Skip to Content
Last modified by Agnease on 2026/05/25 12:52
From version 8.8
edited by Agnease
on 2026/05/25 12:50
Change comment: There is no comment for this version
To version 8.5
edited by Agnease
on 2026/05/25 12:45
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -82,32 +82,6 @@
82 82   </section>
83 83  
84 84   ## COMMON NEEDS
85 - #set ($accessNeedsItems = [{
86 - 'title': 'LDAP and Active Directory integration',
87 - 'icon': 'address-book',
88 - 'content': 'Configuration, troubleshooting and optimization of LDAP/AD authentication, user creation and group synchronization.'
89 - },{
90 - 'title': 'SSO, OIDC and SAML',
91 - 'icon': 'sign-in',
92 - 'content': 'Integration with identity providers, single sign-on flows and authentication extensions used in enterprise environments.'
93 - },{
94 - 'title': 'Multi-factor authentication',
95 - 'icon': 'shield',
96 - 'content': 'MFA setup, licensing, configuration, troubleshooting and review of authentication-related user experience.'
97 - },{
98 - 'title': 'User and group synchronization',
99 - 'icon': 'users',
100 - 'content': 'Review of synchronization strategy, group mapping, large-directory behavior and performance implications.'
101 - },{
102 - 'title': 'Rights model review',
103 - 'icon': 'key',
104 - 'content': 'Review and cleanup of space, page, group and application permissions to reduce confusion and access risks.'
105 - },{
106 - 'title': 'Access-related troubleshooting',
107 - 'icon': 'warning',
108 - 'content': 'Investigation of login failures, missing users, group sync issues, unexpected permissions or denied access.'
109 - }])
110 -
111 111   <section class="services" aria-labelledby="access-needs-title">
112 112   <div class="container">
113 113   <h2 id="access-needs-title">Common authentication and access control needs</h2>
... ... @@ -118,40 +118,82 @@
118 118   </p>
119 119  
120 120   <div class="services-grid">
121 - #foreach ($entry in $accessNeedsItems)
122 - <article class="service">
123 - <div class="service-icon" aria-hidden="true">
124 - <i class="fa fa-$entry.icon"></i>
125 - </div>
95 + <article class="service">
96 + <div class="service-icon" aria-hidden="true">
97 + <i class="fa fa-address-book"></i>
98 + </div>
99 + <div class="service-body">
100 + <h4>LDAP and Active Directory integration</h4>
101 + <p>
102 + Configuration, troubleshooting and optimization of LDAP/AD authentication, user creation and group synchronization.
103 + </p>
104 + </div>
105 + </article>
126 126  
127 - <div class="service-body">
128 - <h4>$entry.title</h4>
129 - <p>$entry.content</p>
130 - </div>
131 - </article>
132 - #end
107 + <article class="service">
108 + <div class="service-icon" aria-hidden="true">
109 + <i class="fa fa-sign-in"></i>
110 + </div>
111 + <div class="service-body">
112 + <h4>SSO, OIDC and SAML</h4>
113 + <p>
114 + Integration with identity providers, single sign-on flows and authentication extensions used in enterprise environments.
115 + </p>
116 + </div>
117 + </article>
118 +
119 + <article class="service">
120 + <div class="service-icon" aria-hidden="true">
121 + <i class="fa fa-shield"></i>
122 + </div>
123 + <div class="service-body">
124 + <h4>Multi-factor authentication</h4>
125 + <p>
126 + MFA setup, licensing, configuration, troubleshooting and review of authentication-related user experience.
127 + </p>
128 + </div>
129 + </article>
130 +
131 + <article class="service">
132 + <div class="service-icon" aria-hidden="true">
133 + <i class="fa fa-users"></i>
134 + </div>
135 + <div class="service-body">
136 + <h4>User and group synchronization</h4>
137 + <p>
138 + Review of synchronization strategy, group mapping, large-directory behavior and performance implications.
139 + </p>
140 + </div>
141 + </article>
142 +
143 + <article class="service">
144 + <div class="service-icon" aria-hidden="true">
145 + <i class="fa fa-key"></i>
146 + </div>
147 + <div class="service-body">
148 + <h4>Rights model review</h4>
149 + <p>
150 + Review and cleanup of space, page, group and application permissions to reduce confusion and access risks.
151 + </p>
152 + </div>
153 + </article>
154 +
155 + <article class="service">
156 + <div class="service-icon" aria-hidden="true">
157 + <i class="fa fa-warning"></i>
158 + </div>
159 + <div class="service-body">
160 + <h4>Access-related troubleshooting</h4>
161 + <p>
162 + Investigation of login failures, missing users, group sync issues, unexpected permissions or denied access.
163 + </p>
164 + </div>
165 + </article>
133 133   </div>
134 134   </div>
135 135   </section>
136 136  
137 - ## ACCESS CONTROL PROCESS
138 - #set ($accessProcessItems = [{
139 - 'title': 'Review the current access setup',
140 - 'content': 'Authentication method, user directory, groups, synchronization behavior, rights configuration and known issues.'
141 - },{
142 - 'title': 'Clarify the target model',
143 - 'content': 'Expected login flow, user provisioning, group mapping, administration model and permission boundaries.'
144 - },{
145 - 'title': 'Validate configuration safely',
146 - 'content': 'Test authentication, synchronization and rights behavior before applying changes to production when needed.'
147 - },{
148 - 'title': 'Apply controlled changes',
149 - 'content': 'Update configuration, extensions, rights or group mappings with attention to rollback and administrator access.'
150 - },{
151 - 'title': 'Document the result',
152 - 'content': 'Provide practical notes about the final configuration, assumptions, risks and future maintenance actions.'
153 - }])
154 -
170 + ## APPROACH
155 155   <section id="access-control-process" class="split-section" aria-labelledby="process-title">
156 156   <div class="container">
157 157   <div class="split-grid">
... ... @@ -171,12 +171,26 @@
171 171   </div>
172 172  
173 173   <ol class="process-list">
174 - #foreach ($entry in $accessProcessItems)
175 - <li>
176 - <strong>$entry.title</strong>
177 - $entry.content
178 - </li>
179 - #end
190 + <li>
191 + <strong>Review the current access setup</strong>
192 + Authentication method, user directory, groups, synchronization behavior, rights configuration and known issues.
193 + </li>
194 + <li>
195 + <strong>Clarify the target model</strong>
196 + Expected login flow, user provisioning, group mapping, administration model and permission boundaries.
197 + </li>
198 + <li>
199 + <strong>Validate configuration safely</strong>
200 + Test authentication, synchronization and rights behavior before applying changes to production when needed.
201 + </li>
202 + <li>
203 + <strong>Apply controlled changes</strong>
204 + Update configuration, extensions, rights or group mappings with attention to rollback and administrator access.
205 + </li>
206 + <li>
207 + <strong>Document the result</strong>
208 + Provide practical notes about the final configuration, assumptions, risks and future maintenance actions.
209 + </li>
180 180   </ol>
181 181   </div>
182 182   </div>
... ... @@ -183,24 +183,6 @@
183 183   </section>
184 184  
185 185   ## SPECIFIC AREAS
186 - #set ($accessAreasItems = [{
187 - 'title': 'Directory configuration',
188 - 'icon': 'server',
189 - 'content': 'LDAP/AD connection settings, bind users, search bases, user filters, group filters and synchronization behavior.'
190 - },{
191 - 'title': 'Group mapping',
192 - 'icon': 'random',
193 - 'content': 'Mapping external groups into XWiki groups while avoiding unnecessary complexity and performance issues.'
194 - },{
195 - 'title': 'Permission structure',
196 - 'icon': 'lock',
197 - 'content': 'Space and page rights, inheritance, administrative access, edit rights, view rights and application permissions.'
198 - },{
199 - 'title': 'Security-sensitive rights',
200 - 'icon': 'user-secret',
201 - 'content': 'Review of powerful rights such as admin, programming, script and edit rights where they affect security.'
202 - }])
203 -
204 204   <section aria-labelledby="areas-title">
205 205   <div class="container">
206 206   <h2 id="areas-title">Specific areas we can review</h2>
... ... @@ -211,16 +211,45 @@
211 211   </p>
212 212  
213 213   <div class="widgets">
214 - #foreach ($entry in $accessAreasItems)
215 - <article class="widget">
216 - <div class="icon" aria-hidden="true">
217 - <i class="fa fa-$entry.icon"></i>
218 - <h4>$entry.title</h4>
219 - </div>
226 + <article class="widget">
227 + <div class="icon" aria-hidden="true">
228 + <i class="fa fa-server"></i>
229 + <h4>Directory<br />configuration</h4>
230 + </div>
231 + <p>
232 + LDAP/AD connection settings, bind users, search bases, user filters, group filters and synchronization behavior.
233 + </p>
234 + </article>
220 220  
221 - <p>$entry.content</p>
222 - </article>
223 - #end
236 + <article class="widget">
237 + <div class="icon" aria-hidden="true">
238 + <i class="fa fa-random"></i>
239 + <h4>Group<br />mapping</h4>
240 + </div>
241 + <p>
242 + Mapping external groups into XWiki groups while avoiding unnecessary complexity and performance issues.
243 + </p>
244 + </article>
245 +
246 + <article class="widget">
247 + <div class="icon" aria-hidden="true">
248 + <i class="fa fa-lock"></i>
249 + <h4>Permission<br />structure</h4>
250 + </div>
251 + <p>
252 + Space and page rights, inheritance, administrative access, edit rights, view rights and application permissions.
253 + </p>
254 + </article>
255 +
256 + <article class="widget">
257 + <div class="icon" aria-hidden="true">
258 + <i class="fa fa-user-secret"></i>
259 + <h4>Security<br />sensitive rights</h4>
260 + </div>
261 + <p>
262 + Review of powerful rights such as admin, programming, script and edit rights where they affect security.
263 + </p>
264 + </article>
224 224   </div>
225 225   </div>
226 226   </section>