Skip to Content
Version 17.1 by Agnease on 2026/06/24 14:53
Show last authors
1 {{velocity}}
2 #set ($discard = $xwiki.ssx.use('PublicWebSite.WebHome'))
3 #set ($discard = $xwiki.ssx.use('products.WebHome'))
4
5 #set ($mainCapabilityItems = [{
6 'title': 'Second verification step',
7 'icon': 'key',
8 'content': 'Add an additional verification screen after the normal XWiki username and password login.'
9 },{
10 'title': 'Authenticator app codes',
11 'icon': 'mobile',
12 'content': 'Let users verify access with time-based TOTP codes generated by authenticator applications.'
13 },{
14 'title': 'Email verification codes',
15 'icon': 'envelope-o',
16 'content': 'Send one-time verification codes by email when this method is enabled or combined with app codes.'
17 }])
18
19 #set ($adminExperienceItems = [{
20 'title': 'MFA policy',
21 'icon': 'cog',
22 'content': 'Make MFA optional or required for all users from the XWiki Administration section.'
23 },{
24 'title': 'Recovery and trusted devices',
25 'icon': 'shield',
26 'content': 'Configure recovery-code count and trusted-device duration according to the organization security policy.'
27 },{
28 'title': 'Administration overview',
29 'icon': 'table',
30 'content': 'Review MFA adoption across users with summary indicators and a filterable Live Data table.'
31 }])
32
33 #set ($userExperienceItems = [{
34 'title': 'Self-service setup',
35 'icon': 'qrcode',
36 'content': 'Users configure MFA from their profile by scanning a QR code or entering the setup key manually.'
37 },{
38 'title': 'Familiar login flow',
39 'icon': 'sign-in',
40 'content': 'After the normal login, users enter the configured verification code before accessing XWiki.'
41 },{
42 'title': 'Profile management',
43 'icon': 'user',
44 'content': 'Users can review MFA status, manage recovery codes and remove trusted devices from their profile.'
45 }])
46
47 #set ($recoveryItems = [{
48 'title': 'Recovery codes',
49 'icon': 'life-ring',
50 'content': 'Recovery codes provide backup access when a user loses access to the authenticator application.'
51 },{
52 'title': 'Trusted devices',
53 'icon': 'desktop',
54 'content': 'Trusted browsers or devices can skip repeated MFA prompts for a configured period.'
55 },{
56 'title': 'Administrator reset',
57 'icon': 'refresh',
58 'content': 'Administrators can reset a user MFA setup when the user needs to restart the configuration process.'
59 }])
60
61 #set ($rolloutItems = [{
62 'title': 'Start with a pilot group',
63 'content': 'Test the extension with administrators or a small user group before enabling it widely.'
64 },{
65 'title': 'Define the MFA policy',
66 'content': 'Decide whether MFA should be optional, required for administrators, or required for all users.'
67 },{
68 'title': 'Configure recovery options',
69 'content': 'Choose whether recovery codes and trusted devices should be enabled.'
70 },{
71 'title': 'Inform users',
72 'content': 'Explain how users configure MFA, save recovery codes and manage trusted devices.'
73 },{
74 'title': 'Monitor adoption',
75 'content': 'Use the administration overview to identify users who still need to configure MFA.'
76 }])
77
78 {{html clean="false"}}
79
80 <section class="hero hero-centered" aria-labelledby="product-title">
81 <div class="container hero-inner">
82 <div class="hero-kicker">
83 <i class="fa fa-lock" aria-hidden="true"></i>
84 XWiki 2FA and MFA
85 </div>
86
87 <h1 id="product-title">XWiki Two-Factor Authentication</h1>
88
89 <p class="lead">
90 Protect XWiki logins with a second verification step using authenticator app codes,
91 email verification codes, or both.
92 </p>
93
94 <div class="hero-actions">
95 <a class="btn btn-primary" href="$xwiki.getURL('contact.WebHome')">Ask about this extension</a>
96 <a class="btn btn-secondary" href="$xwiki.getURL('products.WebHome')">View all products</a>
97 </div>
98 </div>
99 </section>
100
101 <section aria-labelledby="overview-title">
102 <div class="container">
103 <div class="product-layout">
104 <article class="product-summary-card">
105 <h2 id="overview-title">Two-factor authentication built into XWiki</h2>
106
107 <p>
108 XWiki Two-Factor Authentication adds MFA/2FA support to the standard XWiki login flow.
109 Users continue to sign in with their normal username and password, then confirm access with
110 an additional verification method.
111 </p>
112
113 <p>
114 The extension supports authenticator app codes, email-delivered verification codes, or a combined
115 setup where both methods are required. It improves account protection without replacing the familiar
116 XWiki authentication experience.
117 </p>
118 </article>
119
120 <aside class="product-info-card" aria-labelledby="quick-facts-title">
121 <h3 id="quick-facts-title">Quick facts</h3>
122 <ul>
123 <li>Works with the standard XWiki login flow</li>
124 <li>Supports TOTP authenticator applications</li>
125 <li>Supports email-delivered one-time codes</li>
126 <li>Can require app and email verification together</li>
127 <li>Includes recovery codes for backup access</li>
128 <li>Can remember trusted browsers or devices</li>
129 <li>Includes administration and user controls</li>
130 </ul>
131 </aside>
132 </div>
133 </div>
134 </section>
135
136 <section aria-labelledby="capabilities-title">
137 <div class="container">
138 <h2 id="capabilities-title">Main capabilities</h2>
139
140 <p class="section-intro">
141 A focused set of MFA/2FA features for stronger XWiki account protection without changing the standard login experience.
142 </p>
143
144 <div class="product-feature-grid">
145 #foreach ($entry in $mainCapabilityItems)
146 <article class="product-feature">
147 <div class="card-heading">
148 <div class="feature-icon">
149 <i class="fa fa-$entry.icon" aria-hidden="true"></i>
150 </div>
151 <h3>$entry.title</h3>
152 </div>
153
154 <p>$entry.content</p>
155 </article>
156 #end
157 </div>
158 </div>
159 </section>
160
161 <section class="product-section-muted" aria-labelledby="security-title">
162 <div class="container">
163 <div class="product-layout">
164 <article class="product-summary-card">
165 <h2 id="security-title">Useful for XWiki security and access protection</h2>
166
167 <p>
168 Many organizations need multi-factor authentication for internal tools, knowledge bases,
169 intranets, documentation platforms and systems containing operational or sensitive information.
170 </p>
171
172 <p>
173 For XWiki, adding two-factor authentication directly to the standard login flow helps protect
174 administrator accounts, remote users, private knowledge bases and customer or partner portals.
175 </p>
176 </article>
177
178 <aside class="product-info-card" aria-labelledby="use-cases-title">
179 <h3 id="use-cases-title">Typical use cases</h3>
180 <ul>
181 <li>Administrator account protection</li>
182 <li>Internal knowledge base security</li>
183 <li>Private documentation platforms</li>
184 <li>Remote user access protection</li>
185 <li>Customer or partner portals</li>
186 <li>Security review and NIS 2 readiness initiatives</li>
187 </ul>
188 </aside>
189 </div>
190 </div>
191 </section>
192
193 <section aria-labelledby="admin-experience-title">
194 <div class="container">
195 <h2 id="admin-experience-title">Administrator experience</h2>
196
197 <p class="section-intro">
198 Administrators can configure the MFA policy, monitor adoption and reset user MFA setups when needed.
199 </p>
200
201 <div class="product-feature-grid">
202 #foreach ($entry in $adminExperienceItems)
203 <article class="product-feature">
204 <div class="card-heading">
205 <div class="feature-icon">
206 <i class="fa fa-$entry.icon" aria-hidden="true"></i>
207 </div>
208 <h3>$entry.title</h3>
209 </div>
210
211 <p>$entry.content</p>
212 </article>
213 #end
214 </div>
215
216 {{/html}}
217
218 {{gallery}}
219 [[image:mfa-admin-configuration.png]]
220 [[image:mfa-admin-overview.png]]
221 {{/gallery}}
222
223 {{html clean="false"}}
224
225 <p class="product-gallery-caption">
226 Administration screens for configuring MFA and reviewing MFA adoption across users.
227 </p>
228 </div>
229 </section>
230
231 <section class="product-section-muted" aria-labelledby="user-experience-title">
232 <div class="container">
233 <h2 id="user-experience-title">User experience</h2>
234
235 <p class="section-intro">
236 Users can configure MFA from their profile and complete the second verification step during login.
237 </p>
238
239 <div class="product-feature-grid">
240 #foreach ($entry in $userExperienceItems)
241 <article class="product-feature">
242 <div class="card-heading">
243 <div class="feature-icon">
244 <i class="fa fa-$entry.icon" aria-hidden="true"></i>
245 </div>
246 <h3>$entry.title</h3>
247 </div>
248
249 <p>$entry.content</p>
250 </article>
251 #end
252 </div>
253
254 {{/html}}
255
256 {{gallery}}
257 [[image:mfa-user-setup-qr.png]]
258 [[image:mfa-login-verification-setup.png]]
259 [[image:mfa-login-verification-code.png]]
260 {{/gallery}}
261
262 {{html clean="false"}}
263
264 <p class="product-gallery-caption">
265 User setup and login verification screens.
266 </p>
267 </div>
268 </section>
269
270 <section aria-labelledby="recovery-title">
271 <div class="container">
272 <h2 id="recovery-title">Recovery codes and trusted devices</h2>
273
274 <p class="section-intro">
275 Recovery codes and trusted devices help balance stronger access protection with a smoother user experience.
276 </p>
277
278 <div class="product-feature-grid">
279 #foreach ($entry in $recoveryItems)
280 <article class="product-feature">
281 <div class="card-heading">
282 <div class="feature-icon">
283 <i class="fa fa-$entry.icon" aria-hidden="true"></i>
284 </div>
285 <h3>$entry.title</h3>
286 </div>
287
288 <p>$entry.content</p>
289 </article>
290 #end
291 </div>
292
293 {{/html}}
294
295 {{gallery}}
296 [[image:mfa-recovery-codes.png]]
297 [[image:mfa-trusted-devices.png]]
298 [[image:mfa-user-profile-overview.png]]
299 [[image:mfa-admin-user-management.png]]
300 {{/gallery}}
301
302 {{html clean="false"}}
303
304 <p class="product-gallery-caption">
305 Recovery codes, trusted devices and user profile management.
306 </p>
307 </div>
308 </section>
309
310 <section class="product-section-muted" aria-labelledby="rollout-title">
311 <div class="container">
312 <div class="product-layout">
313 <article class="product-summary-card">
314 <h2 id="rollout-title">Rollout recommendations</h2>
315
316 <p>
317 For a smooth rollout, start with a small administrator or pilot group before requiring MFA for everyone.
318 This helps validate the configuration, prepare user communication and reduce support issues.
319 </p>
320
321 <ol class="process-list">
322 #foreach ($entry in $rolloutItems)
323 <li>
324 <strong>$entry.title</strong>
325 $entry.content
326 </li>
327 #end
328 </ol>
329 </article>
330
331 <aside class="product-info-card" aria-labelledby="planning-title">
332 <h3 id="planning-title">Useful information before installation</h3>
333
334 <p class="product-card-note">
335 These details help evaluate compatibility, rollout scope and configuration options.
336 </p>
337
338 <ul>
339 <li>XWiki version</li>
340 <li>Single wiki or wiki farm with subwikis</li>
341 <li>Current authentication setup</li>
342 <li>Optional or globally required MFA policy</li>
343 <li>Trusted-device policy</li>
344 <li>Recovery-code policy</li>
345 <li>Rollout communication needs</li>
346 </ul>
347 </aside>
348 </div>
349 </div>
350 </section>
351
352 <section class="cta-section" aria-labelledby="cta-title">
353 <div class="container">
354 <div class="cta-panel">
355 <h2 id="cta-title">Interested in using this extension?</h2>
356
357 <p>
358 Send a short message with your XWiki version, current authentication setup and MFA rollout goal.
359 </p>
360
361 <a class="btn btn-primary" href="$xwiki.getURL('contact.WebHome')">Contact Agnease</a>
362 </div>
363 </div>
364 </section>
365
366 {{/html}}
367 {{/velocity}}