Authsignal secures millions of passkey transactions out of our hosted Sydney region.

Authsignal secures millions of passkey transactions out of our hosted Sydney region.

Join us today!
Blog
/
Current article

Add MFA to Keycloak using Authsignal: A Step-by-Step Guide

Last Updated:
May 19, 2025
Steven Clouston
How to add MFA with Keycloak using Authsignal: A Step-by-Step Guide
AWS Partner
Authsignal is an AWS-certified partner and has passed the Well-Architected Review Framework (WAFR) for its Cognito integration.
AWS Marketplace

Configuring advanced authentication flows in KeyCloak can be very challenging. The Authsignal provider integration enables you to drop authentication challenges (including passkeys and WhatsApp OTP)  in your sign in flows. Our hosted UX and UI enable rapid deployments, while our full mobile SDK support enables you to build custom mobile experiences.

Let's dive into how to integrate Multi-factor authentication (MFA) with Keycloak using the Authsignal Keycloak provider and the Authsignal Java SDK.

For a visual walkthrough of this integration process, you can watch our step-by-step video guide:

Prerequisites

Before we begin, ensure you have:

1. A running Keycloak server

2. An Authsignal account

3. Basic familiarity with Keycloak administration

Step 1: Download and Install Required Components

First, you'll need to download two essential components:

- The Authsignal Keycloak provider

- The Authsignal Java SDK

Add both components to your Keycloak server's Providers folder. These pre-built tools are designed to work seamlessly with your existing Keycloak setup, though the provider is open-source if you need to make customizations.

Step 2: Configure Authentication Flow

Once the components are installed, follow these steps in your Keycloak admin portal:

1. Create or select your desired realm

2. Navigate to the Authentication section

3. Duplicate the Browser flow

4. Remove the conditional OTP from the flow

5. Add the Authsignal Authenticator provider as a new required step

Step 3: Configure Authsignal Provider

In the provider configuration:

1. Enter your Authsignal tenant secret key

2. Add your Authsignal API URL

3. Enable "Enroll by Default" if you want users to be automatically enrolled in MFA

4. Bind the flow to the Browser flow

Step 4: Set Up Authenticators

In your Authsignal dashboard, configure the authentication methods you want to offer to your users. In this example we are going to use Authenticator app.

Testing the Integration

Once configured, the MFA flow works as follows:

1. Users log in with their username and password

2. First-time users are prompted to enroll in MFA

3. Subsequent logins will require MFA verification

4. Upon successful verification, users gain access to their account

Conclusion

Integrating Authsignal MFA with Keycloak provides a robust security solution while maintaining a smooth user experience. The pre-built components and straightforward configuration process make it accessible for teams of all sizes to implement strong authentication measures.

For more detailed information and advanced configuration options, refer to the Authsignal documentation.

Try out our passkey demo
Passkey Demo
Have a question?
Talk to an expert
Related Resources
No items found.
NewsletterDemo PasskeysView docs
Keycloak
Multi-factor authentication
Integration
Managing Authenticators
You might also like
June 2025 SMS OTP regulatory updates: Banking's global shift to secure authentication
July 4, 2025
Governments worldwide are banning SMS OTPs due to rising fraud risks. Learn why regulators in the Philippines, UAE, and EU are cracking down, and what secure alternatives banks must adopt to stay compliant and protect customers.
regulation
Multi-factor authentication
Banking
SMS one-time-password
Apple's WWDC25 Passkey Updates: Fast Forwarding The Journey To Passwordless
June 19, 2025
At WWDC 2025, Apple announced powerful passkey updates that streamline account creation, sync credentials, and automate upgrades, making passwordless login easier than ever. Discover the five key features and what they mean for developers, users, and the future of secure authentication.
Apple's WWDC25
Passkeys
Passwordless authentication
June Update - AI Authentication Logic, Fast Backtesting, Advanced Banking Demo
June 19, 2025
Discover how Authsignal’s new AI assistant helps you understand complex rule logic in plain English, debug faster with rule backtesting, and fine-tune OTP rate limits—all from your dashboard.
Update
AI Authentication Logic

Secure your customers’ accounts today with Authsignal.

Passkey demoCreate free account

Authsignal is multi-factor authentication (passwordless authentication) as a service. Focused on powering mid-market and enterprise businesses to rapidly deploy optimized good customer flows that enable a flexible and risk-based approach to authentication.

AICPA SOCFido Certified
LinkedInTwitter
Passwordless / multi-factor authentication (MFA)
Pre-built UI (low code)UI components (customizable)Custom UI (flexible)
Why Authsignal?
Drop-in authentication
PasskeysBiometric authenticationWhatsApp OTPSMS OTPEmail OTPMagic linksAuthenticator apps (TOTP)Push authenticationPalm biometrics
Rules and policies engine
User observability
Industries
Financial services
Marketplace
e-Commerce
FinTech
Crypto
View all industries
Teams
Engineers
Use cases
Account takeovers (ATO)
Go passwordless
Call center
SMS cost optimization
Existing apps
View all use cases
Identity providers (IDPs)
Amazon Cognito
Auth0
Azure AD B2C
Duende IdentityServer
Keycloak
NextAuth.js
Integrations
C#
Java
Node.js
Open ID Connect (OIDC)
PHP
Python
React
Ruby
Ruby on Rails
Compare
Twilio Verify vs AuthsignalAuth0 vs AuthsignalAWS Cognito vs Authsignal + AWS Cognito
Resources
BlogDeveloper docsFree Figma mobile passkeys templateFree Figma desktop passkeys templateFree Figma webapp passkeys templatePress releasesAboutContact
What is
Passwordless Authentication
What is MFA (Multi-Factor Authentication)?
United States
+1 214 974-4877
Ireland
+353 12 676529
Australia
+61 387 715 810
New Zealand
+64 275 491 983
© 2024 Authsignal - All Rights Reserved
Terms of servicePrivacy policySecuritySystem statusCookies