Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-4182

Improve support for two factor authentication

    XMLWordPrintable

Details

    • Feature Request
    • Status: Closed
    • Major
    • Resolution: Obsolete
    • None
    • None
    • None
    • NEW
    • NEW

    Description

      Currently, Keycloak is limited to using Google Authenticator or FreeOTP as a two factor mechanism. There is some support for using a custom authenticator to implement alternative methods, but that lacks on UI aspects.

      We should provide a number of enhancement to two factor authentication including:

      • Ability to only ask for two factor mechanism every N days (trust machine option) (KEYCLOAK-242)
      • Alternative/backup two factor mechanism to recover access and/or if user wants to regularly use alternative mechanisms (KEYCLOAK-565)
      • Ability for admins to register two factor mechanisms for user (i.e. hardware tokens)
      • Additional types built-in (i.e. SMS, email, printed backup codes, hardware tokens, Fido) (KEYCLOAK-7159)
      • Ability for user to manage multiple mechanisms through account management console (KEYCLOAK-565)
      • Configure OTP policy on authenticator and not on realm (KEYCLOAK-1897)

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              sthorger@redhat.com Stian Thorgersen
              Votes:
              64 Vote for this issue
              Watchers:
              47 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: