Configuration of multi-factor authentication in Keycloak
As a Server Administrator, you can configure multi-factor authentication that is provided by Keycloak so that the authenticity of the users is validated when they sign in or log into HCL OneTest™ Server.
HCL OneTest™ Server uses Keycloak for user administration and user authentication is one of its features.
Keycloak mandates users create their login credentials at the time of signing up with HCL OneTest™ Server. To enhance the security of HCL OneTest™ Server and to prevent unauthorized users from logging in when user credentials are compromised, the Server Administrator can use the multi-factor authentication that is provided by Keycloak.
Multi-factor authentication
- Use of a password that is created by the user when the user creates an account in HCL OneTest™ Server is the default layer of authentication.
- A one-time password (OTP) that is generated by any of the OTP generators that the users install on their mobile device and register their mobile device with Keycloak. The OTP method is an optional layer of authentication that needs to be configured and enabled in Keycloak by the Server Administrator.
As a Server Administrator, you can configure the OTP policy as a MFA method in Keycloak. See Setting up a one-time password policy as MFA in Keycloak.
After you set up the OTP policy in Keycloak, you must enable or activate the OTP policy so that the MFA UI is displayed for users at the time of logging into HCL OneTest™ Server. See Enabling the one-time password policy as the default MFA action in Keycloak.
At times, if users report that their credentials are compromised or have lost their mobile device, the Server Administrator can reset the OTP credential of the user that is saved in Keycloak. Resetting the OTP credential enables the users to register their mobile devices again to use the OTP authentication. See Resetting the one-time password policy for a user in Keycloak.