Skip to main content

Email-Based Authentication

This document discusses the email-based authentication via Keycloak.

Introduction

  • This authenticator's default setting is ALTERNATIVE.
  • If an SMTP setup is established for the realm, then {project name} utilizes this authenticator.
  • In this authentication type, an email will be sent to the user to confirm, if they would like to associate their provider with their account.
  • If you require users to authenticate using their password yet do not want linkage confirmation through email, deactivate this authentication process.

AuthType: Forms

  • Log into your Keycloak administration and then click on the Authentication link in the left side menu. You will see a page as shown in the screenshot below:
  • Under the Auth Type Forms, Mark it as required. (By default, it is marked as alternative). If this sub-flow is designated as an alternative and won't be carried out if the Cookie authentication type is successful.

Browser Conditional OTP Sub-Flow

By default, this sub-flow is conditional and runs in accordance with the outcome of the execution of the Condition - User Configured. If the outcome is true, Keycloak gets and executes the operations for this sub-flow.

User Configured Authentication And OTP Form

  • This authentication checks to see whether Keycloak has set up additional processes for the user in the flow. Only when the user has an OTP credential setup does the Browser - Conditional OTP sub-flow run.
  • The OTP Form is used as the last operation. Keycloak flags this execution as necessary, but due to the configuration in the conditional sub-flow, it only executes when the user has an OTP credential set up. Otherwise, the user is not shown an OTP form.