In general, we will setup keycloak mirroring PSI’s authentication policy which can be summarized as follow:
PSI’s Password policy
8 digits password
must include one lower case, one upper case and one special character
cannot use any of the last 10 passwords]
PSI' 2FA
valid for 30 days per application/ device
Geo-limit: if IP is > 500 miles from previous login, request 2FA
Additionally, PSI is due to implement OTP phone numbers for verification.