we currently have a keycloak server setup with both TOTP and the forget password (reset-credential) flow active.

When we organize a update password action for a user through the admin panel, he gets an email with a link, and after choosing a new password, the user has to enter the TOTP in the login screens before actually being logged in.

When the user himself organizes a forget password on the login screen, he gets an email with a link, and after choosing a new password, the user DOES NOT have to enter the TOTP in the login screens before actually being logged in.

We want both actions to be the same, or at least always want the TOTP be entered in logging in. 

Can this last part be changed, either through a configuration setting or creating a whole new reset credential flow within the current Keycloak version (1.6.0) or do I need a JIRA ticket for a feature request?

Tnx,

Johan Heylen