---
title: AuthenticatorPush
description: Resource path:
component: pingam
version: 8.1
page_id: pingam:entity-reference:sec-amster-entity-authenticatorpush
canonical_url: https://docs.pingidentity.com/pingam/8.1/entity-reference/sec-amster-entity-authenticatorpush.html
section_ids:
  sec-amster-entity-authenticatorpush-realm-ops: Realm Operations
  sec-amster-entity-authenticatorpush-realm-ops-create: create
  sec-amster-entity-authenticatorpush-realm-ops-delete: delete
  sec-amster-entity-authenticatorpush-realm-ops-getalltypes: getAllTypes
  sec-amster-entity-authenticatorpush-realm-ops-getcreatabletypes: getCreatableTypes
  sec-amster-entity-authenticatorpush-realm-ops-nextdescendents: nextdescendents
  sec-amster-entity-authenticatorpush-realm-ops-read: read
  sec-amster-entity-authenticatorpush-realm-ops-update: update
  sec-amster-entity-authenticatorpush-global-ops: Global Operations
  sec-amster-entity-authenticatorpush-global-ops-getalltypes: getAllTypes
  sec-amster-entity-authenticatorpush-global-ops-getcreatabletypes: getCreatableTypes
  sec-amster-entity-authenticatorpush-global-ops-nextdescendents: nextdescendents
  sec-amster-entity-authenticatorpush-global-ops-read: read
  sec-amster-entity-authenticatorpush-global-ops-update: update
---

# AuthenticatorPush

## Realm Operations

Resource path:

```
/realm-config/services/authenticatorPushService
```

Resource version: `0.0`

### create

**Usage**

```
am> create AuthenticatorPush --realm Realm --body body
```

**Parameters**

* *\--body*

  The resource in JSON format, described by the following JSON schema:

  ```json
  {
    "type" : "object",
    "properties" : {
      "authenticatorPushDeviceSettingsEncryptionKeystoreKeyPairAlias" : {
        "title" : "Key-Pair Alias",
        "description" : "Alias of the certificate and private key in the key store. The private key is used to encrypt and decrypt device profiles.<br/> <strong>Note:</strong> AM ignores this value if you map <code>am.services.authenticatorpush.encryption</code> to a secret in a secret store.",
        "propertyOrder" : 600,
        "required" : true,
        "type" : "string",
        "exampleValue" : ""
      },
      "authenticatorPushDeviceSettingsEncryptionKeystore" : {
        "title" : "Encryption Key Store",
        "description" : "Path to the key store from which to load encryption keys.<br/> <strong>Note:</strong> AM ignores this value if you map <code>am.services.authenticatorpush.encryption</code> to a secret in a secret store.",
        "propertyOrder" : 300,
        "required" : true,
        "type" : "string",
        "exampleValue" : ""
      },
      "pushAttrName" : {
        "title" : "Profile Storage Attribute",
        "description" : "The user's attribute in which to store Push Notification profiles.<br><br>The default attribute is added to the schema when you prepare a user store for use with OpenAM. If you want to use a different attribute, you must make sure to add it to your user store schema prior to deploying push notifications with the ForgeRock Authenticator app in OpenAM. OpenAM must be able to write to the attribute.",
        "propertyOrder" : 100,
        "required" : true,
        "type" : "string",
        "exampleValue" : ""
      },
      "authenticatorPushDeviceSettingsEncryptionKeystorePassword" : {
        "title" : "Key Store Password",
        "description" : "Password to unlock the key store. AM encrypts this password when you save it in the configuration. You should modify the default value.<br/> <strong>Note:</strong> AM ignores this value if you map <code>am.services.authenticatorpush.encryption</code> to a secret in a secret store.",
        "propertyOrder" : 500,
        "required" : true,
        "type" : "string",
        "format" : "password",
        "exampleValue" : ""
      },
      "authenticatorPushDeviceSettingsEncryptionKeystorePrivateKeyPassword" : {
        "title" : "Private Key Password",
        "description" : "Password to unlock the private key.<br/> <strong>Note:</strong> AM ignores this value if you map <code>am.services.authenticatorpush.encryption</code> to a secret in a secret store.",
        "propertyOrder" : 700,
        "required" : true,
        "type" : "string",
        "format" : "password",
        "exampleValue" : ""
      },
      "authenticatorPushDeviceSettingsEncryptionKeystoreType" : {
        "title" : "Key Store Type",
        "description" : "Type of key store to load.<br><br><i>Note:</i> PKCS#11 key stores require hardware support such as a security device or smart card and is not available by default in most JVM installations.<p><p>See the <a href=\"https://docs.oracle.com/javase/8/docs/technotes/guides/security/p11guide.html\" target=\"_blank\">JDK 8 PKCS#11 Reference Guide</a> for more details.<br/> <strong>Note:</strong> AM ignores this value if you map <code>am.services.authenticatorpush.encryption</code> to a secret in a secret store.",
        "propertyOrder" : 400,
        "required" : true,
        "type" : "string",
        "exampleValue" : ""
      },
      "authenticatorPushSkippableName" : {
        "title" : "ForgeRock Authenticator (Push) Device Skippable Attribute Name",
        "description" : "Name of the attribute on a user's profile used to store their selection of whether to skip ForgeRock Authenticator (Push) 2FA modules.",
        "propertyOrder" : 800,
        "required" : true,
        "type" : "string",
        "exampleValue" : ""
      },
      "authenticatorPushDeviceSettingsEncryptionScheme" : {
        "title" : "Device Profile Encryption Scheme",
        "description" : "Encryption scheme to use to secure device profiles stored on the server.<br><br>If enabled, each device profile is encrypted using a unique random secret key using the given strength of AES encryption in CBC mode with PKCS#5 padding. An HMAC-SHA of the given strength (truncated to half-size) is used to ensure integrity protection and authenticated encryption. The unique random key is encrypted with the given RSA key pair and stored with the device profile.<p><p><i>Note:</i> AES-256 may require installation of the JCE Unlimited Strength policy files.",
        "propertyOrder" : 200,
        "required" : true,
        "type" : "string",
        "exampleValue" : ""
      }
    }
  }
  ```

### delete

**Usage**

```
am> delete AuthenticatorPush --realm Realm
```

### getAllTypes

Obtain the collection of all secondary configuration types related to the resource.

**Usage**

```
am> action AuthenticatorPush --realm Realm --actionName getAllTypes
```

### getCreatableTypes

Obtain the collection of secondary configuration types that have yet to be added to the resource.

**Usage**

```
am> action AuthenticatorPush --realm Realm --actionName getCreatableTypes
```

### nextdescendents

Obtain the collection of secondary configuration instances that have been added to the resource.

**Usage**

```
am> action AuthenticatorPush --realm Realm --actionName nextdescendents
```

### read

**Usage**

```
am> read AuthenticatorPush --realm Realm
```

### update

**Usage**

```
am> update AuthenticatorPush --realm Realm --body body
```

**Parameters**

* *\--body*

  The resource in JSON format, described by the following JSON schema:

  ```json
  {
    "type" : "object",
    "properties" : {
      "authenticatorPushDeviceSettingsEncryptionKeystoreKeyPairAlias" : {
        "title" : "Key-Pair Alias",
        "description" : "Alias of the certificate and private key in the key store. The private key is used to encrypt and decrypt device profiles.<br/> <strong>Note:</strong> AM ignores this value if you map <code>am.services.authenticatorpush.encryption</code> to a secret in a secret store.",
        "propertyOrder" : 600,
        "required" : true,
        "type" : "string",
        "exampleValue" : ""
      },
      "authenticatorPushDeviceSettingsEncryptionKeystore" : {
        "title" : "Encryption Key Store",
        "description" : "Path to the key store from which to load encryption keys.<br/> <strong>Note:</strong> AM ignores this value if you map <code>am.services.authenticatorpush.encryption</code> to a secret in a secret store.",
        "propertyOrder" : 300,
        "required" : true,
        "type" : "string",
        "exampleValue" : ""
      },
      "pushAttrName" : {
        "title" : "Profile Storage Attribute",
        "description" : "The user's attribute in which to store Push Notification profiles.<br><br>The default attribute is added to the schema when you prepare a user store for use with OpenAM. If you want to use a different attribute, you must make sure to add it to your user store schema prior to deploying push notifications with the ForgeRock Authenticator app in OpenAM. OpenAM must be able to write to the attribute.",
        "propertyOrder" : 100,
        "required" : true,
        "type" : "string",
        "exampleValue" : ""
      },
      "authenticatorPushDeviceSettingsEncryptionKeystorePassword" : {
        "title" : "Key Store Password",
        "description" : "Password to unlock the key store. AM encrypts this password when you save it in the configuration. You should modify the default value.<br/> <strong>Note:</strong> AM ignores this value if you map <code>am.services.authenticatorpush.encryption</code> to a secret in a secret store.",
        "propertyOrder" : 500,
        "required" : true,
        "type" : "string",
        "format" : "password",
        "exampleValue" : ""
      },
      "authenticatorPushDeviceSettingsEncryptionKeystorePrivateKeyPassword" : {
        "title" : "Private Key Password",
        "description" : "Password to unlock the private key.<br/> <strong>Note:</strong> AM ignores this value if you map <code>am.services.authenticatorpush.encryption</code> to a secret in a secret store.",
        "propertyOrder" : 700,
        "required" : true,
        "type" : "string",
        "format" : "password",
        "exampleValue" : ""
      },
      "authenticatorPushDeviceSettingsEncryptionKeystoreType" : {
        "title" : "Key Store Type",
        "description" : "Type of key store to load.<br><br><i>Note:</i> PKCS#11 key stores require hardware support such as a security device or smart card and is not available by default in most JVM installations.<p><p>See the <a href=\"https://docs.oracle.com/javase/8/docs/technotes/guides/security/p11guide.html\" target=\"_blank\">JDK 8 PKCS#11 Reference Guide</a> for more details.<br/> <strong>Note:</strong> AM ignores this value if you map <code>am.services.authenticatorpush.encryption</code> to a secret in a secret store.",
        "propertyOrder" : 400,
        "required" : true,
        "type" : "string",
        "exampleValue" : ""
      },
      "authenticatorPushSkippableName" : {
        "title" : "ForgeRock Authenticator (Push) Device Skippable Attribute Name",
        "description" : "Name of the attribute on a user's profile used to store their selection of whether to skip ForgeRock Authenticator (Push) 2FA modules.",
        "propertyOrder" : 800,
        "required" : true,
        "type" : "string",
        "exampleValue" : ""
      },
      "authenticatorPushDeviceSettingsEncryptionScheme" : {
        "title" : "Device Profile Encryption Scheme",
        "description" : "Encryption scheme to use to secure device profiles stored on the server.<br><br>If enabled, each device profile is encrypted using a unique random secret key using the given strength of AES encryption in CBC mode with PKCS#5 padding. An HMAC-SHA of the given strength (truncated to half-size) is used to ensure integrity protection and authenticated encryption. The unique random key is encrypted with the given RSA key pair and stored with the device profile.<p><p><i>Note:</i> AES-256 may require installation of the JCE Unlimited Strength policy files.",
        "propertyOrder" : 200,
        "required" : true,
        "type" : "string",
        "exampleValue" : ""
      }
    }
  }
  ```

## Global Operations

Resource path:

```
/global-config/services/authenticatorPushService
```

Resource version: `1.0`

### getAllTypes

Obtain the collection of all secondary configuration types related to the resource.

**Usage**

```
am> action AuthenticatorPush --global --actionName getAllTypes
```

### getCreatableTypes

Obtain the collection of secondary configuration types that have yet to be added to the resource.

**Usage**

```
am> action AuthenticatorPush --global --actionName getCreatableTypes
```

### nextdescendents

Obtain the collection of secondary configuration instances that have been added to the resource.

**Usage**

```
am> action AuthenticatorPush --global --actionName nextdescendents
```

### read

**Usage**

```
am> read AuthenticatorPush --global
```

### update

**Usage**

```
am> update AuthenticatorPush --global --body body
```

**Parameters**

* *\--body*

  The resource in JSON format, described by the following JSON schema:

  ```json
  {
    "type" : "object",
    "properties" : {
      "defaults" : {
        "properties" : {
          "authenticatorPushDeviceSettingsEncryptionKeystorePassword" : {
            "title" : "Key Store Password",
            "description" : "Password to unlock the key store. AM encrypts this password when you save it in the configuration. You should modify the default value.<br/> <strong>Note:</strong> AM ignores this value if you map <code>am.services.authenticatorpush.encryption</code> to a secret in a secret store.",
            "propertyOrder" : 500,
            "required" : true,
            "type" : "string",
            "format" : "password",
            "exampleValue" : ""
          },
          "pushAttrName" : {
            "title" : "Profile Storage Attribute",
            "description" : "The user's attribute in which to store Push Notification profiles.<br><br>The default attribute is added to the schema when you prepare a user store for use with OpenAM. If you want to use a different attribute, you must make sure to add it to your user store schema prior to deploying push notifications with the ForgeRock Authenticator app in OpenAM. OpenAM must be able to write to the attribute.",
            "propertyOrder" : 100,
            "required" : true,
            "type" : "string",
            "exampleValue" : ""
          },
          "authenticatorPushDeviceSettingsEncryptionKeystoreKeyPairAlias" : {
            "title" : "Key-Pair Alias",
            "description" : "Alias of the certificate and private key in the key store. The private key is used to encrypt and decrypt device profiles.<br/> <strong>Note:</strong> AM ignores this value if you map <code>am.services.authenticatorpush.encryption</code> to a secret in a secret store.",
            "propertyOrder" : 600,
            "required" : true,
            "type" : "string",
            "exampleValue" : ""
          },
          "authenticatorPushSkippableName" : {
            "title" : "ForgeRock Authenticator (Push) Device Skippable Attribute Name",
            "description" : "Name of the attribute on a user's profile used to store their selection of whether to skip ForgeRock Authenticator (Push) 2FA modules.",
            "propertyOrder" : 800,
            "required" : true,
            "type" : "string",
            "exampleValue" : ""
          },
          "authenticatorPushDeviceSettingsEncryptionKeystore" : {
            "title" : "Encryption Key Store",
            "description" : "Path to the key store from which to load encryption keys.<br/> <strong>Note:</strong> AM ignores this value if you map <code>am.services.authenticatorpush.encryption</code> to a secret in a secret store.",
            "propertyOrder" : 300,
            "required" : true,
            "type" : "string",
            "exampleValue" : ""
          },
          "authenticatorPushDeviceSettingsEncryptionKeystoreType" : {
            "title" : "Key Store Type",
            "description" : "Type of key store to load.<br><br><i>Note:</i> PKCS#11 key stores require hardware support such as a security device or smart card and is not available by default in most JVM installations.<p><p>See the <a href=\"https://docs.oracle.com/javase/8/docs/technotes/guides/security/p11guide.html\" target=\"_blank\">JDK 8 PKCS#11 Reference Guide</a> for more details.<br/> <strong>Note:</strong> AM ignores this value if you map <code>am.services.authenticatorpush.encryption</code> to a secret in a secret store.",
            "propertyOrder" : 400,
            "required" : true,
            "type" : "string",
            "exampleValue" : ""
          },
          "authenticatorPushDeviceSettingsEncryptionScheme" : {
            "title" : "Device Profile Encryption Scheme",
            "description" : "Encryption scheme to use to secure device profiles stored on the server.<br><br>If enabled, each device profile is encrypted using a unique random secret key using the given strength of AES encryption in CBC mode with PKCS#5 padding. An HMAC-SHA of the given strength (truncated to half-size) is used to ensure integrity protection and authenticated encryption. The unique random key is encrypted with the given RSA key pair and stored with the device profile.<p><p><i>Note:</i> AES-256 may require installation of the JCE Unlimited Strength policy files.",
            "propertyOrder" : 200,
            "required" : true,
            "type" : "string",
            "exampleValue" : ""
          },
          "authenticatorPushDeviceSettingsEncryptionKeystorePrivateKeyPassword" : {
            "title" : "Private Key Password",
            "description" : "Password to unlock the private key.<br/> <strong>Note:</strong> AM ignores this value if you map <code>am.services.authenticatorpush.encryption</code> to a secret in a secret store.",
            "propertyOrder" : 700,
            "required" : true,
            "type" : "string",
            "format" : "password",
            "exampleValue" : ""
          }
        },
        "type" : "object",
        "title" : "Realm Defaults"
      }
    }
  }
  ```