[keycloak-user] Can TOTP be configured to be optional?

Bill Burke bburke at redhat.com
Thu Sep 10 14:23:22 EDT 2015

We don't have support for that.

On 9/10/2015 2:21 PM, Niels Bertram wrote:
> Thanks Marek, I will check it out. Is there a way to use TOTP for
> step-up authentication? for instance I may log into my account using a
> password and just browse my profile information. I then initiate editing
> my address details. When I submit the edits I am prompted with an
> additional form of authentication (e.g. TOTP) as an authentication step up.
> Kind Regards,
> Niels
> On Wed, Sep 9, 2015 at 6:17 PM, Marek Posolda <mposolda at redhat.com
> <mailto:mposolda at redhat.com>> wrote:
>     That's already available and it's the default setting how is
>     Keycloak configured. In other words, the TOTP is not mandatory by
>     default, but each user can go to the account management and setup
>     TOTP if he wants to. Then he will always need to provide TOTP
>     credentials during login (in other words, TOTP will become mandatory
>     for him).
>     Marek
>     On 09/09/15 06:41, Niels Bertram wrote:
>>     We would like to give users a choice to further enhance their
>>     profile security by enabling TOTP. We can only see this being
>>     configured at a realm level. Is it possible to enable this at an
>>     account level too?
>>     Kind Regards,
>>     Niels
>>     _______________________________________________
>>     keycloak-user mailing list
>>     keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>>     https://lists.jboss.org/mailman/listinfo/keycloak-user
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

Bill Burke
JBoss, a division of Red Hat

More information about the keycloak-user mailing list