/
Two-Factor Authentication with OTP (Authenticator)

Two-Factor Authentication with OTP (Authenticator)

 

 

We can enable two-factor authentication for platform users through the IM.

This two-factor authentication is implemented through an Authenticator, such as Microsoft, Google, or Free OTP.

Below, we will configure the necessary settings in the IM (Keycloak).

 

Configuring the OTP Authentication Flow

We need to access the Keycloak administration console and select the vertical/realm where we want to activate it.

Then, in the left menu, we select “Authentication.” On this screen, we choose the authentication flow: “Multitenant-browser-flow”

image-20250603-233924.png

 

Once inside the flow, we select “Add step” to add the OTP step. Using the search bar, we add the “OTP Form” step.

image-20250603-233941.png
image-20250603-233954.png

 

 

This step will be added at the end of the flow. We will need to drag and drop it so that it is on the same level as the “Vertical choice form”, placed just after it.

image-20250603-234010.png

 

Finally, in the dropdown menu, select “Required.” It can be deactivated at any time without losing the configuration of authenticators already linked to users.

image-20250603-234025.png

 

 

Linking Authenticator to a User

Once two-factor authentication is enabled, the first time a user logs in, they will be prompted to link an Authenticator to their account.

image-20250603-234047.png

 

We will proceed to configure the application accordingly.

Once configured, the user session will start. The next time the user logs in, they will be required to enter an OTP token to access.

image-20250603-234100.png