Skip to main content
Skip table of contents

Keycloak OTP configuration

🔎 Overview

This documentation guides the users towards setting up a One Time Password (OTP) used as a 2 Factor-Authentication (2FA) authentication security mechanism. For further details please refer to the Keycloak’s official documentation https://www.keycloak.org/docs/latest/server_admin/#one-time-password-otp-policies

Are presented here some security steps that ensures the recuperation of the concerned account if the user has no longer access to the OTP end-device.

📚 Prerequisite

  • SMTP Server

⚙️ Configuration

The following steps are presented for the Keycloak admin account of the master realm. The same applies for Keycloak users defined in the Lissi-cloud realm

Recuperation

  1. Login to the Keycloak admin console

  2. Navigate to Realm Settings / Login

  3. Check the option Forgot paswword

  4. Navigate to the Realm Settings / Email

  5. Configure a connection to your SMTP server (Used to send the account reset link)

Activate OTP

The OTP authentication can be requested on a user basis, or requested for each user that will be created
In the first case scenario →

  1. Navigate to Users

  2. Select the desired user

  3. In the Required Action input field, select Configure OTP

In the second case scenario →

  1. Navigate to Authentication / Required Actions

  2. Locate Configure OTP and check both options Enabled and Set as default action

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.