Disabling Two-Factor Authentication

The post describes how to disable Two-Factor Authentication in Keycloak.

Disabling Two-Factor Authentication for a specific user

In my previous post I have described how to configure Two-Factor Authentication.

But what should you do when your user lost a mobile device?

What should you do when your user uninstalled the Google Authenticator by mistake?

You need to disable Two-Factor Authentication for the user.

Configuration

Open Keycloak admin page, open Users, open the user and go to the Credentials tab.

Select in the Disableable Types list the otp value.

Select in the Disable button.

Confirm by pressing the Disable credentials button.

That’s it - your user can login with username and password only.

Disabling Two-Factor Authentication for new users

If you want to disable Two-Factor Authentication for new users you need revert your changes.

Open Keycloak admin page, open Authentication, go to the Required Actions tab.

Uncheck the Default Action in the Configure OTP row.