Skip to Content
Last modified by Agnease on 2026/05/23 18:56
From version 1.9
edited by Agnease
on 2026/05/22 03:22
Change comment: There is no comment for this version
To version 1.13
edited by Agnease
on 2026/05/22 03:37
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -17,8 +17,8 @@
17 17   </p>
18 18  
19 19   <p class="hero-support">
20 - This extension protects XWiki accounts with an additional verification step after the standard username and password login.
21 - Users can verify access with an authenticator app code or an email-delivered code, while XWiki keeps its familiar login experience.
20 + This XWiki MFA / 2FA extension adds an additional verification step after the standard username and password login.
21 + Users can verify access with authenticator app codes, email-delivered one-time codes, or a combined setup requiring both methods.
22 22   </p>
23 23  
24 24   <div class="hero-actions">
... ... @@ -35,20 +35,21 @@
35 35   <h2 id="overview-title">Stronger login protection for XWiki</h2>
36 36  
37 37   <p>
38 - The XWiki Two-Factor Authentication extension adds an additional verification screen after the standard
39 - username and password login. Users confirm their identity with a time-based one-time code generated by an
40 - authenticator app, or with a verification code delivered by email.
38 + The XWiki MFA / Two-Factor Authentication extension adds additional verification after the standard
39 + XWiki username and password login. It strengthens account protection without replacing the familiar
40 + XWiki authentication flow.
41 41   </p>
42 42  
43 43   <p>
44 - The extension is designed for organizations that want to improve account security while keeping authentication
45 - close to the standard XWiki login experience. It also supports remembering trusted clients beyond the current
46 - session, so users are not forced to enter a second factor again on every login from the same trusted browser.
44 + The extension supports authenticator app codes using TOTP, email-delivered one-time verification codes,
45 + and stricter configurations where both verification methods are required. This allows organizations to
46 + choose between a simpler 2FA setup or a stronger multi-step MFA policy.
47 47   </p>
48 48  
49 49   <p>
50 - It can be useful for internal knowledge bases, intranets, documentation platforms, SOP systems, or other
51 - XWiki environments where access to content and administration should be better protected.
50 + Trusted clients can also be remembered for a configured period. In practice, this means that a known
51 + browser or device can avoid repeated MFA prompts, while new or untrusted clients still require the
52 + configured verification steps.
52 52   </p>
53 53   </article>
54 54  
... ... @@ -56,7 +56,9 @@
56 56   <h3 id="quick-facts-title">Quick facts</h3>
57 57   <ul>
58 58   <li>Works with the standard XWiki login flow</li>
59 - <li>Adds a second TOTP verification step</li>
60 + <li>Supports authenticator app verification codes</li>
61 + <li>Supports email-delivered verification codes</li>
62 + <li>Can remember trusted clients beyond the current session</li>
60 60   <li>Configuration available from wiki administration</li>
61 61   <li>User setup available during login or from the user profile</li>
62 62   <li>Administrators can enable, disable or reset MFA for users</li>
... ... @@ -82,12 +82,33 @@
82 82   </div>
83 83   <h3>Second login step</h3>
84 84   <p>
85 - After the username and password are verified, users are asked to enter a time-based verification code.
88 + After the username and password are verified, users are asked to enter an additional verification code
89 + before accessing the wiki.
86 86   </p>
87 87   </article>
88 88  
89 89   <article class="product-feature">
90 90   <div class="feature-icon">
95 + <i class="fa fa-mobile" aria-hidden="true"></i>
96 + </div>
97 + <h3>Authenticator app codes</h3>
98 + <p>
99 + Users can verify access with codes generated by authenticator applications, such as mobile TOTP apps.
100 + </p>
101 + </article>
102 +
103 + <article class="product-feature">
104 + <div class="feature-icon">
105 + <i class="fa fa-envelope-o" aria-hidden="true"></i>
106 + </div>
107 + <h3>Email verification codes</h3>
108 + <p>
109 + Users can also receive a verification code by email, useful when an authenticator app is not available.
110 + </p>
111 + </article>
112 +
113 + <article class="product-feature">
114 + <div class="feature-icon">
91 91   <i class="fa fa-qrcode" aria-hidden="true"></i>
92 92   </div>
93 93   <h3>User setup screen</h3>
... ... @@ -98,6 +98,17 @@
98 98  
99 99   <article class="product-feature">
100 100   <div class="feature-icon">
125 + <i class="fa fa-clock-o" aria-hidden="true"></i>
126 + </div>
127 + <h3>Remember trusted clients</h3>
128 + <p>
129 + Trusted browsers can be remembered beyond the current session, reducing repeated MFA prompts while keeping
130 + the second factor active for new or untrusted clients.
131 + </p>
132 + </article>
133 +
134 + <article class="product-feature">
135 + <div class="feature-icon">
101 101   <i class="fa fa-sliders" aria-hidden="true"></i>
102 102   </div>
103 103   <h3>Administration controls</h3>
... ... @@ -151,6 +151,12 @@
151 151   </p>
152 152  
153 153   <p>
189 + It can also support organizations that need MFA as part of their cybersecurity controls, including companies
190 + working toward NIS 2 readiness. NIS 2 focuses on stronger cybersecurity risk management across essential and
191 + important entities in the EU, and MFA is often expected as part of enterprise access protection programs.
192 + </p>
193 +
194 + <p>
154 154   It is also useful when many users access the wiki remotely, when administrator accounts need stronger protection,
155 155   or when the organization wants to reduce the risk of compromised passwords.
156 156   </p>
... ... @@ -170,6 +170,42 @@
170 170   </div>
171 171  </section>
172 172  
214 +<section class="product-section-muted" aria-labelledby="compliance-title">
215 + <div class="container">
216 + <div class="product-layout">
217 + <article class="product-summary-card">
218 + <h2 id="compliance-title">Useful for MFA adoption and NIS 2 readiness</h2>
219 +
220 + <p>
221 + Many organizations now need multi-factor authentication for enterprise software, especially when the
222 + platform contains internal documentation, procedures, operational knowledge or sensitive business data.
223 + </p>
224 +
225 + <p>
226 + For organizations using XWiki as a knowledge platform, having MFA embedded in the standard XWiki login
227 + experience helps close a practical security gap without requiring a full replacement of the authentication flow.
228 + </p>
229 +
230 + <p>
231 + This can be relevant for companies preparing for NIS 2 requirements, where MFA is part of a broader
232 + cybersecurity risk management and access protection strategy.
233 + </p>
234 + </article>
235 +
236 + <aside class="product-info-card" aria-labelledby="mfa-readiness-title">
237 + <h3 id="mfa-readiness-title">Security controls supported</h3>
238 + <ul>
239 + <li>Second-factor verification after password login</li>
240 + <li>Authenticator app or email-based verification codes</li>
241 + <li>Reduced repeated prompts for trusted clients</li>
242 + <li>Administration controls for user-level MFA management</li>
243 + <li>Better protection for administrator and remote-access accounts</li>
244 + </ul>
245 + </aside>
246 + </div>
247 + </div>
248 +</section>
249 +
173 173  #*
174 174  <section aria-labelledby="gallery-title">
175 175   <div class="container">