Keyclock for windows Login using SSO and MFA #14312
Replies: 1 comment
-
In the setup I'm working with, we have Azure active directory as an identity provider in our Keycloak realm. We needed to get the SAML IdP metadata from Azure, import it into Keycloak, and send the Keycloak SdP metadata back to Azure. This type of setup meansKeycloak displays a button the users click on, on the usual login screen, to be taken through the Azure login process. I imagine you can configure Azure to require MFA, but if you want to handle that in Keycloak, one technique we've used is to configure the "browser" authentication flow so that the "Browser - Conditional OTP" portion is required; by default it's conditional. This forces each user to register an OTP device on their first login. |
Beta Was this translation helpful? Give feedback.
-
How can we use keyclock for windows login using Single Sign On and Multi Factor Authentication
Beta Was this translation helpful? Give feedback.
All reactions