Contact salesSign inSign up

Authsignal secures millions of passkey transactions out of our hosted Sydney region.

Authsignal secures millions of passkey transactions out of our hosted Sydney region.

Join us today!
Blog
/
Current article

Add MFA to Keycloak using Authsignal: A Step-by-Step Guide

Last Updated:
December 9, 2024
Steven Clouston
How to add MFA with Keycloak using Authsignal: A Step-by-Step Guide

Configuring advanced authentication flows in KeyCloak can be very challenging. The Authsignal provider integration enables you to drop authentication challenges (including passkeys and WhatsApp OTP)  in your sign in flows. Our hosted UX and UI enable rapid deployments, while our full mobile SDK support enables you to build custom mobile experiences.

Let's dive into how to integrate Multi-factor authentication (MFA) with Keycloak using the Authsignal Keycloak provider and the Authsignal Java SDK.

For a visual walkthrough of this integration process, you can watch our step-by-step video guide:

Prerequisites

Before we begin, ensure you have:

1. A running Keycloak server

2. An Authsignal account

3. Basic familiarity with Keycloak administration

Step 1: Download and Install Required Components

First, you'll need to download two essential components:

- The Authsignal Keycloak provider

- The Authsignal Java SDK

Add both components to your Keycloak server's Providers folder. These pre-built tools are designed to work seamlessly with your existing Keycloak setup, though the provider is open-source if you need to make customizations.

Step 2: Configure Authentication Flow

Once the components are installed, follow these steps in your Keycloak admin portal:

1. Create or select your desired realm

2. Navigate to the Authentication section

3. Duplicate the Browser flow

4. Remove the conditional OTP from the flow

5. Add the Authsignal Authenticator provider as a new required step

Step 3: Configure Authsignal Provider

In the provider configuration:

1. Enter your Authsignal tenant secret key

2. Add your Authsignal API URL

3. Enable "Enroll by Default" if you want users to be automatically enrolled in MFA

4. Bind the flow to the Browser flow

Step 4: Set Up Authenticators

In your Authsignal dashboard, configure the authentication methods you want to offer to your users. In this example we are going to use Authenticator app.

Testing the Integration

Once configured, the MFA flow works as follows:

1. Users log in with their username and password

2. First-time users are prompted to enroll in MFA

3. Subsequent logins will require MFA verification

4. Upon successful verification, users gain access to their account

Conclusion

Integrating Authsignal MFA with Keycloak provides a robust security solution while maintaining a smooth user experience. The pre-built components and straightforward configuration process make it accessible for teams of all sizes to implement strong authentication measures.

For more detailed information and advanced configuration options, refer to the Authsignal documentation.

Try out our passkey demo
Passkey Demo
Subscribe to our monthly newsletter
Subscribe
Related Resources
No items found.
Talk to an expertDemo PasskeysView docs
Keycloak
Multi-factor authentication
Integration
Managing Authenticators
You might also like
Authsignal in partnership with MATTR claims authentication world first, binding Mobile Driver’s License (mDL) to Palm Biometrics
December 5, 2024
Authsignal has launched a world-first solution that binds a mobile driver's license (mDL) with Palm Biometrics.
palm-biometrics
Press Release
Biometrics Passkey-Binding: Ensure Digital Credential Ownership and Real Human Presence
November 19, 2024
Learn about biometric passkey-binding pairs facial recognition with cryptographic passkeys for secure, seamless authentication, protecting against phishing, deepfakes, and fraud while improving user experience.
Biometric authentication
Biometrics passkey binding
Passkeys
Passkey Recovery & Fallback: Can Passkeys Stand Alone and Fully Replace Passwords & MFA?
November 23, 2024
Passkeys simplify authentication and resist phishing, but can they truly replace passwords and MFA? Explores passkey fallback opinions, key challenges, and best practices, highlighting why passkeys are the future of authentication.
Passkeys
Passkeys implementation
Fallback
Biometric authentication
Secure your customers’ accounts today with Authsignal.
Passkey demoCreate free account

Authsignal is multi-factor authentication (passwordless authentication) as a service. Focused on powering mid-market and enterprise businesses to rapidly deploy optimized good customer flows that enable a flexible and risk-based approach to authentication.

AICPA SOC
LinkedInTwitter
Features
Passwordless AuthenticationPasskeysBiometric AuthenticationMulti-factor AuthenticationWhatsApp OTPNo-Code Rules EngineSingle View of the CustomerPalm Biometrics
Use Cases
Account Takeovers (ATO)
User Onboarding & Sign-up
SMS Cost Optimization
Fraud Protection
Existing Apps
View all Use Cases
Industries
Financial Services
Marketplace
FinTech
Crypto
View all Industries
Identity Providers (IDPs)
AWS Cognito
Auth0
Azure AD B2C
Duende IdentityServer
Keycloak
NextAuth.js
Open ID Connect (OIDC)
Ruby on Rails
Supabase
Coding Languages
C#
Java
Node.js
PHP
Python
React
Ruby
Compare
Twilio vs AuthsignalAuth0 vs Authsignal
Resources
BlogDeveloper DocsSolutions MarketplaceKnowledge BaseFree Figma Mobile Passkeys TemplateFree Figma Desktop Passkeys TemplateFree Figma WebApp Passkeys TemplateAboutContact
What is
Passwordless Authentication
What is MFA (Multi-Factor Authentication)?
United States
+1 214 974-4877
Ireland
+353 12 676529
Australia
+61 387 715 810
New Zealand
+64 275 491 983
© 2024 Authsignal - All Rights Reserved
Terms of servicePrivacy policySecuritySystem statusCookies