Disabling Two-Factor Authentication
Disabling Two-Factor Authentication
The post describes how to disable Two-Factor Authentication in Keycloak.
Disabling Two-Factor Authentication for a specific user
In my previous post I have described how to configure Two-Factor Authentication.
But what should you do when your user lost a mobile device?
What should you do when your user uninstalled the Google Authenticator by mistake?
You need to disable Two-Factor Authentication for the user.
Configuration
Open Keycloak admin page, open Users, open the user and go to the Credentials tab.
Select in the Disableable Types list the otp value.

Select in the Disable button.

Confirm by pressing the Disable credentials button.

That’s it - your user can login with username and password only.
Disabling Two-Factor Authentication for new users
If you want to disable Two-Factor Authentication for new users you need revert your changes.
Open Keycloak admin page, open Authentication, go to the Required Actions tab.
Uncheck the Default Action in the Configure OTP row.
