--- title: CombinedMFARegistration description: Resource path: component: pingam version: 8.1 page_id: pingam:entity-reference:sec-amster-entity-combinedmfaregistration canonical_url: https://docs.pingidentity.com/pingam/8.1/entity-reference/sec-amster-entity-combinedmfaregistration.html section_ids: sec-amster-entity-combinedmfaregistration-realm-ops: Realm Operations sec-amster-entity-combinedmfaregistration-realm-ops-create: create sec-amster-entity-combinedmfaregistration-realm-ops-delete: delete sec-amster-entity-combinedmfaregistration-realm-ops-gettype: getType sec-amster-entity-combinedmfaregistration-realm-ops-getupgradedconfig: getUpgradedConfig sec-amster-entity-combinedmfaregistration-realm-ops-query: query sec-amster-entity-combinedmfaregistration-realm-ops-read: read sec-amster-entity-combinedmfaregistration-realm-ops-update: update sec-amster-entity-combinedmfaregistration-realm-ops-versioninfo: versionInfo --- # CombinedMFARegistration ## Realm Operations Resource path: ``` /realm-config/authentication/authenticationtrees/nodes/CombinedMultiFactorRegistrationNode/1.0 ``` Resource version: `3.0` ### create **Usage** ``` am> create CombinedMFARegistration --realm Realm --id id --body body ``` **Parameters** * *\--id* The unique identifier for the resource. * *\--body* The resource in JSON format, described by the following JSON schema: ```json { "type" : "object", "properties" : { "scanQRCodeMessage" : { "title" : "QR code message", "description" : "The message with instructions to scan the QR code for registering the device.", "propertyOrder" : 60, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "passwordLength" : { "title" : "One Time Password Length", "description" : "The length of the generated OTP in digits, must be at least 6 and compatible with the hardware/software OTP generators you expect your end-users to use. For example, Google and ForgeRock authenticators support values of 6 and 8.", "propertyOrder" : 80, "type" : "string", "exampleValue" : "" }, "imgUrl" : { "title" : "Logo Image URL", "description" : "The location of an image to download and display as the issuer's logo within the ForgeRock Authenticator app.", "propertyOrder" : 40, "type" : "string", "exampleValue" : "" }, "bgColor" : { "title" : "Background Color", "description" : "The background color in hex notation to display behind the issuer's logo within the ForgeRock Authenticator app.", "propertyOrder" : 30, "type" : "string", "exampleValue" : "" }, "accountName" : { "title" : "Account Name", "description" : "This field allows selection of the user attribute to be used as the user's Account Name. It is used when the user's Push account is stored in the device. If left blank or the selected attribute is empty on user's profile, the account name will be set to the user's username.", "propertyOrder" : 20, "type" : "string", "exampleValue" : "" }, "addChecksum" : { "title" : "HOTP Checksum Digit", "description" : "This adds a digit to the end of the OTP generated to be used as a checksum to verify the OTP was generated correctly. This is in addition to the actual password length. You should only set this if your device supports it.", "propertyOrder" : 130, "type" : "boolean", "exampleValue" : "" }, "minSharedSecretLength" : { "title" : "Minimum Secret Key Length", "description" : "Minimum number of hexadecimal characters allowed for the Secret Key.", "propertyOrder" : 90, "type" : "integer", "exampleValue" : "" }, "issuer" : { "title" : "Issuer", "description" : "A value that appears as an identifier on the user's device. Common choices are a company name, a website, or an AM realm.", "propertyOrder" : 10, "type" : "string", "exampleValue" : "" }, "policiesJson" : { "title" : "JSON Authenticator Policies", "description" : "The Authenticator Policies in a JSON format containing the rules to be applied to Authenticator app. For more details consult the SDK documentation. Example: {\"biometricAvailable\": { },\"deviceTampering\": {\"score\": 0.8}}", "propertyOrder" : 150, "type" : "string", "exampleValue" : "" }, "generateRecoveryCodes" : { "title" : "Generate Recovery Codes", "description" : "If enabled, the success outcome's transient state will contain a set of recovery codes. If this success outcome is passed into a Recovery Code Display Node, these codes will be presented to the user. A user may use recovery codes to bypass the Push authentication node in the event they have lost their authenticator.", "propertyOrder" : 50, "type" : "boolean", "exampleValue" : "" }, "timeout" : { "title" : "Registration Response Timeout", "description" : "The period of time (in seconds) to wait for a response to the registration QR code. If no response is received during this time the QR code times out and the registration process fails.", "propertyOrder" : 70, "type" : "integer", "exampleValue" : "" }, "totpHashAlgorithm" : { "title" : "TOTP Hash Algorithm", "description" : "The Hmac hash algorithm to be used on generating the OTP codes.", "propertyOrder" : 120, "type" : "string", "exampleValue" : "" }, "truncationOffset" : { "title" : "HOTP Truncation Offset", "description" : "This is an option used by the HOTP algorithm that not all devices support. This should be left default unless you know your device uses an offset.", "propertyOrder" : 140, "type" : "integer", "exampleValue" : "" }, "totpTimeInterval" : { "title" : "TOTP Time Step Interval", "description" : "This is the time interval that one OTP is valid for. For example, if the time step is 30 seconds, then a new OTP will be generated every 30 seconds. This makes a single OTP valid for only 30 seconds.", "propertyOrder" : 110, "type" : "integer", "exampleValue" : "" }, "algorithm" : { "title" : "OATH Algorithm", "description" : "", "propertyOrder" : 100, "type" : "string", "exampleValue" : "" } }, "required" : [ "scanQRCodeMessage", "passwordLength", "imgUrl", "bgColor", "accountName", "addChecksum", "minSharedSecretLength", "issuer", "policiesJson", "generateRecoveryCodes", "timeout", "totpHashAlgorithm", "truncationOffset", "totpTimeInterval", "algorithm" ] } ``` ### delete **Usage** ``` am> delete CombinedMFARegistration --realm Realm --id id ``` **Parameters** * *\--id* The unique identifier for the resource. ### getType List information related to the node such as a name, description, tags and metadata. **Usage** ``` am> action CombinedMFARegistration --realm Realm --actionName getType ``` ### getUpgradedConfig Get the upgraded configuration for the node type. **Usage** ``` am> action CombinedMFARegistration --realm Realm --body body --actionName getUpgradedConfig --targetVersion targetVersion ``` **Parameters** * *\--body* The resource in JSON format, described by the following JSON schema: ```json { "type" : "object", "title" : "The current configuration of the node type." } ``` * *\--targetVersion* \=== listOutcomes List the available outcomes for the node type. **Usage** ``` am> action CombinedMFARegistration --realm Realm --body body --actionName listOutcomes ``` **Parameters** * *\--body* The resource in JSON format, described by the following JSON schema: ```json { "description" : "Some configuration of the node. This does not need to be complete against the configuration schema.", "type" : "object", "title" : "Node configuration" } ``` ### query Get the full list of instances of this collection. This query only supports `_queryFilter=true` filter. **Usage** ``` am> query CombinedMFARegistration --realm Realm --filter filter ``` **Parameters** * *\--filter* A CREST formatted query filter, where "true" will query all. ### read **Usage** ``` am> read CombinedMFARegistration --realm Realm --id id ``` **Parameters** * *\--id* The unique identifier for the resource. ### update **Usage** ``` am> update CombinedMFARegistration --realm Realm --id id --body body ``` **Parameters** * *\--id* The unique identifier for the resource. * *\--body* The resource in JSON format, described by the following JSON schema: ```json { "type" : "object", "properties" : { "scanQRCodeMessage" : { "title" : "QR code message", "description" : "The message with instructions to scan the QR code for registering the device.", "propertyOrder" : 60, "patternProperties" : { ".*" : { "type" : "string" } }, "type" : "object", "exampleValue" : "" }, "passwordLength" : { "title" : "One Time Password Length", "description" : "The length of the generated OTP in digits, must be at least 6 and compatible with the hardware/software OTP generators you expect your end-users to use. For example, Google and ForgeRock authenticators support values of 6 and 8.", "propertyOrder" : 80, "type" : "string", "exampleValue" : "" }, "imgUrl" : { "title" : "Logo Image URL", "description" : "The location of an image to download and display as the issuer's logo within the ForgeRock Authenticator app.", "propertyOrder" : 40, "type" : "string", "exampleValue" : "" }, "bgColor" : { "title" : "Background Color", "description" : "The background color in hex notation to display behind the issuer's logo within the ForgeRock Authenticator app.", "propertyOrder" : 30, "type" : "string", "exampleValue" : "" }, "accountName" : { "title" : "Account Name", "description" : "This field allows selection of the user attribute to be used as the user's Account Name. It is used when the user's Push account is stored in the device. If left blank or the selected attribute is empty on user's profile, the account name will be set to the user's username.", "propertyOrder" : 20, "type" : "string", "exampleValue" : "" }, "addChecksum" : { "title" : "HOTP Checksum Digit", "description" : "This adds a digit to the end of the OTP generated to be used as a checksum to verify the OTP was generated correctly. This is in addition to the actual password length. You should only set this if your device supports it.", "propertyOrder" : 130, "type" : "boolean", "exampleValue" : "" }, "minSharedSecretLength" : { "title" : "Minimum Secret Key Length", "description" : "Minimum number of hexadecimal characters allowed for the Secret Key.", "propertyOrder" : 90, "type" : "integer", "exampleValue" : "" }, "issuer" : { "title" : "Issuer", "description" : "A value that appears as an identifier on the user's device. Common choices are a company name, a website, or an AM realm.", "propertyOrder" : 10, "type" : "string", "exampleValue" : "" }, "policiesJson" : { "title" : "JSON Authenticator Policies", "description" : "The Authenticator Policies in a JSON format containing the rules to be applied to Authenticator app. For more details consult the SDK documentation. Example: {\"biometricAvailable\": { },\"deviceTampering\": {\"score\": 0.8}}", "propertyOrder" : 150, "type" : "string", "exampleValue" : "" }, "generateRecoveryCodes" : { "title" : "Generate Recovery Codes", "description" : "If enabled, the success outcome's transient state will contain a set of recovery codes. If this success outcome is passed into a Recovery Code Display Node, these codes will be presented to the user. A user may use recovery codes to bypass the Push authentication node in the event they have lost their authenticator.", "propertyOrder" : 50, "type" : "boolean", "exampleValue" : "" }, "timeout" : { "title" : "Registration Response Timeout", "description" : "The period of time (in seconds) to wait for a response to the registration QR code. If no response is received during this time the QR code times out and the registration process fails.", "propertyOrder" : 70, "type" : "integer", "exampleValue" : "" }, "totpHashAlgorithm" : { "title" : "TOTP Hash Algorithm", "description" : "The Hmac hash algorithm to be used on generating the OTP codes.", "propertyOrder" : 120, "type" : "string", "exampleValue" : "" }, "truncationOffset" : { "title" : "HOTP Truncation Offset", "description" : "This is an option used by the HOTP algorithm that not all devices support. This should be left default unless you know your device uses an offset.", "propertyOrder" : 140, "type" : "integer", "exampleValue" : "" }, "totpTimeInterval" : { "title" : "TOTP Time Step Interval", "description" : "This is the time interval that one OTP is valid for. For example, if the time step is 30 seconds, then a new OTP will be generated every 30 seconds. This makes a single OTP valid for only 30 seconds.", "propertyOrder" : 110, "type" : "integer", "exampleValue" : "" }, "algorithm" : { "title" : "OATH Algorithm", "description" : "", "propertyOrder" : 100, "type" : "string", "exampleValue" : "" } }, "required" : [ "scanQRCodeMessage", "passwordLength", "imgUrl", "bgColor", "accountName", "addChecksum", "minSharedSecretLength", "issuer", "policiesJson", "generateRecoveryCodes", "timeout", "totpHashAlgorithm", "truncationOffset", "totpTimeInterval", "algorithm" ] } ``` ### versionInfo List the versions available for the node type. **Usage** ``` am> action CombinedMFARegistration --realm Realm --actionName versionInfo ```