Resetting the one-time password policy for a user in Keycloak

If multi-factor authentication is enabled for HCL OneTest™ Server, and a user is not able to log in because the mobile device that generates an OTP is lost, the user must request the Server Administrator to reset their credentials. The Server Administrator must reset the credentials of the user so that the user can register the mobile device again.

Before you begin

You must have completed the following tasks:

Ensured that you are assigned a role as a Server Administrator of HCL OneTest™ Server. See Default user administration.
Configured a one-time password policy as MFA in Keycloak. See Setting up a one-time password policy as MFA in Keycloak.
Enabled a one-time password policy as the default MFA action in Keycloak. See Enabling the one-time password policy as the default MFA action in Keycloak.
Received requests from users to enable registration of their new mobile devices for authentication.
Logged into the testserver realm in Keycloak.

About this task

When as a Server Administrator, you configure and enable a one-time password (OTP) authentication policy in Keycloak, all users who attempt to log into HCL OneTest™ Server must provide their password and an OTP. Users must install the OTP generators on their mobile devices and register their mobile devices with Keycloak.

If a user loses the mobile device that has the OTP generators installed, then that user cannot provide an OTP to log into HCL OneTest™ Server.

You must then delete the stored credentials of the user for the OTP authentication in Keycloak and re-enable the OTP action for the user. The user must register the new device again for OTP authentication.

Procedure

Click Users in the navigation pane.

The Users page is displayed.
Search for the user by entering the username of the user in the Search field.
Click the username that is displayed as a result of the search.

The User details page is displayed.
Click the Credentials tab.
Click the menu icon in the row of Otp, and then click Delete.
Click Delete in the Delete credentials? dialog.

The saved details of the OTP credential are removed for the user.
Click the Details tab on the User page.
Select the Configure OTP option from the Required user actions list.
Click Save.

When the user attempts to sign in or log into HCL OneTest™ Server, the Authenticator Setup dialog is displayed, and the user can register their new device for the OTP authentication with Keycloak.

Results

You reset the OTP policy for a user.