In general, we will setup keycloak mirroring PSI’s authentication policy which can be summarized as follow:
PSI’s Password policy
8 digits passwordcharacters or more
Never expires
must include
one lower case,
one upper case,
one number and
one special character
Not user name
Not email
PSI' 2FA
valid for 30 days per application/ device
Geo-limit: if IP is > 500 miles from previous login, request 2FA
...