Digitalboard/docs
5
1
Fork 0
Code Pull requests 1 Activity Actions

Compare commits

base: Digitalboard:ccb6821e56235edba014a1d506edf1f98ae5a68c
Branches Tags
Digitalboard:main
Digitalboard:feature/keycloak-integration
Digitalboard:chore(docs)ipv6-docu
..
compare: Digitalboard:c8231193c9489d7a50ceef0da7d70dcda41c171f
Branches Tags
Digitalboard:main
Digitalboard:feature/keycloak-integration
Digitalboard:chore(docs)ipv6-docu

1 commit
ccb6821e56 ... c8231193c9

Author SHA1 Message Date
Bert-Jan Fikse
c8231193c9
chore: add guide to enforce otp for internal users in keycloak 2025-09-12 14:06:28 +02:00
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
keycloak/enforce-otp-internal.md
View file

@ -29,7 +29,7 @@
- **Digits**: `6`
- **Period**: `30` seconds
- **Algorithm**: `sha512`
- **Look ahead window**: `12`
- **Look ahead window**: `1-2`
- **Reusable token**: `off`
Click **Save**.
@ -74,7 +74,7 @@ With this enabled, internal users without an OTP configured will be prompted to
> This makes `browser-internal-otp` the default Browser flow, so **internal (local) users** who log in with username/password must use OTP.
**Important for external (Entra) users:**
- Go to **Identity Providers → (Microsoft Entra)** and ensure **Post Login Flow / Post Broker Login Flow** is **None** (or a flow **without** OTP), so external users dont get a Keycloak OTP prompt after IdP login.
- Go to **Identity Providers → (Microsoft Entra)** and ensure **Post Login Flow / Post Broker Login Flow** is **None** (or a flow **without** OTP), so external users don't get a Keycloak OTP prompt after IdP login.
---