Skip to Content
Last modified by Agnease on 2026/06/24 16:39
From version 23.1
edited by Agnease
on 2026/06/24 15:26
Change comment: Rollback to version 22.5
To version 17.1
edited by Agnease
on 2026/06/24 14:53
Change comment: Upload new image "mfa-admin-full.png", version 1.1

Summary

Details

Page properties
Content
... ... @@ -11,9 +11,9 @@
11 11   'icon': 'mobile',
12 12   'content': 'Let users verify access with time-based TOTP codes generated by authenticator applications.'
13 13  },{
14 - 'title': 'Recovery and trusted devices',
15 - 'icon': 'shield',
16 - 'content': 'Provide backup access with recovery codes and reduce repeated prompts on trusted browsers.'
14 + 'title': 'Email verification codes',
15 + 'icon': 'envelope-o',
16 + 'content': 'Send one-time verification codes by email when this method is enabled or combined with app codes.'
17 17  }])
18 18  
19 19  #set ($adminExperienceItems = [{
... ... @@ -21,13 +21,13 @@
21 21   'icon': 'cog',
22 22   'content': 'Make MFA optional or required for all users from the XWiki Administration section.'
23 23  },{
24 - 'title': 'Configuration options',
25 - 'icon': 'sliders',
26 - 'content': 'Set the authenticator issuer name, recovery-code count and trusted-device duration.'
24 + 'title': 'Recovery and trusted devices',
25 + 'icon': 'shield',
26 + 'content': 'Configure recovery-code count and trusted-device duration according to the organization security policy.'
27 27  },{
28 28   'title': 'Administration overview',
29 29   'icon': 'table',
30 - 'content': 'Review MFA adoption with summary indicators and a filterable Live Data table.'
30 + 'content': 'Review MFA adoption across users with summary indicators and a filterable Live Data table.'
31 31  }])
32 32  
33 33  #set ($userExperienceItems = [{
... ... @@ -35,16 +35,16 @@
35 35   'icon': 'qrcode',
36 36   'content': 'Users configure MFA from their profile by scanning a QR code or entering the setup key manually.'
37 37  },{
38 - 'title': 'Login verification',
38 + 'title': 'Familiar login flow',
39 39   'icon': 'sign-in',
40 - 'content': 'After the normal login, users enter the code generated by their authenticator app.'
40 + 'content': 'After the normal login, users enter the configured verification code before accessing XWiki.'
41 41  },{
42 - 'title': 'Trusted browser option',
43 - 'icon': 'desktop',
44 - 'content': 'Users can trust the current browser for the configured duration after successful verification.'
42 + 'title': 'Profile management',
43 + 'icon': 'user',
44 + 'content': 'Users can review MFA status, manage recovery codes and remove trusted devices from their profile.'
45 45  }])
46 46  
47 -#set ($selfServiceItems = [{
47 +#set ($recoveryItems = [{
48 48   'title': 'Recovery codes',
49 49   'icon': 'life-ring',
50 50   'content': 'Recovery codes provide backup access when a user loses access to the authenticator application.'
... ... @@ -51,25 +51,11 @@
51 51  },{
52 52   'title': 'Trusted devices',
53 53   'icon': 'desktop',
54 - 'content': 'Trusted devices can be reviewed and removed from the user profile.'
54 + 'content': 'Trusted browsers or devices can skip repeated MFA prompts for a configured period.'
55 55  },{
56 - 'title': 'Profile management',
57 - 'icon': 'user',
58 - 'content': 'Users can review MFA status, generate recovery codes, manage trusted devices and reset MFA.'
59 -}])
60 -
61 -#set ($adminSupportItems = [{
62 - 'title': 'User MFA status',
63 - 'icon': 'user',
64 - 'content': 'Administrators can open a user profile and check the MFA status for that account.'
65 -},{
66 - 'title': 'MFA reset',
56 + 'title': 'Administrator reset',
67 67   'icon': 'refresh',
68 - 'content': 'Administrators can reset MFA when a user needs to restart the configuration process.'
69 -},{
70 - 'title': 'Controlled recovery',
71 - 'icon': 'unlock-alt',
72 - 'content': 'Resetting MFA removes the authenticator setup, recovery codes and trusted devices for that user.'
58 + 'content': 'Administrators can reset a user MFA setup when the user needs to restart the configuration process.'
73 73  }])
74 74  
75 75  #set ($rolloutItems = [{
... ... @@ -77,10 +77,10 @@
77 77   'content': 'Test the extension with administrators or a small user group before enabling it widely.'
78 78  },{
79 79   'title': 'Define the MFA policy',
80 - 'content': 'Decide whether MFA should be optional at first or required for all users.'
66 + 'content': 'Decide whether MFA should be optional, required for administrators, or required for all users.'
81 81  },{
82 82   'title': 'Configure recovery options',
83 - 'content': 'Choose the number of recovery codes and whether trusted devices should be allowed.'
69 + 'content': 'Choose whether recovery codes and trusted devices should be enabled.'
84 84  },{
85 85   'title': 'Inform users',
86 86   'content': 'Explain how users configure MFA, save recovery codes and manage trusted devices.'
... ... @@ -102,7 +102,7 @@
102 102  
103 103   <p class="lead">
104 104   Protect XWiki logins with a second verification step using authenticator app codes,
105 - recovery codes and trusted devices.
91 + email verification codes, or both.
106 106   </p>
107 107  
108 108   <div class="hero-actions">
... ... @@ -119,15 +119,15 @@
119 119   <h2 id="overview-title">Two-factor authentication built into XWiki</h2>
120 120  
121 121   <p>
122 - XWiki Two-Factor Authentication adds MFA support to the standard XWiki login flow.
123 - Users continue to sign in with their normal username and password, then confirm access
124 - with a time-based verification code from an authenticator application.
108 + XWiki Two-Factor Authentication adds MFA/2FA support to the standard XWiki login flow.
109 + Users continue to sign in with their normal username and password, then confirm access with
110 + an additional verification method.
125 125   </p>
126 126  
127 127   <p>
128 - The extension is designed for organizations that want stronger access protection for
129 - internal knowledge bases, intranets, documentation platforms, customer portals and other
130 - XWiki-based applications.
114 + The extension supports authenticator app codes, email-delivered verification codes, or a combined
115 + setup where both methods are required. It improves account protection without replacing the familiar
116 + XWiki authentication experience.
131 131   </p>
132 132   </article>
133 133  
... ... @@ -136,11 +136,11 @@
136 136   <ul>
137 137   <li>Works with the standard XWiki login flow</li>
138 138   <li>Supports TOTP authenticator applications</li>
139 - <li>Can require MFA for all users</li>
140 - <li>Includes one-time recovery codes</li>
125 + <li>Supports email-delivered one-time codes</li>
126 + <li>Can require app and email verification together</li>
127 + <li>Includes recovery codes for backup access</li>
141 141   <li>Can remember trusted browsers or devices</li>
142 - <li>Includes user self-service controls</li>
143 - <li>Includes an administration overview</li>
129 + <li>Includes administration and user controls</li>
144 144   </ul>
145 145   </aside>
146 146   </div>
... ... @@ -152,7 +152,7 @@
152 152   <h2 id="capabilities-title">Main capabilities</h2>
153 153  
154 154   <p class="section-intro">
155 - A focused set of MFA features for stronger XWiki account protection without replacing the familiar login experience.
141 + A focused set of MFA/2FA features for stronger XWiki account protection without changing the standard login experience.
156 156   </p>
157 157  
158 158   <div class="product-feature-grid">
... ... @@ -179,14 +179,13 @@
179 179   <h2 id="security-title">Useful for XWiki security and access protection</h2>
180 180  
181 181   <p>
182 - Many organizations use XWiki to store internal documentation, procedures, operational
183 - knowledge and business-critical information. Adding a second authentication factor helps
184 - reduce the risk of account compromise when a password is exposed or reused.
168 + Many organizations need multi-factor authentication for internal tools, knowledge bases,
169 + intranets, documentation platforms and systems containing operational or sensitive information.
185 185   </p>
186 186  
187 187   <p>
188 - The extension is especially useful for protecting administrator accounts, remote users,
189 - private knowledge bases and customer or partner portals.
173 + For XWiki, adding two-factor authentication directly to the standard login flow helps protect
174 + administrator accounts, remote users, private knowledge bases and customer or partner portals.
190 190   </p>
191 191   </article>
192 192  
... ... @@ -207,10 +207,10 @@
207 207  
208 208  <section aria-labelledby="admin-experience-title">
209 209   <div class="container">
210 - <h2 id="admin-experience-title">Administrator configuration and monitoring</h2>
195 + <h2 id="admin-experience-title">Administrator experience</h2>
211 211  
212 212   <p class="section-intro">
213 - Administrators can configure the MFA policy, define recovery options and monitor adoption from the XWiki Administration section.
198 + Administrators can configure the MFA policy, monitor adoption and reset user MFA setups when needed.
214 214   </p>
215 215  
216 216   <div class="product-feature-grid">
... ... @@ -233,7 +233,6 @@
233 233  {{gallery}}
234 234  [[image:mfa-admin-configuration.png]]
235 235  [[image:mfa-admin-overview.png]]
236 -[[image:mfa-admin-full.png]]
237 237  {{/gallery}}
238 238  
239 239  {{html clean="false"}}
... ... @@ -246,10 +246,10 @@
246 246  
247 247  <section class="product-section-muted" aria-labelledby="user-experience-title">
248 248   <div class="container">
249 - <h2 id="user-experience-title">User setup and login verification</h2>
233 + <h2 id="user-experience-title">User experience</h2>
250 250  
251 251   <p class="section-intro">
252 - Users can configure MFA from their profile or during the enforced setup flow, then verify future logins with their authenticator app.
236 + Users can configure MFA from their profile and complete the second verification step during login.
253 253   </p>
254 254  
255 255   <div class="product-feature-grid">
... ... @@ -278,14 +278,14 @@
278 278  {{html clean="false"}}
279 279  
280 280   <p class="product-gallery-caption">
281 - User setup, enforced MFA configuration and login verification screens.
265 + User setup and login verification screens.
282 282   </p>
283 283   </div>
284 284  </section>
285 285  
286 -<section aria-labelledby="self-service-title">
270 +<section aria-labelledby="recovery-title">
287 287   <div class="container">
288 - <h2 id="self-service-title">Recovery codes and trusted devices</h2>
272 + <h2 id="recovery-title">Recovery codes and trusted devices</h2>
289 289  
290 290   <p class="section-intro">
291 291   Recovery codes and trusted devices help balance stronger access protection with a smoother user experience.
... ... @@ -292,7 +292,7 @@
292 292   </p>
293 293  
294 294   <div class="product-feature-grid">
295 - #foreach ($entry in $selfServiceItems)
279 + #foreach ($entry in $recoveryItems)
296 296   <article class="product-feature">
297 297   <div class="card-heading">
298 298   <div class="feature-icon">
... ... @@ -309,47 +309,9 @@
309 309  {{/html}}
310 310  
311 311  {{gallery}}
312 -[[image:mfa-user-profile-overview.png]]
313 -[[image:mfa-recovery-codes-not-generated.png]]
314 -[[image:mfa-recovery-codes-generated.png]]
296 +[[image:mfa-recovery-codes.png]]
315 315  [[image:mfa-trusted-devices.png]]
316 -[[image:mfa-user-profile-full.png]]
317 -{{/gallery}}
318 -
319 -{{html clean="false"}}
320 -
321 - <p class="product-gallery-caption">
322 - User profile screens for recovery codes, trusted devices and MFA self-service management.
323 - </p>
324 - </div>
325 -</section>
326 -
327 -<section class="product-section-muted" aria-labelledby="admin-support-title">
328 - <div class="container">
329 - <h2 id="admin-support-title">Administrator support and user recovery</h2>
330 -
331 - <p class="section-intro">
332 - Administrators can help users recover from lost devices or restart MFA setup when needed.
333 - </p>
334 -
335 - <div class="product-feature-grid">
336 - #foreach ($entry in $adminSupportItems)
337 - <article class="product-feature">
338 - <div class="card-heading">
339 - <div class="feature-icon">
340 - <i class="fa fa-$entry.icon" aria-hidden="true"></i>
341 - </div>
342 - <h3>$entry.title</h3>
343 - </div>
344 -
345 - <p>$entry.content</p>
346 - </article>
347 - #end
348 - </div>
349 -
350 -{{/html}}
351 -
352 -{{gallery}}
298 +[[image:mfa-user-profile-overview.png]]
353 353  [[image:mfa-admin-user-management.png]]
354 354  {{/gallery}}
355 355  
... ... @@ -356,12 +356,12 @@
356 356  {{html clean="false"}}
357 357  
358 358   <p class="product-gallery-caption">
359 - Administrator view for checking and resetting a user MFA setup.
305 + Recovery codes, trusted devices and user profile management.
360 360   </p>
361 361   </div>
362 362  </section>
363 363  
364 -<section aria-labelledby="rollout-title">
310 +<section class="product-section-muted" aria-labelledby="rollout-title">
365 365   <div class="container">
366 366   <div class="product-layout">
367 367   <article class="product-summary-card">
mfa-admin-user-management.png
Author
... ... @@ -1,1 +1,0 @@
1 -XWiki.Admin
Size
... ... @@ -1,1 +1,0 @@
1 -26.9 KB
Content
mfa-recovery-codes-generated.png
Author
... ... @@ -1,1 +1,0 @@
1 -XWiki.Admin
Size
... ... @@ -1,1 +1,0 @@
1 -38.5 KB
Content
mfa-recovery-codes-not-generated.png
Author
... ... @@ -1,1 +1,0 @@
1 -XWiki.Admin
Size
... ... @@ -1,1 +1,0 @@
1 -27.0 KB
Content
mfa-trusted-devices.png
Author
... ... @@ -1,1 +1,0 @@
1 -XWiki.Admin
Size
... ... @@ -1,1 +1,0 @@
1 -59.1 KB
Content
mfa-user-profile-full.png
Author
... ... @@ -1,1 +1,0 @@
1 -XWiki.Admin
Size
... ... @@ -1,1 +1,0 @@
1 -197.5 KB
Content