Keycloak is enforcing OTP for the B2BAdmin user likely because the authentication flow's role condition is misconfigured, the user indirectly has the B2BEUAdmin role, the OTP step is applied unconditionally, or the user has a required action like "Configure OTP" set.