MFA for system not on internet

[Andrew Freeman]

I am using Keycloak to login to a webapp on a private network with no internet access.  Is it still possible to use MFA?  Anyone have a step-by-step instruction on how to setup the TOTP app as well as Keycloak?

Thanks.

A S F

[Tony Harris]

Keycloak supports Google Authenticator and FreeOTP applications, both can be downloaded from respective app stores.

Setting up MFA in KEYCLOAK is a case of find the OTP tab in the authentication menu of the realm, selecting the MFA values, time or counter and making it a required action.  The next time the user logs in via KC they will be shown the QR code to scan.  They can do it with the above apps, enter the code it generates, job done.

--
You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/e1c8685b-a4d2-457f-bdd3-7968740f991an%40googlegroups.com.

[Tony Harris]

I should have said apart from downloading the OTP application no internet access is required.  So long as the server and the device are running on for the time based OTP are within a second or two all should be good.  Calculations of the next code are based upon a UTC timestamp so timezones don't get in the way.

[C R]

Hi Andrew,

The built-in OTP uses authenticator apps that work offline.

C.

Le ven. 2 déc. 2022 à 14:50, Andrew Freeman
<aspence...@gmail.com> a écrit :

>
> I am using Keycloak to login to a webapp on a private network with no internet access. Is it still possible to use MFA? Anyone have a step-by-step instruction on how to setup the TOTP app as well as Keycloak?
>
> Thanks.
> A S F
>