Skip to Content
Version 10.5 by Agnease on 2026/06/24 14:35
Show last authors
1 {{velocity}}
2 #set ($discard = $xwiki.ssx.use('PublicWebSite.WebHome'))
3 #set ($discard = $xwiki.ssx.use('products.WebHome'))
4
5 #set ($mainCapabilityItems = [{
6 'title': 'Second verification step',
7 'icon': 'key',
8 'content': 'Add an additional verification screen after the normal XWiki username and password login.'
9 },{
10 'title': 'Authenticator app codes',
11 'icon': 'mobile',
12 'content': 'Let users verify access with time-based TOTP codes generated by authenticator applications.'
13 },{
14 'title': 'Email verification codes',
15 'icon': 'envelope-o',
16 'content': 'Send one-time verification codes by email when this method is enabled or combined with app codes.'
17 }])
18
19 #set ($adminExperienceItems = [{
20 'title': 'MFA policy',
21 'icon': 'cog',
22 'content': 'Make MFA optional or required for all users from the XWiki Administration section.'
23 },{
24 'title': 'Recovery and trusted devices',
25 'icon': 'shield',
26 'content': 'Configure recovery-code count and trusted-device duration according to the organization security policy.'
27 },{
28 'title': 'Administration overview',
29 'icon': 'table',
30 'content': 'Review MFA adoption across users with summary indicators and a filterable Live Data table.'
31 }])
32
33 #set ($userExperienceItems = [{
34 'title': 'Self-service setup',
35 'icon': 'qrcode',
36 'content': 'Users configure MFA from their profile by scanning a QR code or entering the setup key manually.'
37 },{
38 'title': 'Familiar login flow',
39 'icon': 'sign-in',
40 'content': 'After the normal login, users enter the configured verification code before accessing XWiki.'
41 },{
42 'title': 'Profile management',
43 'icon': 'user',
44 'content': 'Users can review MFA status, manage recovery codes and remove trusted devices from their profile.'
45 }])
46
47 #set ($recoveryItems = [{
48 'title': 'Recovery codes',
49 'icon': 'life-ring',
50 'content': 'Recovery codes provide backup access when a user loses access to the authenticator application.'
51 },{
52 'title': 'Trusted devices',
53 'icon': 'desktop',
54 'content': 'Trusted browsers or devices can skip repeated MFA prompts for a configured period.'
55 },{
56 'title': 'Administrator reset',
57 'icon': 'refresh',
58 'content': 'Administrators can reset a user MFA setup when the user needs to restart the configuration process.'
59 }])
60
61 #set ($rolloutItems = [{
62 'title': 'Start with a pilot group',
63 'content': 'Test the extension with administrators or a small user group before enabling it widely.'
64 },{
65 'title': 'Define the MFA policy',
66 'content': 'Decide whether MFA should be optional, required for administrators, or required for all users.'
67 },{
68 'title': 'Configure recovery options',
69 'content': 'Choose whether recovery codes and trusted devices should be enabled.'
70 },{
71 'title': 'Inform users',
72 'content': 'Explain how users configure MFA, save recovery codes and manage trusted devices.'
73 },{
74 'title': 'Monitor adoption',
75 'content': 'Use the administration overview to identify users who still need to configure MFA.'
76 }])
77
78 {{html clean="false"}}
79
80 <section class="hero hero-centered" aria-labelledby="product-title">
81 <div class="container hero-inner">
82 <div class="hero-kicker">
83 <i class="fa fa-lock" aria-hidden="true"></i>
84 XWiki 2FA and MFA
85 </div>
86
87 <h1 id="product-title">XWiki Two-Factor Authentication</h1>
88
89 <p class="lead">
90 Protect XWiki logins with a second verification step using authenticator app codes,
91 email verification codes, or both.
92 </p>
93
94 <div class="hero-actions">
95 <a class="btn btn-primary" href="$xwiki.getURL('contact.WebHome')">Ask about this extension</a>
96 <a class="btn btn-secondary" href="$xwiki.getURL('products.WebHome')">View all products</a>
97 </div>
98 </div>
99 </section>
100
101 <section aria-labelledby="overview-title">
102 <div class="container">
103 <div class="product-layout">
104 <article class="product-summary-card">
105 <h2 id="overview-title">Two-factor authentication built into XWiki</h2>
106
107 <p>
108 XWiki Two-Factor Authentication adds MFA/2FA support to the standard XWiki login flow.
109 Users continue to sign in with their normal username and password, then confirm access with
110 an additional verification method.
111 </p>
112
113 <p>
114 The extension supports authenticator app codes, email-delivered verification codes, or a combined
115 setup where both methods are required. It improves account protection without replacing the familiar
116 XWiki authentication experience.
117 </p>
118 </article>
119
120 <aside class="product-info-card" aria-labelledby="quick-facts-title">
121 <h3 id="quick-facts-title">Quick facts</h3>
122 <ul>
123 <li>Works with the standard XWiki login flow</li>
124 <li>Supports TOTP authenticator applications</li>
125 <li>Supports email-delivered one-time codes</li>
126 <li>Can require app and email verification together</li>
127 <li>Includes recovery codes for backup access</li>
128 <li>Can remember trusted browsers or devices</li>
129 <li>Includes administration and user controls</li>
130 </ul>
131 </aside>
132 </div>
133 </div>
134 </section>
135
136 <section aria-labelledby="capabilities-title">
137 <div class="container">
138 <h2 id="capabilities-title">Main capabilities</h2>
139
140 <p class="section-intro">
141 A focused set of MFA/2FA features for stronger XWiki account protection without changing the standard login experience.
142 </p>
143
144 <div class="product-feature-grid">
145 #foreach ($entry in $mainCapabilityItems)
146 <article class="product-feature">
147 <div class="card-heading">
148 <div class="feature-icon">
149 <i class="fa fa-$entry.icon" aria-hidden="true"></i>
150 </div>
151 <h3>$entry.title</h3>
152 </div>
153
154 <p>$entry.content</p>
155 </article>
156 #end
157 </div>
158 </div>
159 </section>
160
161 <section class="product-section-muted" aria-labelledby="security-title">
162 <div class="container">
163 <div class="product-layout">
164 <article class="product-summary-card">
165 <h2 id="security-title">Useful for XWiki security and access protection</h2>
166
167 <p>
168 Many organizations need multi-factor authentication for internal tools, knowledge bases,
169 intranets, documentation platforms and systems containing operational or sensitive information.
170 </p>
171
172 <p>
173 For XWiki, adding two-factor authentication directly to the standard login flow helps protect
174 administrator accounts, remote users, private knowledge bases and customer or partner portals.
175 </p>
176 </article>
177
178 <aside class="product-info-card" aria-labelledby="use-cases-title">
179 <h3 id="use-cases-title">Typical use cases</h3>
180 <ul>
181 <li>Administrator account protection</li>
182 <li>Internal knowledge base security</li>
183 <li>Private documentation platforms</li>
184 <li>Remote user access protection</li>
185 <li>Customer or partner portals</li>
186 <li>Security review and NIS 2 readiness initiatives</li>
187 </ul>
188 </aside>
189 </div>
190 </div>
191 </section>
192
193 <section aria-labelledby="admin-experience-title">
194 <div class="container">
195 <h2 id="admin-experience-title">Administrator experience</h2>
196
197 <p class="section-intro">
198 Administrators can configure the MFA policy, monitor adoption and reset user MFA setups when needed.
199 </p>
200
201 <div class="product-feature-grid">
202 #foreach ($entry in $adminExperienceItems)
203 <article class="product-feature">
204 <div class="card-heading">
205 <div class="feature-icon">
206 <i class="fa fa-$entry.icon" aria-hidden="true"></i>
207 </div>
208 <h3>$entry.title</h3>
209 </div>
210
211 <p>$entry.content</p>
212 </article>
213 #end
214 </div>
215
216 {{/html}}
217
218 {{gallery}}
219 [[image:mfa-admin-configuration.png]]
220 [[image:mfa-admin-overview.png]]
221 {{/gallery}}
222
223 {{html clean="false"}}
224
225 <p class="product-gallery-caption">
226 Administration screens for configuring MFA and reviewing MFA adoption across users.
227 </p>
228 </div>
229 </section>
230
231 <section class="product-section-muted" aria-labelledby="user-experience-title">
232 <div class="container">
233 <h2 id="user-experience-title">User experience</h2>
234
235 <p class="section-intro">
236 Users can configure MFA from their profile and complete the second verification step during login.
237 </p>
238
239 <div class="product-feature-grid">
240 #foreach ($entry in $userExperienceItems)
241 <article class="product-feature">
242 <div class="card-heading">
243 <div class="feature-icon">
244 <i class="fa fa-$entry.icon" aria-hidden="true"></i>
245 </div>
246 <h3>$entry.title</h3>
247 </div>
248
249 <p>$entry.content</p>
250 </article>
251 #end
252 </div>
253
254 {{/html}}
255
256 {{gallery}}
257 [[image:mfa-user-setup-qr.png]]
258 [[image:mfa-login-verification.png]]
259 {{/gallery}}
260
261 {{html clean="false"}}
262
263 <p class="product-gallery-caption">
264 User setup and login verification screens.
265 </p>
266 </div>
267 </section>
268
269 <section aria-labelledby="recovery-title">
270 <div class="container">
271 <h2 id="recovery-title">Recovery codes and trusted devices</h2>
272
273 <p class="section-intro">
274 Recovery codes and trusted devices help balance stronger access protection with a smoother user experience.
275 </p>
276
277 <div class="product-feature-grid">
278 #foreach ($entry in $recoveryItems)
279 <article class="product-feature">
280 <div class="card-heading">
281 <div class="feature-icon">
282 <i class="fa fa-$entry.icon" aria-hidden="true"></i>
283 </div>
284 <h3>$entry.title</h3>
285 </div>
286
287 <p>$entry.content</p>
288 </article>
289 #end
290 </div>
291
292 {{/html}}
293
294 {{gallery}}
295 [[image:mfa-recovery-codes.png]]
296 [[image:mfa-trusted-devices.png]]
297 [[image:mfa-user-profile-overview.png]]
298 [[image:mfa-admin-user-management.png]]
299 {{/gallery}}
300
301 {{html clean="false"}}
302
303 <p class="product-gallery-caption">
304 Recovery codes, trusted devices and user profile management.
305 </p>
306 </div>
307 </section>
308
309 <section class="product-section-muted" aria-labelledby="rollout-title">
310 <div class="container">
311 <div class="product-layout">
312 <article class="product-summary-card">
313 <h2 id="rollout-title">Rollout recommendations</h2>
314
315 <p>
316 For a smooth rollout, start with a small administrator or pilot group before requiring MFA for everyone.
317 This helps validate the configuration, prepare user communication and reduce support issues.
318 </p>
319
320 <ol class="process-list">
321 #foreach ($entry in $rolloutItems)
322 <li>
323 <strong>$entry.title</strong>
324 $entry.content
325 </li>
326 #end
327 </ol>
328 </article>
329
330 <aside class="product-info-card" aria-labelledby="planning-title">
331 <h3 id="planning-title">Useful information before installation</h3>
332
333 <p class="product-card-note">
334 These details help evaluate compatibility, rollout scope and configuration options.
335 </p>
336
337 <ul>
338 <li>XWiki version</li>
339 <li>Single wiki or wiki farm with subwikis</li>
340 <li>Current authentication setup</li>
341 <li>Optional or globally required MFA policy</li>
342 <li>Trusted-device policy</li>
343 <li>Recovery-code policy</li>
344 <li>Rollout communication needs</li>
345 </ul>
346 </aside>
347 </div>
348 </div>
349 </section>
350
351 <section class="cta-section" aria-labelledby="cta-title">
352 <div class="container">
353 <div class="cta-panel">
354 <h2 id="cta-title">Interested in using this extension?</h2>
355
356 <p>
357 Send a short message with your XWiki version, current authentication setup and MFA rollout goal.
358 </p>
359
360 <a class="btn btn-primary" href="$xwiki.getURL('contact.WebHome')">Contact Agnease</a>
361 </div>
362 </div>
363 </section>
364
365 {{/html}}
366 {{/velocity}}