Skip to Content
Version 13.1 by Agnease on 2026/06/24 14:45
Hide last authors
Agnease 1.18 1 {{velocity}}
2 #set ($discard = $xwiki.ssx.use('PublicWebSite.WebHome'))
3 #set ($discard = $xwiki.ssx.use('products.WebHome'))
Agnease 10.1 4
5 #set ($mainCapabilityItems = [{
6 'title': 'Second verification step',
7 'icon': 'key',
8 'content': 'Add an additional verification screen after the normal XWiki username and password login.'
9 },{
10 'title': 'Authenticator app codes',
11 'icon': 'mobile',
12 'content': 'Let users verify access with time-based TOTP codes generated by authenticator applications.'
13 },{
14 'title': 'Email verification codes',
15 'icon': 'envelope-o',
16 'content': 'Send one-time verification codes by email when this method is enabled or combined with app codes.'
17 }])
18
19 #set ($adminExperienceItems = [{
20 'title': 'MFA policy',
21 'icon': 'cog',
22 'content': 'Make MFA optional or required for all users from the XWiki Administration section.'
23 },{
24 'title': 'Recovery and trusted devices',
25 'icon': 'shield',
26 'content': 'Configure recovery-code count and trusted-device duration according to the organization security policy.'
27 },{
28 'title': 'Administration overview',
29 'icon': 'table',
30 'content': 'Review MFA adoption across users with summary indicators and a filterable Live Data table.'
31 }])
32
33 #set ($userExperienceItems = [{
34 'title': 'Self-service setup',
35 'icon': 'qrcode',
36 'content': 'Users configure MFA from their profile by scanning a QR code or entering the setup key manually.'
37 },{
38 'title': 'Familiar login flow',
39 'icon': 'sign-in',
40 'content': 'After the normal login, users enter the configured verification code before accessing XWiki.'
41 },{
42 'title': 'Profile management',
43 'icon': 'user',
44 'content': 'Users can review MFA status, manage recovery codes and remove trusted devices from their profile.'
45 }])
46
47 #set ($recoveryItems = [{
48 'title': 'Recovery codes',
49 'icon': 'life-ring',
50 'content': 'Recovery codes provide backup access when a user loses access to the authenticator application.'
51 },{
52 'title': 'Trusted devices',
53 'icon': 'desktop',
54 'content': 'Trusted browsers or devices can skip repeated MFA prompts for a configured period.'
55 },{
56 'title': 'Administrator reset',
57 'icon': 'refresh',
58 'content': 'Administrators can reset a user MFA setup when the user needs to restart the configuration process.'
59 }])
60
61 #set ($rolloutItems = [{
62 'title': 'Start with a pilot group',
63 'content': 'Test the extension with administrators or a small user group before enabling it widely.'
64 },{
65 'title': 'Define the MFA policy',
66 'content': 'Decide whether MFA should be optional, required for administrators, or required for all users.'
67 },{
68 'title': 'Configure recovery options',
69 'content': 'Choose whether recovery codes and trusted devices should be enabled.'
70 },{
71 'title': 'Inform users',
72 'content': 'Explain how users configure MFA, save recovery codes and manage trusted devices.'
73 },{
74 'title': 'Monitor adoption',
75 'content': 'Use the administration overview to identify users who still need to configure MFA.'
76 }])
77
Agnease 1.18 78 {{html clean="false"}}
Agnease 1.2 79
Agnease 10.1 80 <section class="hero hero-centered" aria-labelledby="product-title">
Agnease 1.18 81 <div class="container hero-inner">
82 <div class="hero-kicker">
Agnease 1.2 83 <i class="fa fa-lock" aria-hidden="true"></i>
Agnease 1.18 84 XWiki 2FA and MFA
Agnease 1.2 85 </div>
86
Agnease 1.18 87 <h1 id="product-title">XWiki Two-Factor Authentication</h1>
Agnease 1.2 88
Agnease 1.18 89 <p class="lead">
Agnease 6.2 90 Protect XWiki logins with a second verification step using authenticator app codes,
91 email verification codes, or both.
Agnease 1.2 92 </p>
93
Agnease 1.18 94 <div class="hero-actions">
95 <a class="btn btn-primary" href="$xwiki.getURL('contact.WebHome')">Ask about this extension</a>
96 <a class="btn btn-secondary" href="$xwiki.getURL('products.WebHome')">View all products</a>
97 </div>
98 </div>
99 </section>
100
101 <section aria-labelledby="overview-title">
102 <div class="container">
103 <div class="product-layout">
104 <article class="product-summary-card">
105 <h2 id="overview-title">Two-factor authentication built into XWiki</h2>
106
107 <p>
Agnease 10.1 108 XWiki Two-Factor Authentication adds MFA/2FA support to the standard XWiki login flow.
109 Users continue to sign in with their normal username and password, then confirm access with
110 an additional verification method.
Agnease 1.18 111 </p>
112
113 <p>
Agnease 10.1 114 The extension supports authenticator app codes, email-delivered verification codes, or a combined
115 setup where both methods are required. It improves account protection without replacing the familiar
116 XWiki authentication experience.
Agnease 1.18 117 </p>
118 </article>
119
120 <aside class="product-info-card" aria-labelledby="quick-facts-title">
121 <h3 id="quick-facts-title">Quick facts</h3>
122 <ul>
123 <li>Works with the standard XWiki login flow</li>
Agnease 10.1 124 <li>Supports TOTP authenticator applications</li>
125 <li>Supports email-delivered one-time codes</li>
126 <li>Can require app and email verification together</li>
127 <li>Includes recovery codes for backup access</li>
Agnease 1.18 128 <li>Can remember trusted browsers or devices</li>
Agnease 10.1 129 <li>Includes administration and user controls</li>
Agnease 1.18 130 </ul>
131 </aside>
132 </div>
133 </div>
134 </section>
135
Agnease 10.1 136 <section aria-labelledby="capabilities-title">
Agnease 1.18 137 <div class="container">
Agnease 10.1 138 <h2 id="capabilities-title">Main capabilities</h2>
Agnease 1.18 139
140 <p class="section-intro">
Agnease 9.1 141 A focused set of MFA/2FA features for stronger XWiki account protection without changing the standard login experience.
Agnease 1.2 142 </p>
Agnease 1.18 143
144 <div class="product-feature-grid">
Agnease 10.1 145 #foreach ($entry in $mainCapabilityItems)
146 <article class="product-feature">
147 <div class="card-heading">
148 <div class="feature-icon">
149 <i class="fa fa-$entry.icon" aria-hidden="true"></i>
150 </div>
151 <h3>$entry.title</h3>
Agnease 6.7 152 </div>
153
Agnease 10.1 154 <p>$entry.content</p>
155 </article>
156 #end
157 </div>
158 </div>
159 </section>
160
161 <section class="product-section-muted" aria-labelledby="security-title">
162 <div class="container">
163 <div class="product-layout">
164 <article class="product-summary-card">
165 <h2 id="security-title">Useful for XWiki security and access protection</h2>
166
Agnease 1.18 167 <p>
Agnease 10.1 168 Many organizations need multi-factor authentication for internal tools, knowledge bases,
169 intranets, documentation platforms and systems containing operational or sensitive information.
Agnease 1.18 170 </p>
171
Agnease 8.1 172 <p>
Agnease 10.1 173 For XWiki, adding two-factor authentication directly to the standard login flow helps protect
174 administrator accounts, remote users, private knowledge bases and customer or partner portals.
Agnease 8.1 175 </p>
176 </article>
177
Agnease 10.1 178 <aside class="product-info-card" aria-labelledby="use-cases-title">
179 <h3 id="use-cases-title">Typical use cases</h3>
180 <ul>
181 <li>Administrator account protection</li>
182 <li>Internal knowledge base security</li>
183 <li>Private documentation platforms</li>
184 <li>Remote user access protection</li>
185 <li>Customer or partner portals</li>
186 <li>Security review and NIS 2 readiness initiatives</li>
187 </ul>
188 </aside>
189 </div>
190 </div>
191 </section>
192
193 <section aria-labelledby="admin-experience-title">
194 <div class="container">
195 <h2 id="admin-experience-title">Administrator experience</h2>
196
197 <p class="section-intro">
198 Administrators can configure the MFA policy, monitor adoption and reset user MFA setups when needed.
199 </p>
200
201 <div class="product-feature-grid">
202 #foreach ($entry in $adminExperienceItems)
203 <article class="product-feature">
204 <div class="card-heading">
205 <div class="feature-icon">
206 <i class="fa fa-$entry.icon" aria-hidden="true"></i>
207 </div>
208 <h3>$entry.title</h3>
Agnease 9.1 209 </div>
Agnease 1.18 210
Agnease 10.1 211 <p>$entry.content</p>
212 </article>
213 #end
Agnease 8.1 214 </div>
Agnease 10.1 215
216 {{/html}}
217
218 {{gallery}}
219 [[image:mfa-admin-configuration.png]]
220 [[image:mfa-admin-overview.png]]
221 {{/gallery}}
222
223 {{html clean="false"}}
224
Agnease 10.4 225 <p class="product-gallery-caption">
226 Administration screens for configuring MFA and reviewing MFA adoption across users.
227 </p>
Agnease 7.2 228 </div>
229 </section>
230
Agnease 10.1 231 <section class="product-section-muted" aria-labelledby="user-experience-title">
Agnease 6.11 232 <div class="container">
Agnease 10.1 233 <h2 id="user-experience-title">User experience</h2>
234
235 <p class="section-intro">
236 Users can configure MFA from their profile and complete the second verification step during login.
237 </p>
238
239 <div class="product-feature-grid">
240 #foreach ($entry in $userExperienceItems)
241 <article class="product-feature">
242 <div class="card-heading">
243 <div class="feature-icon">
244 <i class="fa fa-$entry.icon" aria-hidden="true"></i>
245 </div>
246 <h3>$entry.title</h3>
247 </div>
248
249 <p>$entry.content</p>
250 </article>
251 #end
252 </div>
253
254 {{/html}}
255
256 {{gallery}}
257 [[image:mfa-user-setup-qr.png]]
258 [[image:mfa-login-verification.png]]
259 {{/gallery}}
260
261 {{html clean="false"}}
262
Agnease 10.4 263 <p class="product-gallery-caption">
264 User setup and login verification screens.
265 </p>
Agnease 10.1 266 </div>
267 </section>
268
269 <section aria-labelledby="recovery-title">
270 <div class="container">
271 <h2 id="recovery-title">Recovery codes and trusted devices</h2>
272
273 <p class="section-intro">
274 Recovery codes and trusted devices help balance stronger access protection with a smoother user experience.
275 </p>
276
277 <div class="product-feature-grid">
278 #foreach ($entry in $recoveryItems)
279 <article class="product-feature">
280 <div class="card-heading">
281 <div class="feature-icon">
282 <i class="fa fa-$entry.icon" aria-hidden="true"></i>
283 </div>
284 <h3>$entry.title</h3>
285 </div>
286
287 <p>$entry.content</p>
288 </article>
289 #end
290 </div>
291
292 {{/html}}
293
294 {{gallery}}
295 [[image:mfa-recovery-codes.png]]
296 [[image:mfa-trusted-devices.png]]
297 [[image:mfa-user-profile-overview.png]]
298 [[image:mfa-admin-user-management.png]]
299 {{/gallery}}
300
301 {{html clean="false"}}
302
Agnease 10.4 303 <p class="product-gallery-caption">
304 Recovery codes, trusted devices and user profile management.
305 </p>
Agnease 10.1 306 </div>
307 </section>
308
309 <section class="product-section-muted" aria-labelledby="rollout-title">
310 <div class="container">
Agnease 8.1 311 <div class="product-layout">
312 <article class="product-summary-card">
Agnease 10.1 313 <h2 id="rollout-title">Rollout recommendations</h2>
Agnease 6.11 314
Agnease 8.1 315 <p>
Agnease 10.1 316 For a smooth rollout, start with a small administrator or pilot group before requiring MFA for everyone.
317 This helps validate the configuration, prepare user communication and reduce support issues.
Agnease 8.1 318 </p>
Agnease 6.11 319
Agnease 10.1 320 <ol class="process-list">
321 #foreach ($entry in $rolloutItems)
322 <li>
323 <strong>$entry.title</strong>
324 $entry.content
325 </li>
326 #end
327 </ol>
328 </article>
Agnease 6.11 329
Agnease 10.1 330 <aside class="product-info-card" aria-labelledby="planning-title">
331 <h3 id="planning-title">Useful information before installation</h3>
332
333 <p class="product-card-note">
334 These details help evaluate compatibility, rollout scope and configuration options.
Agnease 8.1 335 </p>
336
337 <ul>
Agnease 10.1 338 <li>XWiki version</li>
339 <li>Single wiki or wiki farm with subwikis</li>
340 <li>Current authentication setup</li>
341 <li>Optional or globally required MFA policy</li>
342 <li>Trusted-device policy</li>
343 <li>Recovery-code policy</li>
344 <li>Rollout communication needs</li>
Agnease 8.1 345 </ul>
346 </aside>
347 </div>
Agnease 7.2 348 </div>
349 </section>
350
Agnease 1.18 351 <section class="cta-section" aria-labelledby="cta-title">
352 <div class="container">
353 <div class="cta-panel">
354 <h2 id="cta-title">Interested in using this extension?</h2>
Agnease 10.1 355
Agnease 1.18 356 <p>
Agnease 10.1 357 Send a short message with your XWiki version, current authentication setup and MFA rollout goal.
Agnease 1.18 358 </p>
Agnease 10.1 359
Agnease 1.18 360 <a class="btn btn-primary" href="$xwiki.getURL('contact.WebHome')">Contact Agnease</a>
361 </div>
362 </div>
363 </section>
364
365 {{/html}}
366 {{/velocity}}