[keycloak-dev] TOTP setup
Gabriel Cardoso
gcardoso at redhat.com
Mon Aug 19 08:52:13 EDT 2013
Very nice Stian!
> * When a user first registers there will be a checkbox to enable TOTP if the users wants to - if TOTP is required by the realm this checkbox will always be enabled (and the user won't be able to change it)
> * After clicking register the user is forwarded to the configure TOTP page (in user account management)
> * If a user doesn't complete the above form, or a user registered prior to totp being set as required for the realm, when a user tries to login the user is forwarded to the configure TOTP page
> * The TOTP page should list out the available TOTP providers (ATM only Google authenticator is supported) and show instructions for the user to configure it. A user should be required to enter a valid authenticator code to enable TOTP
>
> Later a user can view the TOTP settings for his account through the user account management. If totp is not required by the realm the user can also remove the totp. A user can always change the totp, again this required providing a valid authenticator code.
This flow sounds good to me.
Gabriel
More information about the keycloak-dev
mailing list