Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-4182

Improve support for two factor authentication

    XMLWordPrintable

Details

    • Feature Request
    • Resolution: Obsolete
    • Major
    • None
    • None
    • None
    • NEW
    • NEW

    Description

      Currently, Keycloak is limited to using Google Authenticator or FreeOTP as a two factor mechanism. There is some support for using a custom authenticator to implement alternative methods, but that lacks on UI aspects.

      We should provide a number of enhancement to two factor authentication including:

      • Ability to only ask for two factor mechanism every N days (trust machine option) (KEYCLOAK-242)
      • Alternative/backup two factor mechanism to recover access and/or if user wants to regularly use alternative mechanisms (KEYCLOAK-565)
      • Ability for admins to register two factor mechanisms for user (i.e. hardware tokens)
      • Additional types built-in (i.e. SMS, email, printed backup codes, hardware tokens, Fido) (KEYCLOAK-7159)
      • Ability for user to manage multiple mechanisms through account management console (KEYCLOAK-565)
      • Configure OTP policy on authenticator and not on realm (KEYCLOAK-1897)

      Attachments

        Issue Links

          is related to

          Feature Request - Feature requests from customers and/or users KEYCLOAK-242 Trusted Device two factor authenticator

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Open

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. KEYCLOAK-847 Step-up Authentication

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Feature Request - Feature requests from customers and/or users KEYCLOAK-188 Yubikey authenticator

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Feature Request - Feature requests from customers and/or users KEYCLOAK-240 Two factor authentication via email

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Feature Request - Feature requests from customers and/or users KEYCLOAK-241 Two factor authentication via SMS

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Feature Request - Feature requests from customers and/or users KEYCLOAK-1250 New Account Management Console

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Feature Request - Feature requests from customers and/or users KEYCLOAK-6270 Two factor authentication with backup codes

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. KEYCLOAK-7159 W3C Web Authentication - Two Factor (preview)

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Feature Request - Feature requests from customers and/or users KEYCLOAK-1870 Support Hardware OTP Token Generators

          • Minor - To be worked after urgent, high, and medium priorities are resolved. This term is chosen when the severity of the issue is low, or the complexity or effort to correct it may be higher, relatively speaking. For low priority issues, known workarounds exist or are not needed due to the trivial effort needed to address the issue.
          • Closed

          Feature Request - Feature requests from customers and/or users KEYCLOAK-1897 Support device / auth app specific OTP policy settings.

          • Minor - To be worked after urgent, high, and medium priorities are resolved. This term is chosen when the severity of the issue is low, or the complexity or effort to correct it may be higher, relatively speaking. For low priority issues, known workarounds exist or are not needed due to the trivial effort needed to address the issue.
          • Closed

          Feature Request - Feature requests from customers and/or users KEYCLOAK-7957 Authentication by client source IP

          • Minor - To be worked after urgent, high, and medium priorities are resolved. This term is chosen when the severity of the issue is low, or the complexity or effort to correct it may be higher, relatively speaking. For low priority issues, known workarounds exist or are not needed due to the trivial effort needed to address the issue.
          • Closed

          Feature Request - Feature requests from customers and/or users KEYCLOAK-7958 Require MFA only for a certain user group (or by condition in general)

          • Minor - To be worked after urgent, high, and medium priorities are resolved. This term is chosen when the severity of the issue is low, or the complexity or effort to correct it may be higher, relatively speaking. For low priority issues, known workarounds exist or are not needed due to the trivial effort needed to address the issue.
          • Closed

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. KEYCLOAK-565 Allow users to have multiple two factor authenticators

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Enhancement - An enhancement or refactoring of existing functionality KEYCLOAK-3540 Move Realm OTP policy to configuration options on OTP authenticator

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            Public project attachment banner

              context keys: [headless, issue, helper, isAsynchronousRequest, project, action, user]
              current Project key: KEYCLOAK

              People

                Unassigned Unassigned
                sthorger@redhat.com Stian Thorgersen
                Votes:
                64 Vote for this issue
                Watchers:
                47 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: