open-cmmc-stack/ansible/roles/identity/tasks/setup_mfa.yml

# tasks/setup_mfa.yml
---
- name: Enable MFA flow in Keycloak
  command: >
    /opt/keycloak/bin/kcadm.sh update authentication/flows/browser
    -r {{ keycloak_realm }}
    -s 'requireMFA=true'
    --server http://localhost:{{ keycloak_port }}
    --realm master
    --user {{ keycloak_admin_user }} --password {{ keycloak_admin_password }}