Skip to Content
Version 18.1 by Agnease on 2026/06/24 14:58
Show last authors
1 {{velocity}}
2 #set ($discard = $xwiki.ssx.use('PublicWebSite.WebHome'))
3 #set ($discard = $xwiki.ssx.use('products.WebHome'))
4
5 #set ($mainCapabilityItems = [{
6 'title': 'Second verification step',
7 'icon': 'key',
8 'content': 'Add an additional verification screen after the normal XWiki username and password login.'
9 },{
10 'title': 'Authenticator app codes',
11 'icon': 'mobile',
12 'content': 'Let users verify access with time-based TOTP codes generated by authenticator applications.'
13 },{
14 'title': 'Email verification codes',
15 'icon': 'envelope-o',
16 'content': 'Send one-time verification codes by email when this method is enabled or combined with app codes.'
17 }])
18
19 #set ($adminExperienceItems = [{
20 'title': 'MFA policy',
21 'icon': 'cog',
22 'content': 'Make MFA optional or required for all users from the XWiki Administration section.'
23 },{
24 'title': 'Recovery and trusted devices',
25 'icon': 'shield',
26 'content': 'Configure recovery-code count and trusted-device duration according to the organization security policy.'
27 },{
28 'title': 'Administration overview',
29 'icon': 'table',
30 'content': 'Review MFA adoption across users with summary indicators and a filterable Live Data table.'
31 }])
32
33 #set ($userExperienceItems = [{
34 'title': 'Self-service setup',
35 'icon': 'qrcode',
36 'content': 'Users configure MFA from their profile by scanning a QR code or entering the setup key manually.'
37 },{
38 'title': 'Familiar login flow',
39 'icon': 'sign-in',
40 'content': 'After the normal login, users enter the configured verification code before accessing XWiki.'
41 },{
42 'title': 'Profile management',
43 'icon': 'user',
44 'content': 'Users can review MFA status, manage recovery codes and remove trusted devices from their profile.'
45 }])
46
47 #set ($recoveryItems = [{
48 'title': 'Recovery codes',
49 'icon': 'life-ring',
50 'content': 'Recovery codes provide backup access when a user loses access to the authenticator application.'
51 },{
52 'title': 'Trusted devices',
53 'icon': 'desktop',
54 'content': 'Trusted browsers or devices can skip repeated MFA prompts for a configured period.'
55 },{
56 'title': 'Administrator reset',
57 'icon': 'refresh',
58 'content': 'Administrators can reset a user MFA setup when the user needs to restart the configuration process.'
59 }])
60
61 #set ($rolloutItems = [{
62 'title': 'Start with a pilot group',
63 'content': 'Test the extension with administrators or a small user group before enabling it widely.'
64 },{
65 'title': 'Define the MFA policy',
66 'content': 'Decide whether MFA should be optional, required for administrators, or required for all users.'
67 },{
68 'title': 'Configure recovery options',
69 'content': 'Choose whether recovery codes and trusted devices should be enabled.'
70 },{
71 'title': 'Inform users',
72 'content': 'Explain how users configure MFA, save recovery codes and manage trusted devices.'
73 },{
74 'title': 'Monitor adoption',
75 'content': 'Use the administration overview to identify users who still need to configure MFA.'
76 }])
77
78 {{html clean="false"}}
79
80 <section class="hero hero-centered" aria-labelledby="product-title">
81 <div class="container hero-inner">
82 <div class="hero-kicker">
83 <i class="fa fa-lock" aria-hidden="true"></i>
84 XWiki 2FA and MFA
85 </div>
86
87 <h1 id="product-title">XWiki Two-Factor Authentication</h1>
88
89 <p class="lead">
90 Protect XWiki logins with a second verification step using authenticator app codes,
91 email verification codes, or both.
92 </p>
93
94 <div class="hero-actions">
95 <a class="btn btn-primary" href="$xwiki.getURL('contact.WebHome')">Ask about this extension</a>
96 <a class="btn btn-secondary" href="$xwiki.getURL('products.WebHome')">View all products</a>
97 </div>
98 </div>
99 </section>
100
101 <section aria-labelledby="overview-title">
102 <div class="container">
103 <div class="product-layout">
104 <article class="product-summary-card">
105 <h2 id="overview-title">Two-factor authentication built into XWiki</h2>
106
107 <p>
108 XWiki Two-Factor Authentication adds MFA/2FA support to the standard XWiki login flow.
109 Users continue to sign in with their normal username and password, then confirm access with
110 an additional verification method.
111 </p>
112
113 <p>
114 The extension supports authenticator app codes, email-delivered verification codes, or a combined
115 setup where both methods are required. It improves account protection without replacing the familiar
116 XWiki authentication experience.
117 </p>
118 </article>
119
120 <aside class="product-info-card" aria-labelledby="quick-facts-title">
121 <h3 id="quick-facts-title">Quick facts</h3>
122 <ul>
123 <li>Works with the standard XWiki login flow</li>
124 <li>Supports TOTP authenticator applications</li>
125 <li>Supports email-delivered one-time codes</li>
126 <li>Can require app and email verification together</li>
127 <li>Includes recovery codes for backup access</li>
128 <li>Can remember trusted browsers or devices</li>
129 <li>Includes administration and user controls</li>
130 </ul>
131 </aside>
132 </div>
133 </div>
134 </section>
135
136 <section aria-labelledby="capabilities-title">
137 <div class="container">
138 <h2 id="capabilities-title">Main capabilities</h2>
139
140 <p class="section-intro">
141 A focused set of MFA/2FA features for stronger XWiki account protection without changing the standard login experience.
142 </p>
143
144 <div class="product-feature-grid">
145 #foreach ($entry in $mainCapabilityItems)
146 <article class="product-feature">
147 <div class="card-heading">
148 <div class="feature-icon">
149 <i class="fa fa-$entry.icon" aria-hidden="true"></i>
150 </div>
151 <h3>$entry.title</h3>
152 </div>
153
154 <p>$entry.content</p>
155 </article>
156 #end
157 </div>
158 </div>
159 </section>
160
161 <section class="product-section-muted" aria-labelledby="security-title">
162 <div class="container">
163 <div class="product-layout">
164 <article class="product-summary-card">
165 <h2 id="security-title">Useful for XWiki security and access protection</h2>
166
167 <p>
168 Many organizations need multi-factor authentication for internal tools, knowledge bases,
169 intranets, documentation platforms and systems containing operational or sensitive information.
170 </p>
171
172 <p>
173 For XWiki, adding two-factor authentication directly to the standard login flow helps protect
174 administrator accounts, remote users, private knowledge bases and customer or partner portals.
175 </p>
176 </article>
177
178 <aside class="product-info-card" aria-labelledby="use-cases-title">
179 <h3 id="use-cases-title">Typical use cases</h3>
180 <ul>
181 <li>Administrator account protection</li>
182 <li>Internal knowledge base security</li>
183 <li>Private documentation platforms</li>
184 <li>Remote user access protection</li>
185 <li>Customer or partner portals</li>
186 <li>Security review and NIS 2 readiness initiatives</li>
187 </ul>
188 </aside>
189 </div>
190 </div>
191 </section>
192
193 <section aria-labelledby="admin-experience-title">
194 <div class="container">
195 <h2 id="admin-experience-title">Administrator experience</h2>
196
197 <p class="section-intro">
198 Administrators can configure the MFA policy, monitor adoption and reset user MFA setups when needed.
199 </p>
200
201 <div class="product-feature-grid">
202 #foreach ($entry in $adminExperienceItems)
203 <article class="product-feature">
204 <div class="card-heading">
205 <div class="feature-icon">
206 <i class="fa fa-$entry.icon" aria-hidden="true"></i>
207 </div>
208 <h3>$entry.title</h3>
209 </div>
210
211 <p>$entry.content</p>
212 </article>
213 #end
214 </div>
215
216 {{/html}}
217
218 {{gallery}}
219 [[image:mfa-admin-configuration.png]]
220 [[image:mfa-admin-overview.png]]
221 [[image:mfa-admin-full.png]]
222 {{/gallery}}
223
224 {{html clean="false"}}
225
226 <p class="product-gallery-caption">
227 Administration screens for configuring MFA and reviewing MFA adoption across users.
228 </p>
229 </div>
230 </section>
231
232 <section class="product-section-muted" aria-labelledby="user-experience-title">
233 <div class="container">
234 <h2 id="user-experience-title">User experience</h2>
235
236 <p class="section-intro">
237 Users can configure MFA from their profile and complete the second verification step during login.
238 </p>
239
240 <div class="product-feature-grid">
241 #foreach ($entry in $userExperienceItems)
242 <article class="product-feature">
243 <div class="card-heading">
244 <div class="feature-icon">
245 <i class="fa fa-$entry.icon" aria-hidden="true"></i>
246 </div>
247 <h3>$entry.title</h3>
248 </div>
249
250 <p>$entry.content</p>
251 </article>
252 #end
253 </div>
254
255 {{/html}}
256
257 {{gallery}}
258 [[image:mfa-user-setup-qr.png]]
259 [[image:mfa-login-verification-setup.png]]
260 [[image:mfa-login-verification-code.png]]
261 {{/gallery}}
262
263 {{html clean="false"}}
264
265 <p class="product-gallery-caption">
266 User setup and login verification screens.
267 </p>
268 </div>
269 </section>
270
271 <section aria-labelledby="recovery-title">
272 <div class="container">
273 <h2 id="recovery-title">Recovery codes and trusted devices</h2>
274
275 <p class="section-intro">
276 Recovery codes and trusted devices help balance stronger access protection with a smoother user experience.
277 </p>
278
279 <div class="product-feature-grid">
280 #foreach ($entry in $recoveryItems)
281 <article class="product-feature">
282 <div class="card-heading">
283 <div class="feature-icon">
284 <i class="fa fa-$entry.icon" aria-hidden="true"></i>
285 </div>
286 <h3>$entry.title</h3>
287 </div>
288
289 <p>$entry.content</p>
290 </article>
291 #end
292 </div>
293
294 {{/html}}
295
296 {{gallery}}
297 [[image:mfa-recovery-codes.png]]
298 [[image:mfa-trusted-devices.png]]
299 [[image:mfa-user-profile-overview.png]]
300 [[image:mfa-admin-user-management.png]]
301 {{/gallery}}
302
303 {{html clean="false"}}
304
305 <p class="product-gallery-caption">
306 Recovery codes, trusted devices and user profile management.
307 </p>
308 </div>
309 </section>
310
311 <section class="product-section-muted" aria-labelledby="rollout-title">
312 <div class="container">
313 <div class="product-layout">
314 <article class="product-summary-card">
315 <h2 id="rollout-title">Rollout recommendations</h2>
316
317 <p>
318 For a smooth rollout, start with a small administrator or pilot group before requiring MFA for everyone.
319 This helps validate the configuration, prepare user communication and reduce support issues.
320 </p>
321
322 <ol class="process-list">
323 #foreach ($entry in $rolloutItems)
324 <li>
325 <strong>$entry.title</strong>
326 $entry.content
327 </li>
328 #end
329 </ol>
330 </article>
331
332 <aside class="product-info-card" aria-labelledby="planning-title">
333 <h3 id="planning-title">Useful information before installation</h3>
334
335 <p class="product-card-note">
336 These details help evaluate compatibility, rollout scope and configuration options.
337 </p>
338
339 <ul>
340 <li>XWiki version</li>
341 <li>Single wiki or wiki farm with subwikis</li>
342 <li>Current authentication setup</li>
343 <li>Optional or globally required MFA policy</li>
344 <li>Trusted-device policy</li>
345 <li>Recovery-code policy</li>
346 <li>Rollout communication needs</li>
347 </ul>
348 </aside>
349 </div>
350 </div>
351 </section>
352
353 <section class="cta-section" aria-labelledby="cta-title">
354 <div class="container">
355 <div class="cta-panel">
356 <h2 id="cta-title">Interested in using this extension?</h2>
357
358 <p>
359 Send a short message with your XWiki version, current authentication setup and MFA rollout goal.
360 </p>
361
362 <a class="btn btn-primary" href="$xwiki.getURL('contact.WebHome')">Contact Agnease</a>
363 </div>
364 </div>
365 </section>
366
367 {{/html}}
368 {{/velocity}}