Resetting the one-time password policy for a user in Keycloak
If multi-factor authentication is enabled for Test Hub, and a user is not able to log in because the mobile device that generates an OTP is lost, the user must request the Server Administrator to reset their credentials. The Server Administrator must reset the credentials of the user so that the user can register the mobile device again.
- Ensured that you are assigned a role as a Server Administrator of Test Hub. See Default user administration.
- Configured a one-time password policy as MFA in Keycloak. See Setting up a one-time password policy as MFA in Keycloak.
- Enabled a one-time password policy as the default MFA action in Keycloak. See Enabling the one-time password policy as the default MFA action in Keycloak.
- Received requests from users to enable registration of their new mobile devices for authentication.
- Logged into the testserver realm in Keycloak.
When as a Server Administrator, you configure and enable a one-time password (OTP) authentication policy in Keycloak, all users who attempt to log into Test Hub must provide their password and an OTP. Users must install the OTP generators on their mobile devices and register their mobile devices with Keycloak.
If a user loses the mobile device that has the OTP generators installed, then that user cannot provide an OTP to log into Test Hub.
You must then delete the stored credentials of the user for the OTP authentication in Keycloak and re-enable the OTP action for the user. The user must register the new device again for OTP authentication.
You reset the OTP policy for a user.