Keycloak and MFA
The simplest way to enable MFA in Keycloak is on a user-by-user basis. When a user is created, an administrator can also configure additional steps that must be performed during the first login. Those include one-time password (OTP) and Web Authentication (WebAuthn) registration:
- In the Keycloak console, go to Users | Create User. Enter a value in the Username field and select Configure OTP in the Required user actions drop-down menu:
Figure 9.42 – The Create user page
- Click Create:
Figure 9.43 – The Create user page
After setting the credentials for the user, let’s try accessing the same application we tested before.
- Open
http://localhost:3000/. Enter the username and password for the user we just created. After the sign-in page, the Mobile Authenticator Setup page opens, as this is the first time this user is logging in, and the user doesn’t have...
