Changes for page XWiki Two-Factor Authentication

Last modified by Agnease on 2026/06/24 16:39

Manage
- Copy
Actions
- Export
- Print Preview
Viewers
- Source
- Siblings
- Content
- Comments
- Attachments (13)
- History
- Information
- Likes

From 22.4 to 22.3 From 23.3 to 23.2

From version 23.2

edited by Agnease
on 2026/06/24 15:45

Change comment: There is no comment for this version

To version 22.4

edited by Agnease
on 2026/06/24 15:15

Change comment: There is no comment for this version

Raw
Rendered

Summary

Page properties (1 modified, 0 added, 0 removed)

Details

Page properties

Content

@@ -3,90 +3,90 @@
  #set ($discard = $xwiki.ssx.use('products.WebHome'))
  #set ($mainCapabilityItems = [{
--  'title': 'Second verification step',
--  'icon': 'key',
--  'content': 'Add an additional verification screen after the normal XWiki username and password login.'
++'title': 'Second verification step',
++'icon': 'key',
++'content': 'Add an additional verification screen after the normal XWiki username and password login.'
  },{
--  'title': 'Authenticator app codes',
--  'icon': 'mobile',
--  'content': 'Let users verify access with time-based TOTP codes generated by authenticator applications.'
++'title': 'Authenticator app codes',
++'icon': 'mobile',
++'content': 'Let users verify access with time-based TOTP codes generated by authenticator applications.'
  },{
--  'title': 'Recovery and trusted devices',
--  'icon': 'shield',
--  'content': 'Provide backup access with recovery codes and reduce repeated prompts on trusted browsers.'
++'title': 'Recovery and trusted devices',
++'icon': 'shield',
++'content': 'Provide backup access with recovery codes and reduce repeated prompts on trusted browsers.'
  }])
  #set ($adminExperienceItems = [{
--  'title': 'MFA policy',
--  'icon': 'cog',
--  'content': 'Make MFA optional or required for all users from the XWiki Administration section.'
++'title': 'MFA policy',
++'icon': 'cog',
++'content': 'Make MFA optional or required for all users from the XWiki Administration section.'
  },{
--  'title': 'Configuration options',
--  'icon': 'sliders',
--  'content': 'Set the authenticator issuer name, recovery-code count and trusted-device duration.'
++'title': 'Configuration options',
++'icon': 'sliders',
++'content': 'Set the authenticator issuer name, recovery-code count and trusted-device duration.'
  },{
--  'title': 'Administration overview',
--  'icon': 'table',
--  'content': 'Review MFA adoption with summary indicators and a filterable Live Data table.'
++'title': 'Administration overview',
++'icon': 'table',
++'content': 'Review MFA adoption with summary indicators and a filterable Live Data table.'
  }])
  #set ($userExperienceItems = [{
--  'title': 'Self-service setup',
--  'icon': 'qrcode',
--  'content': 'Users configure MFA from their profile by scanning a QR code or entering the setup key manually.'
++'title': 'Self-service setup',
++'icon': 'qrcode',
++'content': 'Users configure MFA from their profile by scanning a QR code or entering the setup key manually.'
  },{
--  'title': 'Login verification',
--  'icon': 'sign-in',
--  'content': 'After the normal login, users enter the code generated by their authenticator app.'
++'title': 'Login verification',
++'icon': 'sign-in',
++'content': 'After the normal login, users enter the code generated by their authenticator app.'
  },{
--  'title': 'Trusted browser option',
--  'icon': 'desktop',
--  'content': 'Users can trust the current browser for the configured duration after successful verification.'
++'title': 'Trusted browser option',
++'icon': 'desktop',
++'content': 'Users can trust the current browser for the configured duration after successful verification.'
  }])
  #set ($selfServiceItems = [{
--  'title': 'Recovery codes',
--  'icon': 'life-ring',
--  'content': 'Recovery codes provide backup access when a user loses access to the authenticator application.'
++'title': 'Recovery codes',
++'icon': 'life-ring',
++'content': 'Recovery codes provide backup access when a user loses access to the authenticator application.'
  },{
--  'title': 'Trusted devices',
--  'icon': 'desktop',
--  'content': 'Trusted devices can be reviewed and removed from the user profile.'
++'title': 'Trusted devices',
++'icon': 'desktop',
++'content': 'Trusted devices can be reviewed and removed from the user profile.'
  },{
--  'title': 'Profile management',
--  'icon': 'user',
--  'content': 'Users can review MFA status, generate recovery codes, manage trusted devices and reset MFA.'
++'title': 'Profile management',
++'icon': 'user',
++'content': 'Users can review MFA status, generate recovery codes, manage trusted devices and reset MFA.'
  }])
  #set ($adminSupportItems = [{
--  'title': 'User MFA status',
--  'icon': 'user',
--  'content': 'Administrators can open a user profile and check the MFA status for that account.'
++'title': 'User MFA status',
++'icon': 'user',
++'content': 'Administrators can open a user profile and check the MFA status for that account.'
  },{
--  'title': 'MFA reset',
--  'icon': 'refresh',
--  'content': 'Administrators can reset MFA when a user needs to restart the configuration process.'
++'title': 'MFA reset',
++'icon': 'refresh',
++'content': 'Administrators can reset MFA when a user needs to restart the configuration process.'
  },{
--  'title': 'Controlled recovery',
--  'icon': 'unlock-alt',
--  'content': 'Resetting MFA removes the authenticator setup, recovery codes and trusted devices for that user.'
++'title': 'Controlled recovery',
++'icon': 'unlock-alt',
++'content': 'Resetting MFA removes the authenticator setup, recovery codes and trusted devices for that user.'
  }])
  #set ($rolloutItems = [{
--  'title': 'Start with a pilot group',
--  'content': 'Test the extension with administrators or a small user group before enabling it widely.'
++'title': 'Start with a pilot group',
++'content': 'Test the extension with administrators or a small user group before enabling it widely.'
  },{
--  'title': 'Define the MFA policy',
--  'content': 'Decide whether MFA should be optional at first or required for all users.'
++'title': 'Define the MFA policy',
++'content': 'Decide whether MFA should be optional at first or required for all users.'
  },{
--  'title': 'Configure recovery options',
--  'content': 'Choose the number of recovery codes and whether trusted devices should be allowed.'
++'title': 'Configure recovery options',
++'content': 'Choose the number of recovery codes and whether trusted devices should be allowed.'
  },{
--  'title': 'Inform users',
--  'content': 'Explain how users configure MFA, save recovery codes and manage trusted devices.'
++'title': 'Inform users',
++'content': 'Explain how users configure MFA, save recovery codes and manage trusted devices.'
  },{
--  'title': 'Monitor adoption',
--  'content': 'Use the administration overview to identify users who still need to configure MFA.'
++'title': 'Monitor adoption',
++'content': 'Use the administration overview to identify users who still need to configure MFA.'
  }])
  {{html clean="false"}}
@@ -98,17 +98,20 @@
        XWiki 2FA and MFA
      </div>
--    <h1 id="product-title">XWiki Two-Factor Authentication</h1>
++```
++<h1 id="product-title">XWiki Two-Factor Authentication</h1>
--    <p class="lead">
--      Protect XWiki logins with a second verification step using authenticator app codes,
--      recovery codes and trusted devices.
--    </p>
++<p class="lead">
++  Protect XWiki logins with a second verification step using authenticator app codes,
++  recovery codes and trusted devices.
++</p>
--    <div class="hero-actions">
--      <a class="btn btn-primary" href="$xwiki.getURL('contact.WebHome')">Ask about this extension</a>
--      <a class="btn btn-secondary" href="$xwiki.getURL('products.WebHome')">View all products</a>
--    </div>
++<div class="hero-actions">
++  <a class="btn btn-primary" href="$xwiki.getURL('contact.WebHome')">Ask about this extension</a>
++  <a class="btn btn-secondary" href="$xwiki.getURL('products.WebHome')">View all products</a>
++</div>
++```
++
    </div>
  </section>
@@ -118,32 +118,35 @@
        <article class="product-summary-card">
          <h2 id="overview-title">Two-factor authentication built into XWiki</h2>
--        <p>
--          XWiki Two-Factor Authentication adds MFA support to the standard XWiki login flow.
--          Users continue to sign in with their normal username and password, then confirm access
--          with a time-based verification code from an authenticator application.
--        </p>
++```
++    <p>
++      XWiki Two-Factor Authentication adds MFA support to the standard XWiki login flow.
++      Users continue to sign in with their normal username and password, then confirm access
++      with a time-based verification code from an authenticator application.
++    </p>
--        <p>
--          The extension is designed for organizations that want stronger access protection for
--          internal knowledge bases, intranets, documentation platforms, customer portals and other
--          XWiki-based applications.
--        </p>
--      </article>
++    <p>
++      The extension is designed for organizations that want stronger access protection for
++      internal knowledge bases, intranets, documentation platforms, customer portals and other
++      XWiki-based applications.
++    </p>
++  </article>
--      <aside class="product-info-card" aria-labelledby="quick-facts-title">
--        <h3 id="quick-facts-title">Quick facts</h3>
--        <ul>
--          <li>Works with the standard XWiki login flow</li>
--          <li>Supports TOTP authenticator applications</li>
--          <li>Can require MFA for all users</li>
--          <li>Includes one-time recovery codes</li>
--          <li>Can remember trusted browsers or devices</li>
--          <li>Includes user self-service controls</li>
--          <li>Includes an administration overview</li>
--        </ul>
--      </aside>
--    </div>
++  <aside class="product-info-card" aria-labelledby="quick-facts-title">
++    <h3 id="quick-facts-title">Quick facts</h3>
++    <ul>
++      <li>Works with the standard XWiki login flow</li>
++      <li>Supports TOTP authenticator applications</li>
++      <li>Can require MFA for all users</li>
++      <li>Includes one-time recovery codes</li>
++      <li>Can remember trusted browsers or devices</li>
++      <li>Includes user self-service controls</li>
++      <li>Includes an administration overview</li>
++    </ul>
++  </aside>
++</div>
++```
++
    </div>
  </section>
@@ -151,24 +151,27 @@
    <div class="container">
      <h2 id="capabilities-title">Main capabilities</h2>
--    <p class="section-intro">
--      A focused set of MFA features for stronger XWiki account protection without replacing the familiar login experience.
--    </p>
++```
++<p class="section-intro">
++  A focused set of MFA features for stronger XWiki account protection without replacing the familiar login experience.
++</p>
--    <div class="product-feature-grid">
--      #foreach ($entry in $mainCapabilityItems)
--        <article class="product-feature">
--          <div class="card-heading">
--            <div class="feature-icon">
--              <i class="fa fa-$entry.icon" aria-hidden="true"></i>
--            </div>
--            <h3>$entry.title</h3>
--          </div>
++<div class="product-feature-grid">
++  #foreach ($entry in $mainCapabilityItems)
++    <article class="product-feature">
++      <div class="card-heading">
++        <div class="feature-icon">
++          <i class="fa fa-$entry.icon" aria-hidden="true"></i>
++        </div>
++        <h3>$entry.title</h3>
++      </div>
--          <p>$entry.content</p>
--        </article>
--      #end
--    </div>
++      <p>$entry.content</p>
++    </article>
++  #end
++</div>
++```
++
    </div>
  </section>
@@ -178,30 +178,33 @@
        <article class="product-summary-card">
          <h2 id="security-title">Useful for XWiki security and access protection</h2>
--        <p>
--          Many organizations use XWiki to store internal documentation, procedures, operational
--          knowledge and business-critical information. Adding a second authentication factor helps
--          reduce the risk of account compromise when a password is exposed or reused.
--        </p>
++```
++    <p>
++      Many organizations use XWiki to store internal documentation, procedures, operational
++      knowledge and business-critical information. Adding a second authentication factor helps
++      reduce the risk of account compromise when a password is exposed or reused.
++    </p>
--        <p>
--          The extension is especially useful for protecting administrator accounts, remote users,
--          private knowledge bases and customer or partner portals.
--        </p>
--      </article>
++    <p>
++      The extension is especially useful for protecting administrator accounts, remote users,
++      private knowledge bases and customer or partner portals.
++    </p>
++  </article>
--      <aside class="product-info-card" aria-labelledby="use-cases-title">
--        <h3 id="use-cases-title">Typical use cases</h3>
--        <ul>
--          <li>Administrator account protection</li>
--          <li>Internal knowledge base security</li>
--          <li>Private documentation platforms</li>
--          <li>Remote user access protection</li>
--          <li>Customer or partner portals</li>
--          <li>Security review and compliance readiness initiatives</li>
--        </ul>
--      </aside>
--    </div>
++  <aside class="product-info-card" aria-labelledby="use-cases-title">
++    <h3 id="use-cases-title">Typical use cases</h3>
++    <ul>
++      <li>Administrator account protection</li>
++      <li>Internal knowledge base security</li>
++      <li>Private documentation platforms</li>
++      <li>Remote user access protection</li>
++      <li>Customer or partner portals</li>
++      <li>Security review and NIS 2 readiness initiatives</li>
++    </ul>
++  </aside>
++</div>
++```
++
    </div>
  </section>
@@ -209,24 +209,26 @@
    <div class="container">
      <h2 id="admin-experience-title">Administrator configuration and monitoring</h2>
--    <p class="section-intro">
--      Administrators can configure the MFA policy, define recovery options and monitor adoption from the XWiki Administration section.
--    </p>
++```
++<p class="section-intro">
++  Administrators can configure the MFA policy, define recovery options and monitor adoption from the XWiki Administration section.
++</p>
--    <div class="product-feature-grid">
--      #foreach ($entry in $adminExperienceItems)
--        <article class="product-feature">
--          <div class="card-heading">
--            <div class="feature-icon">
--              <i class="fa fa-$entry.icon" aria-hidden="true"></i>
--            </div>
--            <h3>$entry.title</h3>
--          </div>
++<div class="product-feature-grid">
++  #foreach ($entry in $adminExperienceItems)
++    <article class="product-feature">
++      <div class="card-heading">
++        <div class="feature-icon">
++          <i class="fa fa-$entry.icon" aria-hidden="true"></i>
++        </div>
++        <h3>$entry.title</h3>
++      </div>
--          <p>$entry.content</p>
--        </article>
--      #end
--    </div>
++      <p>$entry.content</p>
++    </article>
++  #end
++</div>
++```
  {{/html}}
@@ -238,9 +238,12 @@
  {{html clean="false"}}
--    <p class="product-gallery-caption">
--      Administration screens for configuring MFA and reviewing MFA adoption across users.
--    </p>
++```
++<p class="product-gallery-caption">
++  Administration screens for configuring MFA and reviewing MFA adoption across users.
++</p>
++```
++
    </div>
  </section>
@@ -248,24 +248,26 @@
    <div class="container">
      <h2 id="user-experience-title">User setup and login verification</h2>
--    <p class="section-intro">
--      Users can configure MFA from their profile or during the enforced setup flow, then verify future logins with their authenticator app.
--    </p>
++```
++<p class="section-intro">
++  Users can configure MFA from their profile or during the enforced setup flow, then verify future logins with their authenticator app.
++</p>
--    <div class="product-feature-grid">
--      #foreach ($entry in $userExperienceItems)
--        <article class="product-feature">
--          <div class="card-heading">
--            <div class="feature-icon">
--              <i class="fa fa-$entry.icon" aria-hidden="true"></i>
--            </div>
--            <h3>$entry.title</h3>
--          </div>
++<div class="product-feature-grid">
++  #foreach ($entry in $userExperienceItems)
++    <article class="product-feature">
++      <div class="card-heading">
++        <div class="feature-icon">
++          <i class="fa fa-$entry.icon" aria-hidden="true"></i>
++        </div>
++        <h3>$entry.title</h3>
++      </div>
--          <p>$entry.content</p>
--        </article>
--      #end
--    </div>
++      <p>$entry.content</p>
++    </article>
++  #end
++</div>
++```
  {{/html}}
@@ -277,9 +277,12 @@
  {{html clean="false"}}
--    <p class="product-gallery-caption">
--      User setup, enforced MFA configuration and login verification screens.
--    </p>
++```
++<p class="product-gallery-caption">
++  User setup, enforced MFA configuration and login verification screens.
++</p>
++```
++
    </div>
  </section>
@@ -287,24 +287,26 @@
    <div class="container">
      <h2 id="self-service-title">Recovery codes and trusted devices</h2>
--    <p class="section-intro">
--      Recovery codes and trusted devices help balance stronger access protection with a smoother user experience.
--    </p>
++```
++<p class="section-intro">
++  Recovery codes and trusted devices help balance stronger access protection with a smoother user experience.
++</p>
--    <div class="product-feature-grid">
--      #foreach ($entry in $selfServiceItems)
--        <article class="product-feature">
--          <div class="card-heading">
--            <div class="feature-icon">
--              <i class="fa fa-$entry.icon" aria-hidden="true"></i>
--            </div>
--            <h3>$entry.title</h3>
--          </div>
++<div class="product-feature-grid">
++  #foreach ($entry in $selfServiceItems)
++    <article class="product-feature">
++      <div class="card-heading">
++        <div class="feature-icon">
++          <i class="fa fa-$entry.icon" aria-hidden="true"></i>
++        </div>
++        <h3>$entry.title</h3>
++      </div>
--          <p>$entry.content</p>
--        </article>
--      #end
--    </div>
++      <p>$entry.content</p>
++    </article>
++  #end
++</div>
++```
  {{/html}}
@@ -318,9 +318,12 @@
  {{html clean="false"}}
--    <p class="product-gallery-caption">
--      User profile screens for recovery codes, trusted devices and MFA self-service management.
--    </p>
++```
++<p class="product-gallery-caption">
++  User profile screens for recovery codes, trusted devices and MFA self-service management.
++</p>
++```
++
    </div>
  </section>
@@ -328,24 +328,26 @@
    <div class="container">
      <h2 id="admin-support-title">Administrator support and user recovery</h2>
--    <p class="section-intro">
--      Administrators can help users recover from lost devices or restart MFA setup when needed.
--    </p>
++```
++<p class="section-intro">
++  Administrators can help users recover from lost devices or restart MFA setup when needed.
++</p>
--    <div class="product-feature-grid">
--      #foreach ($entry in $adminSupportItems)
--        <article class="product-feature">
--          <div class="card-heading">
--            <div class="feature-icon">
--              <i class="fa fa-$entry.icon" aria-hidden="true"></i>
--            </div>
--            <h3>$entry.title</h3>
--          </div>
++<div class="product-feature-grid">
++  #foreach ($entry in $adminSupportItems)
++    <article class="product-feature">
++      <div class="card-heading">
++        <div class="feature-icon">
++          <i class="fa fa-$entry.icon" aria-hidden="true"></i>
++        </div>
++        <h3>$entry.title</h3>
++      </div>
--          <p>$entry.content</p>
--        </article>
--      #end
--    </div>
++      <p>$entry.content</p>
++    </article>
++  #end
++</div>
++```
  {{/html}}
@@ -355,9 +355,12 @@
  {{html clean="false"}}
--    <p class="product-gallery-caption">
--      Administrator view for checking and resetting a user MFA setup.
--    </p>
++```
++<p class="product-gallery-caption">
++  Administrator view for checking and resetting a user MFA setup.
++</p>
++```
++
    </div>
  </section>
@@ -367,39 +367,42 @@
        <article class="product-summary-card">
          <h2 id="rollout-title">Rollout recommendations</h2>
--        <p>
--          For a smooth rollout, start with a small administrator or pilot group before requiring MFA for everyone.
--          This helps validate the configuration, prepare user communication and reduce support issues.
--        </p>
++```
++    <p>
++      For a smooth rollout, start with a small administrator or pilot group before requiring MFA for everyone.
++      This helps validate the configuration, prepare user communication and reduce support issues.
++    </p>
--        <ol class="process-list">
--          #foreach ($entry in $rolloutItems)
--            <li>
--              <strong>$entry.title</strong>
--              $entry.content
--            </li>
--          #end
--        </ol>
--      </article>
++    <ol class="process-list">
++      #foreach ($entry in $rolloutItems)
++        <li>
++          <strong>$entry.title</strong>
++          $entry.content
++        </li>
++      #end
++    </ol>
++  </article>
--      <aside class="product-info-card" aria-labelledby="planning-title">
--        <h3 id="planning-title">Useful information before installation</h3>
++  <aside class="product-info-card" aria-labelledby="planning-title">
++    <h3 id="planning-title">Useful information before installation</h3>
--        <p class="product-card-note">
--          These details help evaluate compatibility, rollout scope and configuration options.
--        </p>
++    <p class="product-card-note">
++      These details help evaluate compatibility, rollout scope and configuration options.
++    </p>
--        <ul>
--          <li>XWiki version</li>
--          <li>Single wiki or wiki farm with subwikis</li>
--          <li>Current authentication setup</li>
--          <li>Optional or globally required MFA policy</li>
--          <li>Trusted-device policy</li>
--          <li>Recovery-code policy</li>
--          <li>Rollout communication needs</li>
--        </ul>
--      </aside>
--    </div>
++    <ul>
++      <li>XWiki version</li>
++      <li>Single wiki or wiki farm with subwikis</li>
++      <li>Current authentication setup</li>
++      <li>Optional or globally required MFA policy</li>
++      <li>Trusted-device policy</li>
++      <li>Recovery-code policy</li>
++      <li>Rollout communication needs</li>
++    </ul>
++  </aside>
++</div>
++```
++
    </div>
  </section>
@@ -408,12 +408,15 @@
      <div class="cta-panel">
        <h2 id="cta-title">Interested in using this extension?</h2>
--      <p>
--        Send a short message with your XWiki version, current authentication setup and MFA rollout goal.
--      </p>
++```
++  <p>
++    Send a short message with your XWiki version, current authentication setup and MFA rollout goal.
++  </p>
--      <a class="btn btn-primary" href="$xwiki.getURL('contact.WebHome')">Contact Agnease</a>
--    </div>
++  <a class="btn btn-primary" href="$xwiki.getURL('contact.WebHome')">Contact Agnease</a>
++</div>
++```
++
    </div>
  </section>