my company decided to use KeyCloak and i need to understand if it’s possible to implement the following list of requests:
- OTP must be provided not only via GoogleAuthenticator or FreeOTP app but also via email and sms ( user is free to choose which of these 3 methods to use)
- OTP session must be time-boxed ( it must last 10days) and be tied to a device: let’s me try to explain better… once the user has logged in inserting the OTP, for the nexts 10 days he will no longer be asked to enter the OTP code unless he has changed his browser.
Is it possibile to do it with KeyCloak?
Could you give me some info/hints?
Sorry for my english… i hope i was able to explain my problems.