Skip to Content
Last modified by Agnease on 2026/05/25 12:52
From version 8.4
edited by Agnease
on 2026/05/25 12:45
Change comment: There is no comment for this version
To version 8.8
edited by Agnease
on 2026/05/25 12:50
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -82,6 +82,32 @@
82 82   </section>
83 83  
84 84   ## COMMON NEEDS
85 + #set ($accessNeedsItems = [{
86 + 'title': 'LDAP and Active Directory integration',
87 + 'icon': 'address-book',
88 + 'content': 'Configuration, troubleshooting and optimization of LDAP/AD authentication, user creation and group synchronization.'
89 + },{
90 + 'title': 'SSO, OIDC and SAML',
91 + 'icon': 'sign-in',
92 + 'content': 'Integration with identity providers, single sign-on flows and authentication extensions used in enterprise environments.'
93 + },{
94 + 'title': 'Multi-factor authentication',
95 + 'icon': 'shield',
96 + 'content': 'MFA setup, licensing, configuration, troubleshooting and review of authentication-related user experience.'
97 + },{
98 + 'title': 'User and group synchronization',
99 + 'icon': 'users',
100 + 'content': 'Review of synchronization strategy, group mapping, large-directory behavior and performance implications.'
101 + },{
102 + 'title': 'Rights model review',
103 + 'icon': 'key',
104 + 'content': 'Review and cleanup of space, page, group and application permissions to reduce confusion and access risks.'
105 + },{
106 + 'title': 'Access-related troubleshooting',
107 + 'icon': 'warning',
108 + 'content': 'Investigation of login failures, missing users, group sync issues, unexpected permissions or denied access.'
109 + }])
110 +
85 85   <section class="services" aria-labelledby="access-needs-title">
86 86   <div class="container">
87 87   <h2 id="access-needs-title">Common authentication and access control needs</h2>
... ... @@ -92,82 +92,40 @@
92 92   </p>
93 93  
94 94   <div class="services-grid">
95 - <article class="service">
96 - <div class="service-icon" aria-hidden="true">
97 - <i class="fa fa-address-book"></i>
98 - </div>
99 - <div class="service-body">
100 - <h4>LDAP and Active Directory integration</h4>
101 - <p>
102 - Configuration, troubleshooting and optimization of LDAP/AD authentication, user creation and group synchronization.
103 - </p>
104 - </div>
105 - </article>
121 + #foreach ($entry in $accessNeedsItems)
122 + <article class="service">
123 + <div class="service-icon" aria-hidden="true">
124 + <i class="fa fa-$entry.icon"></i>
125 + </div>
106 106  
107 - <article class="service">
108 - <div class="service-icon" aria-hidden="true">
109 - <i class="fa fa-sign-in"></i>
110 - </div>
111 - <div class="service-body">
112 - <h4>SSO, OIDC and SAML</h4>
113 - <p>
114 - Integration with identity providers, single sign-on flows and authentication extensions used in enterprise environments.
115 - </p>
116 - </div>
117 - </article>
118 -
119 - <article class="service">
120 - <div class="service-icon" aria-hidden="true">
121 - <i class="fa fa-shield"></i>
122 - </div>
123 - <div class="service-body">
124 - <h4>Multi-factor authentication</h4>
125 - <p>
126 - MFA setup, licensing, configuration, troubleshooting and review of authentication-related user experience.
127 - </p>
128 - </div>
129 - </article>
130 -
131 - <article class="service">
132 - <div class="service-icon" aria-hidden="true">
133 - <i class="fa fa-users"></i>
134 - </div>
135 - <div class="service-body">
136 - <h4>User and group synchronization</h4>
137 - <p>
138 - Review of synchronization strategy, group mapping, large-directory behavior and performance implications.
139 - </p>
140 - </div>
141 - </article>
142 -
143 - <article class="service">
144 - <div class="service-icon" aria-hidden="true">
145 - <i class="fa fa-key"></i>
146 - </div>
147 - <div class="service-body">
148 - <h4>Rights model review</h4>
149 - <p>
150 - Review and cleanup of space, page, group and application permissions to reduce confusion and access risks.
151 - </p>
152 - </div>
153 - </article>
154 -
155 - <article class="service">
156 - <div class="service-icon" aria-hidden="true">
157 - <i class="fa fa-warning"></i>
158 - </div>
159 - <div class="service-body">
160 - <h4>Access-related troubleshooting</h4>
161 - <p>
162 - Investigation of login failures, missing users, group sync issues, unexpected permissions or denied access.
163 - </p>
164 - </div>
165 - </article>
127 + <div class="service-body">
128 + <h4>$entry.title</h4>
129 + <p>$entry.content</p>
130 + </div>
131 + </article>
132 + #end
166 166   </div>
167 167   </div>
168 168   </section>
169 169  
170 - ## APPROACH
137 + ## ACCESS CONTROL PROCESS
138 + #set ($accessProcessItems = [{
139 + 'title': 'Review the current access setup',
140 + 'content': 'Authentication method, user directory, groups, synchronization behavior, rights configuration and known issues.'
141 + },{
142 + 'title': 'Clarify the target model',
143 + 'content': 'Expected login flow, user provisioning, group mapping, administration model and permission boundaries.'
144 + },{
145 + 'title': 'Validate configuration safely',
146 + 'content': 'Test authentication, synchronization and rights behavior before applying changes to production when needed.'
147 + },{
148 + 'title': 'Apply controlled changes',
149 + 'content': 'Update configuration, extensions, rights or group mappings with attention to rollback and administrator access.'
150 + },{
151 + 'title': 'Document the result',
152 + 'content': 'Provide practical notes about the final configuration, assumptions, risks and future maintenance actions.'
153 + }])
154 +
171 171   <section id="access-control-process" class="split-section" aria-labelledby="process-title">
172 172   <div class="container">
173 173   <div class="split-grid">
... ... @@ -187,26 +187,12 @@
187 187   </div>
188 188  
189 189   <ol class="process-list">
190 - <li>
191 - <strong>Review the current access setup</strong>
192 - Authentication method, user directory, groups, synchronization behavior, rights configuration and known issues.
193 - </li>
194 - <li>
195 - <strong>Clarify the target model</strong>
196 - Expected login flow, user provisioning, group mapping, administration model and permission boundaries.
197 - </li>
198 - <li>
199 - <strong>Validate configuration safely</strong>
200 - Test authentication, synchronization and rights behavior before applying changes to production when needed.
201 - </li>
202 - <li>
203 - <strong>Apply controlled changes</strong>
204 - Update configuration, extensions, rights or group mappings with attention to rollback and administrator access.
205 - </li>
206 - <li>
207 - <strong>Document the result</strong>
208 - Provide practical notes about the final configuration, assumptions, risks and future maintenance actions.
209 - </li>
174 + #foreach ($entry in $accessProcessItems)
175 + <li>
176 + <strong>$entry.title</strong>
177 + $entry.content
178 + </li>
179 + #end
210 210   </ol>
211 211   </div>
212 212   </div>
... ... @@ -213,6 +213,24 @@
213 213   </section>
214 214  
215 215   ## SPECIFIC AREAS
186 + #set ($accessAreasItems = [{
187 + 'title': 'Directory configuration',
188 + 'icon': 'server',
189 + 'content': 'LDAP/AD connection settings, bind users, search bases, user filters, group filters and synchronization behavior.'
190 + },{
191 + 'title': 'Group mapping',
192 + 'icon': 'random',
193 + 'content': 'Mapping external groups into XWiki groups while avoiding unnecessary complexity and performance issues.'
194 + },{
195 + 'title': 'Permission structure',
196 + 'icon': 'lock',
197 + 'content': 'Space and page rights, inheritance, administrative access, edit rights, view rights and application permissions.'
198 + },{
199 + 'title': 'Security-sensitive rights',
200 + 'icon': 'user-secret',
201 + 'content': 'Review of powerful rights such as admin, programming, script and edit rights where they affect security.'
202 + }])
203 +
216 216   <section aria-labelledby="areas-title">
217 217   <div class="container">
218 218   <h2 id="areas-title">Specific areas we can review</h2>
... ... @@ -223,45 +223,16 @@
223 223   </p>
224 224  
225 225   <div class="widgets">
226 - <article class="widget">
227 - <div class="icon" aria-hidden="true">
228 - <i class="fa fa-server"></i>
229 - <h4>Directory<br />configuration</h4>
230 - </div>
231 - <p>
232 - LDAP/AD connection settings, bind users, search bases, user filters, group filters and synchronization behavior.
233 - </p>
234 - </article>
214 + #foreach ($entry in $accessAreasItems)
215 + <article class="widget">
216 + <div class="icon" aria-hidden="true">
217 + <i class="fa fa-$entry.icon"></i>
218 + <h4>$entry.title</h4>
219 + </div>
235 235  
236 - <article class="widget">
237 - <div class="icon" aria-hidden="true">
238 - <i class="fa fa-random"></i>
239 - <h4>Group<br />mapping</h4>
240 - </div>
241 - <p>
242 - Mapping external groups into XWiki groups while avoiding unnecessary complexity and performance issues.
243 - </p>
244 - </article>
245 -
246 - <article class="widget">
247 - <div class="icon" aria-hidden="true">
248 - <i class="fa fa-lock"></i>
249 - <h4>Permission<br />structure</h4>
250 - </div>
251 - <p>
252 - Space and page rights, inheritance, administrative access, edit rights, view rights and application permissions.
253 - </p>
254 - </article>
255 -
256 - <article class="widget">
257 - <div class="icon" aria-hidden="true">
258 - <i class="fa fa-user-secret"></i>
259 - <h4>Security<br />sensitive rights</h4>
260 - </div>
261 - <p>
262 - Review of powerful rights such as admin, programming, script and edit rights where they affect security.
263 - </p>
264 - </article>
221 + <p>$entry.content</p>
222 + </article>
223 + #end
265 265   </div>
266 266   </div>
267 267   </section>