image.credentials_card_verified_employee_logo_image.uploaded_image[0].href
+    background_image = pingone_image.credentials_card_verified_employee_background_image.uploaded_image.href
+    logo_image       = pingone_image.credentials_card_verified_employee_logo_image.uploaded_image.href
 
     card_color = "#ffffff"
     text_color = "#000000"
diff --git a/examples/pingone-neo-getting-started/supporting-configuration.tf b/examples/pingone-neo-getting-started/supporting-configuration.tf
index 705b0c7..5854a31 100644
--- a/examples/pingone-neo-getting-started/supporting-configuration.tf
+++ b/examples/pingone-neo-getting-started/supporting-configuration.tf
@@ -47,18 +47,19 @@ resource "pingone_environment" "my_environment" {
   type        = "SANDBOX"
   license_id  = var.pingone_environment_license_id
 
-  service {
+  services = [{
     type = "SSO"
-  }
-  service {
-    type = "MFA"
-  }
-  service {
-    type = "Verify"
-  }
-  service {
-    type = "Credentials"
-  }
+    },
+    {
+      type = "MFA"
+    },
+    {
+      type = "Verify"
+    },
+    {
+      type = "Credentials"
+    }
+  ]
 }
 
 resource "time_static" "current" {}
\ No newline at end of file
diff --git a/examples/pingone-neo-getting-started/versions.tf b/examples/pingone-neo-getting-started/versions.tf
index 7b95f11..61c66b9 100644
--- a/examples/pingone-neo-getting-started/versions.tf
+++ b/examples/pingone-neo-getting-started/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     pingone = {
       source  = "pingidentity/pingone"
-      version = ">= 0.23.0, < 1.0.0"
+      version = ">= 1.0.0, < 2.0.0"
     }
     time = {
       source  = "hashicorp/time"
diff --git a/examples/pingone-postman-oauth2-integration/README.md b/examples/pingone-postman-oauth2-integration/README.md
index dcaec85..eda359b 100644
--- a/examples/pingone-postman-oauth2-integration/README.md
+++ b/examples/pingone-postman-oauth2-integration/README.md
@@ -20,7 +20,7 @@ The following environment variables should be set prior to running the example.
 | `PINGONE_CLIENT_ID`                             | [PingOne - client_id](https://registry.terraform.io/providers/pingidentity/pingone/latest/docs#client_id)           | Required          |
 | `PINGONE_CLIENT_SECRET`                         | [PingOne - client_secret](https://registry.terraform.io/providers/pingidentity/pingone/latest/docs#client_secret)   | Required          |
 | `PINGONE_ENVIRONMENT_ID`                        | [PingOne - environment_id](https://registry.terraform.io/providers/pingidentity/pingone/latest/docs#environment_id) | Required          |
-| `PINGONE_REGION`                                | [PingOne - region](https://registry.terraform.io/providers/pingidentity/pingone/latest/docs#region)                 | Required          |
+| `PINGONE_REGION_CODE`                           | [PingOne - region_code](https://registry.terraform.io/providers/pingidentity/pingone/latest/docs#region_code)       | Required          |
 
 
 ## Setting Variables
diff --git a/examples/pingone-postman-oauth2-integration/main.tf b/examples/pingone-postman-oauth2-integration/main.tf
index 2f1c5b0..9162d15 100644
--- a/examples/pingone-postman-oauth2-integration/main.tf
+++ b/examples/pingone-postman-oauth2-integration/main.tf
@@ -7,12 +7,12 @@ resource "pingone_application" "postman" {
 
   hidden_from_app_portal = false
 
-  icon {
-    href = pingone_image.postman_logo.uploaded_image[0].href
+  icon = {
+    href = pingone_image.postman_logo.uploaded_image.href
     id   = pingone_image.postman_logo.id
   }
 
-  oidc_options {
+  oidc_options = {
     type = "WORKER"
 
     grant_types = [
@@ -23,13 +23,13 @@ resource "pingone_application" "postman" {
       "CODE",
     ]
 
-    pkce_enforcement            = "S256_REQUIRED"
-    token_endpoint_authn_method = "NONE"
+    pkce_enforcement           = "S256_REQUIRED"
+    token_endpoint_auth_method = "NONE"
 
     redirect_uris = [
       "https://oauth.pstmn.io/v1/callback",
     ]
-    allow_wildcards_in_redirect_uris = false
+    allow_wildcard_in_redirect_uris = false
 
     refresh_token_duration                      = 2592000
     refresh_token_rolling_duration              = 15552000
diff --git a/examples/pingone-postman-oauth2-integration/outputs.tf b/examples/pingone-postman-oauth2-integration/outputs.tf
index 69130e6..f1f3dbb 100644
--- a/examples/pingone-postman-oauth2-integration/outputs.tf
+++ b/examples/pingone-postman-oauth2-integration/outputs.tf
@@ -5,7 +5,7 @@ output "pingone_environment_name" {
 
 output "postman_application_client_id" {
   description = "The client ID used for the Postman OAuth 2.0 authorization type integration.  As the application is configured to use PKCE, the client secret is not required."
-  value       = pingone_application.postman.oidc_options[0].client_id
+  value       = pingone_application.postman.oidc_options.client_id
 }
 
 output "postman_application_authorization_endpoint" {
diff --git a/examples/pingone-postman-oauth2-integration/supporting-configuration.tf b/examples/pingone-postman-oauth2-integration/supporting-configuration.tf
index bcc3ce8..35a0115 100644
--- a/examples/pingone-postman-oauth2-integration/supporting-configuration.tf
+++ b/examples/pingone-postman-oauth2-integration/supporting-configuration.tf
@@ -14,16 +14,16 @@ resource "pingone_environment" "my_environment" {
   type        = "SANDBOX"
   license_id  = var.pingone_environment_license_id
 
-  service {
+  services = [{
     type = "SSO"
-  }
+  }]
 }
 
 module "pingone_utils" {
   source  = "pingidentity/utils/pingone"
-  version = "0.0.8"
+  version = "0.1.0"
 
-  region         = pingone_environment.my_environment.region
+  region_code    = pingone_environment.my_environment.region
   environment_id = pingone_environment.my_environment.id
 }
 
diff --git a/examples/pingone-postman-oauth2-integration/versions.tf b/examples/pingone-postman-oauth2-integration/versions.tf
index 7b95f11..61c66b9 100644
--- a/examples/pingone-postman-oauth2-integration/versions.tf
+++ b/examples/pingone-postman-oauth2-integration/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     pingone = {
       source  = "pingidentity/pingone"
-      version = ">= 0.23.0, < 1.0.0"
+      version = ">= 1.0.0, < 2.0.0"
     }
     time = {
       source  = "hashicorp/time"
diff --git a/examples/pingone-workforce-windows-passwordless-login/README.md b/examples/pingone-workforce-windows-passwordless-login/README.md
index 0c52adb..8f45d88 100644
--- a/examples/pingone-workforce-windows-passwordless-login/README.md
+++ b/examples/pingone-workforce-windows-passwordless-login/README.md
@@ -23,7 +23,7 @@ The following environment variables should be set prior to running the example.
 | `PINGONE_CLIENT_ID`                             | [PingOne - client_id](https://registry.terraform.io/providers/pingidentity/pingone/latest/docs#client_id)                                       | Required          |
 | `PINGONE_CLIENT_SECRET`                         | [PingOne - client_secret](https://registry.terraform.io/providers/pingidentity/pingone/latest/docs#client_secret)                               | Required          |
 | `PINGONE_ENVIRONMENT_ID`                        | [PingOne - environment_id](https://registry.terraform.io/providers/pingidentity/pingone/latest/docs#environment_id)                             | Required          |
-| `PINGONE_REGION`                                | [PingOne - region](https://registry.terraform.io/providers/pingidentity/pingone/latest/docs#region)                                             | Required          |
+| `PINGONE_REGION_CODE`                           | [PingOne - region_code](https://registry.terraform.io/providers/pingidentity/pingone/latest/docs#region_code)                                   | Required          |
 
 
 ## Setting Variables
diff --git a/examples/pingone-workforce-windows-passwordless-login/main.tf b/examples/pingone-workforce-windows-passwordless-login/main.tf
index 067efa3..192c45b 100644
--- a/examples/pingone-workforce-windows-passwordless-login/main.tf
+++ b/examples/pingone-workforce-windows-passwordless-login/main.tf
@@ -77,13 +77,13 @@ resource "pingone_application" "windows_login_passwordless_app" {
   name           = "Windows Login Passwordless Desktop Agent"
   enabled        = true
 
-  oidc_options {
-    type                        = "NATIVE_APP"
-    grant_types                 = ["CLIENT_CREDENTIALS"]
-    token_endpoint_authn_method = "CLIENT_SECRET_BASIC"
-    redirect_uris               = ["winlogin.pingone.com://callbackauth"]
+  oidc_options = {
+    type                       = "NATIVE_APP"
+    grant_types                = ["CLIENT_CREDENTIALS"]
+    token_endpoint_auth_method = "CLIENT_SECRET_BASIC"
+    redirect_uris              = ["winlogin.pingone.com://callbackauth"]
 
-    certificate_based_authentication {
+    certificate_based_authentication = {
       key_id = pingone_key.ad_issuance_certificate.id
     }
   }
@@ -96,6 +96,11 @@ resource "pingone_application" "windows_login_passwordless_app" {
   }
 }
 
+data "pingone_application_secret" "windows_login_passwordless_app" {
+  environment_id = data.pingone_environment.workforce_environment.id
+  application_id = pingone_application.windows_login_passwordless_app.id
+}
+
 resource "pingone_application_sign_on_policy_assignment" "windows_login_passwordless" {
   environment_id = data.pingone_environment.workforce_environment.id
   application_id = pingone_application.windows_login_passwordless_app.id
diff --git a/examples/pingone-workforce-windows-passwordless-login/outputs.tf b/examples/pingone-workforce-windows-passwordless-login/outputs.tf
index 0681c1f..0f2b5ff 100644
--- a/examples/pingone-workforce-windows-passwordless-login/outputs.tf
+++ b/examples/pingone-workforce-windows-passwordless-login/outputs.tf
@@ -5,13 +5,13 @@ output "windows_login_passwordless_ca_certificate_pem_file" {
 
 output "windows_login_passwordless_agent_client_id" {
   description = "The OIDC client ID to use when installing the Windows Login Passwordless Desktop Agent application."
-  value       = pingone_application.windows_login_passwordless_app.oidc_options[0].client_id
+  value       = pingone_application.windows_login_passwordless_app.oidc_options.client_id
 }
 
 
 output "windows_login_passwordless_agent_client_secret" {
   description = "The OIDC client secret to use when installing the Windows Login Passwordless Desktop Agent application."
-  value       = pingone_application.windows_login_passwordless_app.oidc_options[0].client_secret
+  value       = data.pingone_application_secret.windows_login_passwordless_app.secret
   sensitive   = true
 }
 
diff --git a/examples/pingone-workforce-windows-passwordless-login/supporting-configuration.tf b/examples/pingone-workforce-windows-passwordless-login/supporting-configuration.tf
index 3c8702e..8dee502 100644
--- a/examples/pingone-workforce-windows-passwordless-login/supporting-configuration.tf
+++ b/examples/pingone-workforce-windows-passwordless-login/supporting-configuration.tf
@@ -5,8 +5,8 @@ data "pingone_environment" "workforce_environment" {
 
 module "pingone_utils" {
   source  = "pingidentity/utils/pingone"
-  version = "0.0.8"
+  version = "0.1.0"
 
-  region         = data.pingone_environment.workforce_environment.region
+  region_code    = data.pingone_environment.workforce_environment.region
   environment_id = data.pingone_environment.workforce_environment.id
 }
diff --git a/examples/pingone-workforce-windows-passwordless-login/versions.tf b/examples/pingone-workforce-windows-passwordless-login/versions.tf
index f2c4533..61c66b9 100644
--- a/examples/pingone-workforce-windows-passwordless-login/versions.tf
+++ b/examples/pingone-workforce-windows-passwordless-login/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     pingone = {
       source  = "pingidentity/pingone"
-      version = ">= 0.21.0, < 1.0.0"
+      version = ">= 1.0.0, < 2.0.0"
     }
     time = {
       source  = "hashicorp/time"