<div dir="ltr">Thanks Marek, I will check it out. Is there a way to use TOTP for step-up authentication? for instance I may log into my account using a password and just browse my profile information. I then initiate editing my address details. When I submit the edits I am prompted with an additional form of authentication (e.g. TOTP) as an authentication step up.<div><br></div><div>Kind Regards,</div><div>Niels</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Sep 9, 2015 at 6:17 PM, Marek Posolda <span dir="ltr"><<a href="mailto:mposolda@redhat.com" target="_blank">mposolda@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>That's already available and it's the
default setting how is Keycloak configured. In other words, the
TOTP is not mandatory by default, but each user can go to the
account management and setup TOTP if he wants to. Then he will
always need to provide TOTP credentials during login (in other
words, TOTP will become mandatory for him).<br>
<br>
Marek<div><div class="h5"><br>
<br>
On 09/09/15 06:41, Niels Bertram wrote:<br>
</div></div></div>
<blockquote type="cite"><div><div class="h5">
<div dir="ltr">We would like to give users a choice to further
enhance their profile security by enabling TOTP. We can only see
this being configured at a realm level. Is it possible to enable
this at an account level too?
<div><br>
</div>
<div>Kind Regards,</div>
<div>Niels</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div></div><pre>_______________________________________________
keycloak-user mailing list
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</div>
</blockquote></div><br></div>