In case of client credentials grant in the authorized access use case, a client application impersonates a user that has authorized access to 1-to-n server applications. See also Client Credentials Grant - SSO.
NOTE that if there is an impersonation link between an application and impersonates a user the user cannot be which is deleted from the system until also the link has been removedwill be removed. A new user must be linked to the application to make client credentials grant authorized access use case functional again.
About SSO Management API in general, see Management API - SSO.
...