Lab 16: Conditional Keycloak 2FA SMS Authenticator

In this lab, you will learn how to configure a conditional authentication flow for 2FA Authentication.

Basically, we will edit the authentication flow we built on the previous lab in order to enable 2FA only for admin accounts, and keep classic login/password page for simple users.

Step 0 : Prerequisite

  • A Realm with at least 2 users and 2 roles (Admin and User)

  • Completing the previous lab

Step 1 : Add a new Authenticator Execution

The starting point is what we configured in the previous lab :

SMS Authentication flow

We create a new Authenticator Execution :

SMS Authentication flow

And then we open the configuration page related to this new Authenticator :

SMS Authentication flow

Select the admin role :

SMS Authentication flow

This will enable this authenticator only for admin accounts.

The final configuration will look like this :

SMS Authentication flow

Step 2 : Test

Now it's time to test your new flow : try to login using different accounts (Admin and a simple user) so you can see the difference.

PreviousLab 15: Keycloak 2FA SMS AuthenticatorNextLab 17: Using Github as an identity provider

Last updated