I've added an audit listener that can send emails on events. By default it once enabled as an audit listener for a realm it will send emails on these events: * Login error * Update password * Remove totp * Update totp It will only send events if a user has a verified email address. This is more aimed as a template for someone that wants to implement their own, as we don't have the time needed to do this properly at the moment. Especially with regards to failed login attempts, as it is a bit silly to send an email after a single failed login attempt. Also, it's possible to configure include/exclude events in keycloak-server.json, for example: "audit-listener": { "email": { "include": [ "update_password" ] } } It's also possible to configure include/exclude events that are persisted (and hence visible in the admin console) through keycloak-server.json as well: "audit": { "provider": "jpa", "jpa": { "exclude-events": [ "REFRESH_TOKEN" ] } }, Configuring include/exclude for these providers are currently limited to a server-wide config. After the 1.0 release I'd like to add a configuration mechanism for providers on a realm level, so we can configure these things without having to constantly add things to RealmModel. I'll send a separate email on this soon.