Details

    • Type: Feature Request
    • Status: Triage (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: Backlog
    • Component/s: None
    • Labels:
    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      Currently, Keycloak is limited to using Google Authenticator or FreeOTP as a two factor mechanism. There is some support for using a custom authenticator to implement alternative methods, but that lacks on UI aspects.

      We should provide a number of enhancement to two factor authentication including:

      • Ability to only ask for two factor mechanism every N days (trust machine option) (KEYCLOAK-242)
      • Alternative/backup two factor mechanism to recover access and/or if user wants to regularly use alternative mechanisms (KEYCLOAK-565)
      • Ability for admins to register two factor mechanisms for user (i.e. hardware tokens)
      • Additional types built-in (i.e. SMS, email, printed backup codes, hardware tokens, Fido) (KEYCLOAK-7159)
      • Ability for user to manage multiple mechanisms through account management console (KEYCLOAK-565)
      • Configure OTP policy on authenticator and not on realm (KEYCLOAK-1897)

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  Unassigned
                  Reporter:
                  stianst Stian Thorgersen
                • Votes:
                  64 Vote for this issue
                  Watchers:
                  55 Start watching this issue

                  Dates

                  • Created:
                    Updated: