Skip to Content
Last modified by Agnease on 2026/05/23 18:56
From version 1.11
edited by Agnease
on 2026/05/22 03:28
Change comment: There is no comment for this version
To version 1.14
edited by Agnease
on 2026/05/22 03:43
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -17,8 +17,8 @@
17 17   </p>
18 18  
19 19   <p class="hero-support">
20 - This extension protects XWiki accounts with an additional verification step after the standard username and password login.
21 - Users can verify access with an authenticator app code or an email-delivered code, while XWiki keeps its familiar login experience.
20 + This XWiki MFA / 2FA extension adds an additional verification step after the standard username and password login.
21 + Users can verify access with authenticator app codes, email-delivered one-time codes, or a combined setup requiring both methods.
22 22   </p>
23 23  
24 24   <div class="hero-actions">
... ... @@ -35,20 +35,21 @@
35 35   <h2 id="overview-title">Stronger login protection for XWiki</h2>
36 36  
37 37   <p>
38 - The XWiki Two-Factor Authentication extension adds an additional verification screen after the standard
39 - username and password login. Users confirm their identity with a time-based one-time code generated by an
40 - authenticator app, or with a verification code delivered by email.
38 + The XWiki MFA / Two-Factor Authentication extension adds additional verification after the standard
39 + XWiki username and password login. It strengthens account protection without replacing the familiar
40 + XWiki authentication flow.
41 41   </p>
42 42  
43 43   <p>
44 - The extension is designed for organizations that want to improve account security while keeping authentication
45 - close to the standard XWiki login experience. It also supports remembering trusted clients beyond the current
46 - session, so users are not forced to enter a second factor again on every login from the same trusted browser.
44 + The extension supports authenticator app codes using TOTP, email-delivered one-time verification codes,
45 + and stricter configurations where both verification methods are required. This allows organizations to
46 + choose between a simpler 2FA setup or a stronger multi-step MFA policy.
47 47   </p>
48 48  
49 49   <p>
50 - It can be useful for internal knowledge bases, intranets, documentation platforms, SOP systems, or other
51 - XWiki environments where access to content and administration should be better protected.
50 + Trusted clients can also be remembered for a configured period. In practice, this means that a known
51 + browser or device can avoid repeated MFA prompts, while new or untrusted clients still require the
52 + configured verification steps.
52 52   </p>
53 53   </article>
54 54  
... ... @@ -56,12 +56,11 @@
56 56   <h3 id="quick-facts-title">Quick facts</h3>
57 57   <ul>
58 58   <li>Works with the standard XWiki login flow</li>
59 - <li>Supports authenticator app verification codes</li>
60 - <li>Supports email-delivered verification codes</li>
61 - <li>Can remember trusted clients beyond the current session</li>
62 - <li>Configuration available from wiki administration</li>
63 - <li>User setup available during login or from the user profile</li>
64 - <li>Administrators can enable, disable or reset MFA for users</li>
60 + <li>Supports authenticator app codes using TOTP</li>
61 + <li>Supports email-delivered one-time verification codes</li>
62 + <li>Can require app code and email code together for stricter MFA</li>
63 + <li>Can remember trusted browsers or devices beyond the current session</li>
64 + <li>Includes wiki administration and user profile controls</li>
65 65   <li>Can be used on the main wiki and subwikis</li>
66 66   </ul>
67 67   </aside>
... ... @@ -95,7 +95,7 @@
95 95   </div>
96 96   <h3>Authenticator app codes</h3>
97 97   <p>
98 - Users can verify access with codes generated by authenticator applications, such as mobile TOTP apps.
98 + Users can verify access with TOTP codes generated by authenticator applications on a mobile device or desktop.
99 99   </p>
100 100   </article>
101 101  
... ... @@ -105,12 +105,22 @@
105 105   </div>
106 106   <h3>Email verification codes</h3>
107 107   <p>
108 - Users can also receive a verification code by email, useful when an authenticator app is not available.
108 + Users can receive one-time verification codes by email, useful when an authenticator app is not available or preferred.
109 109   </p>
110 110   </article>
111 111  
112 112   <article class="product-feature">
113 113   <div class="feature-icon">
114 + <i class="fa fa-plus-circle" aria-hidden="true"></i>
115 + </div>
116 + <h3>Combined verification</h3>
117 + <p>
118 + The extension can also require both an authenticator app code and an email code for stricter multi-factor verification.
119 + </p>
120 + </article>
121 +
122 + <article class="product-feature">
123 + <div class="feature-icon">
114 114   <i class="fa fa-qrcode" aria-hidden="true"></i>
115 115   </div>
116 116   <h3>User setup screen</h3>
... ... @@ -121,22 +121,21 @@
121 121  
122 122   <article class="product-feature">
123 123   <div class="feature-icon">
124 - <i class="fa fa-clock-o" aria-hidden="true"></i>
134 + <i class="fa fa-laptop" aria-hidden="true"></i>
125 125   </div>
126 126   <h3>Remember trusted clients</h3>
127 127   <p>
128 - Trusted browsers can be remembered beyond the current session, reducing repeated MFA prompts while keeping
129 - the second factor active for new or untrusted clients.
138 + Known browsers or devices can be remembered for a configured period, reducing repeated MFA prompts from trusted clients.
130 130   </p>
131 131   </article>
132 132  
133 - <article class="product-feature">
142 + article class="product-feature">
134 134   <div class="feature-icon">
135 135   <i class="fa fa-sliders" aria-hidden="true"></i>
136 136   </div>
137 137   <h3>Administration controls</h3>
138 138   <p>
139 - Administrators can enable the feature globally, manage user-level activation, and reset a user setup when required.
148 + Administrators can configure MFA behavior, manage user activation, and reset user setup when required.
140 140   </p>
141 141   </article>
142 142  
... ... @@ -217,18 +217,22 @@
217 217   <h2 id="compliance-title">Useful for MFA adoption and NIS 2 readiness</h2>
218 218  
219 219   <p>
220 - Many organizations now need multi-factor authentication for enterprise software, especially when the
221 - platform contains internal documentation, procedures, operational knowledge or sensitive business data.
229 + Many organizations now need multi-factor authentication for enterprise software, including internal
230 + knowledge bases, documentation platforms, intranets and systems that contain operational procedures
231 + or sensitive business information.
222 222   </p>
223 223  
224 224   <p>
225 - For organizations using XWiki as a knowledge platform, having MFA embedded in the standard XWiki login
226 - experience helps close a practical security gap without requiring a full replacement of the authentication flow.
235 + For organizations using XWiki, adding MFA directly to the standard XWiki login flow can help close a
236 + practical access-control gap. The extension can support simple 2FA with one additional verification method,
237 + or a stricter MFA setup where both authenticator app and email verification are required.
227 227   </p>
228 228  
229 229   <p>
230 - This can be relevant for companies preparing for NIS 2 requirements, where MFA is part of a broader
231 - cybersecurity risk management and access protection strategy.
241 + This can be relevant for organizations preparing for NIS 2, where multi-factor authentication or
242 + continuous authentication is part of cybersecurity risk-management measures, where appropriate.
243 + MFA support in XWiki is only one part of a broader compliance and security program, but it can be an
244 + important technical control for protecting access to the wiki.
232 232   </p>
233 233   </article>
234 234