Selective MFA providers with Keycloak support

[Bogdan Rudas]

Hello!

I would like to set up a selective MFA for Keycloak and am looking for any options that allow smart behaviour which can decrease usage of the 2-nd factor and simplify enrollment.

Most searchable items are internal OTP and PrivacyIdea, both require users to engage 2nd factor  every time. Another solution could be IBM secure Verify that requires a plugin which didn't run with recent Keycloak versions (please let me know if somebody here started it) but promised to be smarter.

MFA is crucial today, however Keycloak's implementation works for Keycloak only and doesn't work for VPN or Windows logon etc. I would appreciate any ideas on how to build a usable MFA compatible with Keycloak.

Thank you.

--

Bogdan Rudas
Director of IT Europe
Exadel Inc.
http://www.exadel.com/
E-mail: bru...@exadel.com
Skype ID: bogdan.rudas

CONFIDENTIALITY NOTICE: This email and files attached to it are confidential. If you are not the intended recipient you are hereby notified that using, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. If you have received this email in error please notify the sender and delete this email.

[Thomas Darimont]

Hello Bogdan,

you could take a look at privacy-idea: https://www.privacyidea.org/ which provides a broad support for a range of MFA mechanisms. 

There is also a keycloak extension for that: https://github.com/privacyidea/keycloak-provider 

Cheers,

Thomas

--
You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/CAO%2BXWg%3DtDExtjZy9xHtQzGLefXutSOmpGtmtvQTRf5UOXEGBaQ%40mail.gmail.com.