SMS MFA Extension for Keycloak

Q: Which SMS gateways are supported?

The SMS MFA extension uses the SMS Provider Extension, which integrates existing SMS services. Common providers such as Twilio, MessageBird or your existing enterprise gateways can be integrated.

Q: Is SMS MFA secure enough?

SMS MFA adds an additional security factor compared to password-only login. For the highest security requirements, we recommend combining it with other methods (TOTP, passkeys) via the MFA Selection extension.

Q: What happens if the SMS doesn’t arrive?

Users can request the code again (with rate limiting for protection). In combination with the MFA Selection extension, alternative methods can serve as a fallback.

Q: Can SMS texts be customized?

Yes. SMS templates can be configured per realm and language – with a custom sender and text.

Q: How are SMS messages logged?

Every SMS send is logged in the audit log: timestamp, recipient (anonymized), success/failure. This supports compliance requirements and troubleshooting.

One-Time Passwords via SMS – Without Installing an App

Secure logins with one-time passwords via SMS. The user receives a code on their phone and enters it during login – no app, no device binding. For whom: SMS MFA is particularly suitable for B2C scenarios with a broad user base, as a fallback option, or when low entry barriers are more important than maximum security.

Keycloak Extension SMS-OTP 2FA / MFA B2C

Book a free
consultation call now

Online and fast

available time slots

Choose a time slot

Flow

Login with SMS code

After entering username and password, Keycloak generates a temporary code and sends it via SMS. The user enters the code – access granted.

Prerequisite

SMS Provider Extension

Requires the SMS Provider Extension for gateway integration. Can be combined with MFA Selection (SMS as an option) and User Portal (phone numbers in self-service).

Frequently asked questions about the SMS MFA extension

Gateway, security, configuration

Which SMS gateways are supported?

Is SMS MFA secure enough?

What happens if the SMS doesn’t arrive?

Can SMS texts be customized?

How are SMS messages logged?

SMS MFA Extension for Keycloak

One-Time Passwords via SMS – Without Installing an App

Book a free
consultation call now

Flow

Login with SMS code

Prerequisite

SMS Provider Extension

Frequently asked questions about the SMS MFA extension

Gateway, security, configuration

SMS MFA Extension for your project

Let’s check together whether SMS MFA fits your requirements.

SMS MFA Extension for Keycloak

One-Time Passwords via SMS – Without Installing an App

Book a free consultation call now

Flow

Login with SMS code

Prerequisite

SMS Provider Extension

Frequently asked questions about the SMS MFA extension

Gateway, security, configuration

SMS MFA Extension for your project

Let’s check together whether SMS MFA fits your requirements.

Book a free
consultation call now