Set up authenticator app to generate one-time passwords for MFA

Time-based One-Time Password (TOTP) is a method for generating time-limited one-time passwords.

Authenticator apps generate these one-time passwords and thus offer an operating system-independent additional factor that you can take with you wherever you go, be it your home office, lecture hall, PC room, business trip, ... .
Authenticator apps require no network connections, no Google account, no biometric authentication and work perfectly even on older smartphones. All that is required is an exact time.

Step 1) Install Authenticator app

There are numerous authenticator apps for smartphones that can generate these one-time passwords, but some of them are fee-based and dubious. If you are unsure, make sure that you choose Google Authenticator.

The Google Authenticator app is very easy to set up. You can also use the app without a Google account. Scanning the QR code will take you directly to Google Play or the Apple App Store:

Step 2) Log in to the Keycloak account management

Step 3) Set up Authenticator application

Klicken Sie auf 'Set up authenticator application':

Open e.g. Google Authenticator on your smartphone: 'Get started' → 'Without Google account' → 'Add a code' (colored plus) → 'Scan a QR code'

Scan the displayed QR code with the Authenticator app:

Enter the six-digit code generated by the authenticator app in the field 'One-time password'.

In the 'Device name' field, enter a name that will allow you to clearly identify the exact smartphone even a year from now.
Meaningful designations will prove to be extremely helpful if you ever set up a new smartphone.

Log in using one-time passwords

If you are asked for a six-digit one-time password when logging in, enter the current code from the authenticator app: