Enable OTP in account change password

RiccardoSaponi · November 30, 2022, 1:47pm

Is it possible to enable the OTP token request within the account password change? This is an additional security policy:

the user changes his password by entering the old password, the new password and the confirmation password.
the user clicks save
if the user has OTP credentials, Keycloak proposes the insertion of the token (exactly as happens for reset flow and login flow)

kmharish · January 22, 2025, 11:06am

Were you able to figure this out? I need to impliment something similer

djordje · January 24, 2025, 3:35pm

You can try adding a required action to user but not from UI, but from code:

Probably it will require some custom provider for reset password, check which one is being used, and create new one with adding this to the user.

Topic		Replies	Views
Keycloak Authentication Set up OTP after registration approved Getting advice authentication	1	355	March 27, 2024
How to disable OTP for a user, once enabled Getting advice	0	583	October 20, 2020
Reset password and OTP Getting advice admin-rest	0	851	February 10, 2022
Reset Credentials flow and OTP Configuring the server	0	745	April 8, 2020
Require old password on change password (user account service) Getting advice account-console	8	5932	January 6, 2025