Skip to Content
Last modified by Agnease on 2026/05/23 18:56
From version 1.2
edited by Agnease
on 2026/05/12 19:53
Change comment: There is no comment for this version
To version 1.13
edited by Agnease
on 2026/05/22 03:37
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -5,7 +5,7 @@
5 5  
6 6  <section class="hero hero-centered product-hero" aria-labelledby="product-title">
7 7   <div class="container hero-inner">
8 - <div class="product-kicker">
8 + <div class="hero-kicker">
9 9   <i class="fa fa-lock" aria-hidden="true"></i>
10 10   XWiki security extension
11 11   </div>
... ... @@ -17,8 +17,8 @@
17 17   </p>
18 18  
19 19   <p class="hero-support">
20 - This extension protects XWiki accounts with time-based one-time verification codes while keeping the familiar
21 - XWiki username and password authentication as the first login step.
20 + This XWiki MFA / 2FA extension adds an additional verification step after the standard username and password login.
21 + Users can verify access with authenticator app codes, email-delivered one-time codes, or a combined setup requiring both methods.
22 22   </p>
23 23  
24 24   <div class="hero-actions">
... ... @@ -35,19 +35,21 @@
35 35   <h2 id="overview-title">Stronger login protection for XWiki</h2>
36 36  
37 37   <p>
38 - The XWiki Two-Factor Authentication extension adds an additional verification screen after the standard
39 - username and password login. Users confirm their identity with a time-based one-time code before accessing
40 - the wiki.
38 + The XWiki MFA / Two-Factor Authentication extension adds additional verification after the standard
39 + XWiki username and password login. It strengthens account protection without replacing the familiar
40 + XWiki authentication flow.
41 41   </p>
42 42  
43 43   <p>
44 - The extension is designed for organizations that want to improve account security while keeping authentication
45 - close to the standard XWiki login experience.
44 + The extension supports authenticator app codes using TOTP, email-delivered one-time verification codes,
45 + and stricter configurations where both verification methods are required. This allows organizations to
46 + choose between a simpler 2FA setup or a stronger multi-step MFA policy.
46 46   </p>
47 47  
48 48   <p>
49 - It can be useful for internal knowledge bases, intranets, documentation platforms, SOP systems, or other
50 - XWiki environments where access to content and administration should be better protected.
50 + Trusted clients can also be remembered for a configured period. In practice, this means that a known
51 + browser or device can avoid repeated MFA prompts, while new or untrusted clients still require the
52 + configured verification steps.
51 51   </p>
52 52   </article>
53 53  
... ... @@ -55,7 +55,9 @@
55 55   <h3 id="quick-facts-title">Quick facts</h3>
56 56   <ul>
57 57   <li>Works with the standard XWiki login flow</li>
58 - <li>Adds a second TOTP verification step</li>
60 + <li>Supports authenticator app verification codes</li>
61 + <li>Supports email-delivered verification codes</li>
62 + <li>Can remember trusted clients beyond the current session</li>
59 59   <li>Configuration available from wiki administration</li>
60 60   <li>User setup available during login or from the user profile</li>
61 61   <li>Administrators can enable, disable or reset MFA for users</li>
... ... @@ -81,12 +81,33 @@
81 81   </div>
82 82   <h3>Second login step</h3>
83 83   <p>
84 - After the username and password are verified, users are asked to enter a time-based verification code.
88 + After the username and password are verified, users are asked to enter an additional verification code
89 + before accessing the wiki.
85 85   </p>
86 86   </article>
87 87  
88 88   <article class="product-feature">
89 89   <div class="feature-icon">
95 + <i class="fa fa-mobile" aria-hidden="true"></i>
96 + </div>
97 + <h3>Authenticator app codes</h3>
98 + <p>
99 + Users can verify access with codes generated by authenticator applications, such as mobile TOTP apps.
100 + </p>
101 + </article>
102 +
103 + <article class="product-feature">
104 + <div class="feature-icon">
105 + <i class="fa fa-envelope-o" aria-hidden="true"></i>
106 + </div>
107 + <h3>Email verification codes</h3>
108 + <p>
109 + Users can also receive a verification code by email, useful when an authenticator app is not available.
110 + </p>
111 + </article>
112 +
113 + <article class="product-feature">
114 + <div class="feature-icon">
90 90   <i class="fa fa-qrcode" aria-hidden="true"></i>
91 91   </div>
92 92   <h3>User setup screen</h3>
... ... @@ -97,6 +97,17 @@
97 97  
98 98   <article class="product-feature">
99 99   <div class="feature-icon">
125 + <i class="fa fa-clock-o" aria-hidden="true"></i>
126 + </div>
127 + <h3>Remember trusted clients</h3>
128 + <p>
129 + Trusted browsers can be remembered beyond the current session, reducing repeated MFA prompts while keeping
130 + the second factor active for new or untrusted clients.
131 + </p>
132 + </article>
133 +
134 + <article class="product-feature">
135 + <div class="feature-icon">
100 100   <i class="fa fa-sliders" aria-hidden="true"></i>
101 101   </div>
102 102   <h3>Administration controls</h3>
... ... @@ -150,6 +150,12 @@
150 150   </p>
151 151  
152 152   <p>
189 + It can also support organizations that need MFA as part of their cybersecurity controls, including companies
190 + working toward NIS 2 readiness. NIS 2 focuses on stronger cybersecurity risk management across essential and
191 + important entities in the EU, and MFA is often expected as part of enterprise access protection programs.
192 + </p>
193 +
194 + <p>
153 153   It is also useful when many users access the wiki remotely, when administrator accounts need stronger protection,
154 154   or when the organization wants to reduce the risk of compromised passwords.
155 155   </p>
... ... @@ -169,6 +169,43 @@
169 169   </div>
170 170  </section>
171 171  
214 +<section class="product-section-muted" aria-labelledby="compliance-title">
215 + <div class="container">
216 + <div class="product-layout">
217 + <article class="product-summary-card">
218 + <h2 id="compliance-title">Useful for MFA adoption and NIS 2 readiness</h2>
219 +
220 + <p>
221 + Many organizations now need multi-factor authentication for enterprise software, especially when the
222 + platform contains internal documentation, procedures, operational knowledge or sensitive business data.
223 + </p>
224 +
225 + <p>
226 + For organizations using XWiki as a knowledge platform, having MFA embedded in the standard XWiki login
227 + experience helps close a practical security gap without requiring a full replacement of the authentication flow.
228 + </p>
229 +
230 + <p>
231 + This can be relevant for companies preparing for NIS 2 requirements, where MFA is part of a broader
232 + cybersecurity risk management and access protection strategy.
233 + </p>
234 + </article>
235 +
236 + <aside class="product-info-card" aria-labelledby="mfa-readiness-title">
237 + <h3 id="mfa-readiness-title">Security controls supported</h3>
238 + <ul>
239 + <li>Second-factor verification after password login</li>
240 + <li>Authenticator app or email-based verification codes</li>
241 + <li>Reduced repeated prompts for trusted clients</li>
242 + <li>Administration controls for user-level MFA management</li>
243 + <li>Better protection for administrator and remote-access accounts</li>
244 + </ul>
245 + </aside>
246 + </div>
247 + </div>
248 +</section>
249 +
250 +#*
172 172  <section aria-labelledby="gallery-title">
173 173   <div class="container">
174 174   <div class="product-gallery-panel">
... ... @@ -184,7 +184,7 @@
184 184   </div>
185 185   </div>
186 186  </section>
187 -
266 +*#
188 188  <section class="cta-section" aria-labelledby="cta-title">
189 189   <div class="container">
190 190   <div class="cta-panel">