[keycloak-dev] Usability: Improve screen for setup TOTP
Marek Posolda
mposolda at redhat.com
Fri Nov 22 04:56:19 EST 2019
On 22. 11. 19 10:36, Stian Thorgersen wrote:
> For "Device name" field. What about "Phone name" and prefilling it
> with the name of the phone? We have the UA parser thing right so can
> just use the value from that?
Hmm, but UA parser is used for parsing requests sent to Keycloak server
AFAIK? And in case of OTP, the phone doesn't send any requests and
doesn't directly communicate with Keycloak server. So not sure how UA
parser could help?
Marek
>
> On Fri, 22 Nov 2019 at 10:34, Stian Thorgersen <sthorger at redhat.com
> <mailto:sthorger at redhat.com>> wrote:
>
> +1 "To try another way", but that should only be displayed if the
> user is requested to setup two-factor and there are more choices.
> If a user has selected to enable OTP through the account console
> (AIA) it should not be displayed.
>
> On Thu, 21 Nov 2019 at 15:24, Marek Posolda <mposolda at redhat.com
> <mailto:mposolda at redhat.com>> wrote:
>
> On 21. 11. 19 12:02, Marek Posolda wrote:
> >
> > I want to ask some feedback about the screen for the "Setup
> TOTP" .
> > I've created JIRA
> https://issues.jboss.org/browse/KEYCLOAK-12168 ,
> > which contains some screenshot of how currently the screen
> for the
> > required action for "Setup OTP" looks like. In other words,
> this is
> > displayed to the user at the end of the authentication when
> he has
> > "Setup TOTP" required action on him.
> >
> > Few questions:
> >
> > * Is the "Device name" appropriate label? Would something like
> > "Authenticator App Label" be better?
> >
> > * Should it be more emphasized that "Authenticator App
> Label" is not
> > mandatory? IMO it is currently not very clear. Also there is
> > nothing in the help-text about this input field. Maybe
> we can add
> > another sentence to point 3 like "Optionally provide
> Authenticator
> > App Label as a reference." I am not very happy with that
> sentence.
> > Any better ideas?
> >
> > * Alternatively we can use separate screen for providing the
> > "Authenticator App Label" . In other words, there will
> be just
> > single input for OTP code and than once user clicks
> "Submit" and
> > OTP code is successfully verified, there will be another
> screen
> > where he can provide "Authenticator App Label" . It
> seems Google
> > is using separate screen for providing labels when user
> register
> > Security Key.
> >
> > * Any better ideas?
> >
> > * We can possibly improve the old account console in
> similar manner.
> > Currently it looks like in screenshot
> setup-otp-account-mgmt.png .
> > Maybe we can at least change the label for "Device name"
> and also
> > add another sentence to the help text?
> >
> One more point: At the bottom of the page for register TOTP,
> we possibly
> need the link "Try another way" or something like that. This
> link will
> be displayed just if user is currently trying to "Register 2nd
> factor
> credential" because he is required to do so, and he has some more
> alternative credential types to register (EG. WebAuthn).
>
> Marek
>
> > Thanks,
> >
> > Marek
> >
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
More information about the keycloak-dev
mailing list