I am evaluating Keycloak for one of our systems where 2FA with TOTPs would be a requirement. I am trying to figure out if there is a way to register a new Authenticator app via the Admin REST API, so our user's wouldn't need to interact with the Keycloak provided account page.
I've spent some time with the reference documentation but got no luck. Is there something I am missing? Is omitting the Keycloak provided UIs a preferred way to use this service?
Thanks!
No, you can't use API for that. You need user UI interaction.
I can't imagine how you will be able to distribute TOTP credentials to the user device. Maybe some high profile enterprise environments (Android Enterprise, ...) can force it, but it won't be very common use case.