diff --git a/spec/acceptance/2_realm_spec.rb b/spec/acceptance/2_realm_spec.rb
index dea598da..d06b4185 100644
--- a/spec/acceptance/2_realm_spec.rb
+++ b/spec/acceptance/2_realm_spec.rb
@@ -223,6 +223,12 @@ class { 'keycloak': }
         wait_increment_seconds            => 10,
         quick_login_check_milli_seconds   => 10,
         max_delta_time_seconds            => 3600,
+        otp_policy_type                   => 'totp',
+        otp_policy_algorithm              => 'HmacSHA512',
+        otp_policy_initial_counter        => 1,
+        otp_policy_digits                 => 8,
+        otp_policy_period                 => 30,
+        otp_policy_code_reusable          => true,
         web_authn_policy_rp_entity_name                    => 'Keycloak',
         web_authn_policy_signature_algorithms              => ['ES256', 'ES384', 'ES512', 'RS256', 'RS384', 'RS512'],
         web_authn_policy_rp_id                             => 'https://example.com',
@@ -299,6 +305,12 @@ class { 'keycloak': }
         expect(data['internationalizationEnabled']).to eq(true)
         expect(data['defaultLocale']).to eq('en')
         expect(data['supportedLocales']).to eq(['de', 'en'])
+        expect(data['otpPolicyType']).to eq('totp')
+        expect(data['otpPolicyAlgorithm']).to eq('HmacSHA512')
+        expect(data['otpPolicyInitialCounter']).to eq(1)
+        expect(data['otpPolicyDigits']).to eq(8)
+        expect(data['otpPolicyPeriod']).to eq(30)
+        expect(data['otpPolicyCodeReusable']).to eq(true)
         expect(data['webAuthnPolicyRpEntityName']).to eq('Keycloak')
         expect(data['webAuthnPolicySignatureAlgorithms']).to eq(['ES256', 'ES384', 'ES512', 'RS256', 'RS384', 'RS512'])
         expect(data['webAuthnPolicyRpId']).to eq('https://example.com')
diff --git a/spec/unit/puppet/type/keycloak_realm_spec.rb b/spec/unit/puppet/type/keycloak_realm_spec.rb
index 353bfa51..3a1bffc8 100644
--- a/spec/unit/puppet/type/keycloak_realm_spec.rb
+++ b/spec/unit/puppet/type/keycloak_realm_spec.rb
@@ -65,6 +65,13 @@
     quick_login_check_milli_seconds: 1_000,
     max_delta_time_seconds: 43_200,
     failure_factor: 30,
+    otp_policy_type: 'totp',
+    otp_policy_algorithm: 'HmacSHA1',
+    otp_policy_initial_counter: 0,
+    otp_policy_digits: 6,
+    otp_policy_look_ahead_window: 1,
+    otp_policy_period: 30,
+    otp_policy_code_reusable: :false,
     web_authn_policy_rp_entity_name: 'keycloak',
     web_authn_policy_signature_algorithms: ['ES256'],
     web_authn_policy_rp_id: '',
@@ -90,6 +97,9 @@
   # Test enumerable properties
   describe 'enumerable properties' do
     {
+      otp_policy_type: [:totp, :hotp],
+      otp_policy_algorithm: [:HmacSHA1, :HmacSHA256, :HmacSHA512],
+      otp_policy_digits: [6, 8],
       web_authn_policy_attestation_conveyance_preference: [:none, :indirect, :direct],
       web_authn_policy_authenticator_attachment: [:platform, :'cross-platform'],
       web_authn_policy_require_resident_key: [:Yes, :No],
@@ -200,6 +210,9 @@
       :quick_login_check_milli_seconds,
       :max_delta_time_seconds,
       :failure_factor,
+      :otp_policy_initial_counter,
+      :otp_policy_look_ahead_window,
+      :otp_policy_period,
       :web_authn_policy_create_timeout,
       :web_authn_policy_passwordless_create_timeout
     ].each do |p|
@@ -237,7 +250,8 @@
       :smtp_server_ssl,
       :brute_force_protected,
       :offline_session_max_lifespan_enabled,
-      :permanent_lockout
+      :permanent_lockout,
+      :otp_policy_code_reusable
     ].each do |p|
       it "accepts true for #{p}" do
         config[p] = true