Enable 2FA

Two-factor authentication (2FA) enhances security by requiring users to provide two forms of identification before they are granted access. This method adds a layer of protection to the standard username and password method, making it significantly more challenging for potential intruders to gain unauthorised access.

Implementing 2FA in Keycloak helps organizations bolster their defences against data breaches and unauthorized access, which is crucial for protecting sensitive data in today’s digital landscape.

How to configure it?

1. Going to the 'Authentication' tab, clicking on the browser

1. In the 'Browser - Conditional OTP' section select 'Required'

1. Select the user needed to be added to use 2FA and add 'Configure OTP' under the 'Required user actions' section

1. When logging in with that user, a screen will guide on how to follow the configuration

1. Please ensure that 'Configure OTP' under the 'Required user actions' section is removed (otherwise everytime it will ask to configure otp as if it was the first time).

1. After configuring this every time the user logs in, they will be required a ONE-TIME CODE

1. (Optional) OTP settings can be found here