get_totp_users
Count users with TOTP configured in a Keycloak realm by scanning each user's credentials. Supports filtering by enabled users and a user cap to limit resource usage.
Instructions
Report how many users have TOTP (OTP) configured across the realm.
Enumerates users and inspects each one's credentials for an otp entry.
KeyCloak has no bulk credential endpoint, so this makes one credential
request per user (N+1) — expect it to be slow on large realms; bound it with
max_users (which also short-circuits the user enumeration). Users whose
credential lookup fails are counted separately and skipped, so a single
transient error does not abort the whole scan.
Args: enabled_only: Only scan enabled users (default True). list_users: Include the list of usernames with TOTP (default True). max_users: Cap the number of users scanned (0 = all). When the cap is hit the percentage covers only the sample, not the realm.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| max_users | No | ||
| list_users | No | ||
| enabled_only | No |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
| result | Yes |