Multiple Email Providers
Send OTP codes via Keycloak SMTP, SendGrid, AWS SES, or Mailgun โ choose per authentication flow with automatic fallback support.
Seamless Keycloak Integration
Integrates with Keycloak's built-in authentication flow builder. Add Email OTP as a required or conditional second factor alongside any existing flow.
Customizable Templates
Fully customize the OTP email's HTML layout, subject line, and body text. Ships with translations for 11 languages including Arabic, Chinese, and Russian.
Easy Deployment
Deploy via Maven Central, a local Maven build, or a multi-stage Docker image. Compatible with Keycloak 26.x and standard provider SPI conventions.
Automatic Fallback
When a 3rd-party provider is unavailable, the authenticator automatically falls back to Keycloak's built-in SMTP, ensuring uninterrupted delivery.
Developer Friendly
Simulation mode logs OTP codes to the container console so you can test the full 2FA flow locally without a real mail server.