WebAuthN Token Enrollment

[belfhi]

In Keycloak I can configure a service account to allow
token enrollment if a user does not have active tokens.
This works well for TOTP tokens but there is no option
to use register a webauthn token.
It would be great if that was also available without leaving the keycloak
login process.

[nilsbehlen]

Hello, we are currently not planning on extending the enrollment feature in this or any other plugin. This is because we think doing the rollout during the authentication is not a good workflow and should instead be done centrally using the privacyIDEA server.

[belfhi]

oh that's surprising. I found the integration with Keycloak very well done and intuitive for the user. If I don't need to send a user to another website to register a token it will be easier to use and the (initial) acceptance for 2FA / MFA / passwordless will rise. But thanks for your answer.