Hi there,
sorry for cross posting if this has been discussed earlier. I have not found any while searching this forum and other sources.
We have to use 2 authentication providers in XWiki 17.10: OpenID aka. OIDC for internal users and local XWiki accounts for external. An internal policy recommends 2FA for all externally accessible services. Our OpenID provider has 2FA by design. That way we are looking for a way to secure the local XWiki accounts.
Is it possible to activate a 2FA method for local accounts only? Captchas may be sufficient but for any login and not only if the password verification failed?
best regards,
Andreas