Skip to Content
Version 22.3 by Agnease on 2026/06/24 15:15
Show last authors
1 {{velocity}}
2 #set ($discard = $xwiki.ssx.use('PublicWebSite.WebHome'))
3 #set ($discard = $xwiki.ssx.use('products.WebHome'))
4
5 #set ($mainCapabilityItems = [{
6 'title': 'Second verification step',
7 'icon': 'key',
8 'content': 'Add an additional verification screen after the normal XWiki username and password login.'
9 },{
10 'title': 'Authenticator app codes',
11 'icon': 'mobile',
12 'content': 'Let users verify access with time-based TOTP codes generated by authenticator applications.'
13 },{
14 'title': 'Recovery and trusted devices',
15 'icon': 'shield',
16 'content': 'Provide backup access with recovery codes and reduce repeated prompts on trusted browsers.'
17 }])
18
19 #set ($adminExperienceItems = [{
20 'title': 'MFA policy',
21 'icon': 'cog',
22 'content': 'Make MFA optional or required for all users from the XWiki Administration section.'
23 },{
24 'title': 'Configuration options',
25 'icon': 'sliders',
26 'content': 'Set the authenticator issuer name, recovery-code count and trusted-device duration.'
27 },{
28 'title': 'Administration overview',
29 'icon': 'table',
30 'content': 'Review MFA adoption with summary indicators and a filterable Live Data table.'
31 }])
32
33 #set ($userExperienceItems = [{
34 'title': 'Self-service setup',
35 'icon': 'qrcode',
36 'content': 'Users configure MFA from their profile by scanning a QR code or entering the setup key manually.'
37 },{
38 'title': 'Login verification',
39 'icon': 'sign-in',
40 'content': 'After the normal login, users enter the code generated by their authenticator app.'
41 },{
42 'title': 'Trusted browser option',
43 'icon': 'desktop',
44 'content': 'Users can trust the current browser for the configured duration after successful verification.'
45 }])
46
47 #set ($selfServiceItems = [{
48 'title': 'Recovery codes',
49 'icon': 'life-ring',
50 'content': 'Recovery codes provide backup access when a user loses access to the authenticator application.'
51 },{
52 'title': 'Trusted devices',
53 'icon': 'desktop',
54 'content': 'Trusted devices can be reviewed and removed from the user profile.'
55 },{
56 'title': 'Profile management',
57 'icon': 'user',
58 'content': 'Users can review MFA status, generate recovery codes, manage trusted devices and reset MFA.'
59 }])
60
61 #set ($adminSupportItems = [{
62 'title': 'User MFA status',
63 'icon': 'user',
64 'content': 'Administrators can open a user profile and check the MFA status for that account.'
65 },{
66 'title': 'MFA reset',
67 'icon': 'refresh',
68 'content': 'Administrators can reset MFA when a user needs to restart the configuration process.'
69 },{
70 'title': 'Controlled recovery',
71 'icon': 'unlock-alt',
72 'content': 'Resetting MFA removes the authenticator setup, recovery codes and trusted devices for that user.'
73 }])
74
75 #set ($rolloutItems = [{
76 'title': 'Start with a pilot group',
77 'content': 'Test the extension with administrators or a small user group before enabling it widely.'
78 },{
79 'title': 'Define the MFA policy',
80 'content': 'Decide whether MFA should be optional at first or required for all users.'
81 },{
82 'title': 'Configure recovery options',
83 'content': 'Choose the number of recovery codes and whether trusted devices should be allowed.'
84 },{
85 'title': 'Inform users',
86 'content': 'Explain how users configure MFA, save recovery codes and manage trusted devices.'
87 },{
88 'title': 'Monitor adoption',
89 'content': 'Use the administration overview to identify users who still need to configure MFA.'
90 }])
91
92 {{html clean="false"}}
93
94 <section class="hero hero-centered" aria-labelledby="product-title">
95 <div class="container hero-inner">
96 <div class="hero-kicker">
97 <i class="fa fa-lock" aria-hidden="true"></i>
98 XWiki 2FA and MFA
99 </div>
100
101 ```
102 <h1 id="product-title">XWiki Two-Factor Authentication</h1>
103
104 <p class="lead">
105 Protect XWiki logins with a second verification step using authenticator app codes,
106 recovery codes and trusted devices.
107 </p>
108
109 <div class="hero-actions">
110 <a class="btn btn-primary" href="$xwiki.getURL('contact.WebHome')">Ask about this extension</a>
111 <a class="btn btn-secondary" href="$xwiki.getURL('products.WebHome')">View all products</a>
112 </div>
113 ```
114
115 </div>
116 </section>
117
118 <section aria-labelledby="overview-title">
119 <div class="container">
120 <div class="product-layout">
121 <article class="product-summary-card">
122 <h2 id="overview-title">Two-factor authentication built into XWiki</h2>
123
124 ```
125 <p>
126 XWiki Two-Factor Authentication adds MFA support to the standard XWiki login flow.
127 Users continue to sign in with their normal username and password, then confirm access
128 with a time-based verification code from an authenticator application.
129 </p>
130
131 <p>
132 The extension is designed for organizations that want stronger access protection for
133 internal knowledge bases, intranets, documentation platforms, customer portals and other
134 XWiki-based applications.
135 </p>
136 </article>
137
138 <aside class="product-info-card" aria-labelledby="quick-facts-title">
139 <h3 id="quick-facts-title">Quick facts</h3>
140 <ul>
141 <li>Works with the standard XWiki login flow</li>
142 <li>Supports TOTP authenticator applications</li>
143 <li>Can require MFA for all users</li>
144 <li>Includes one-time recovery codes</li>
145 <li>Can remember trusted browsers or devices</li>
146 <li>Includes user self-service controls</li>
147 <li>Includes an administration overview</li>
148 </ul>
149 </aside>
150 </div>
151 ```
152
153 </div>
154 </section>
155
156 <section aria-labelledby="capabilities-title">
157 <div class="container">
158 <h2 id="capabilities-title">Main capabilities</h2>
159
160 ```
161 <p class="section-intro">
162 A focused set of MFA features for stronger XWiki account protection without replacing the familiar login experience.
163 </p>
164
165 <div class="product-feature-grid">
166 #foreach ($entry in $mainCapabilityItems)
167 <article class="product-feature">
168 <div class="card-heading">
169 <div class="feature-icon">
170 <i class="fa fa-$entry.icon" aria-hidden="true"></i>
171 </div>
172 <h3>$entry.title</h3>
173 </div>
174
175 <p>$entry.content</p>
176 </article>
177 #end
178 </div>
179 ```
180
181 </div>
182 </section>
183
184 <section class="product-section-muted" aria-labelledby="security-title">
185 <div class="container">
186 <div class="product-layout">
187 <article class="product-summary-card">
188 <h2 id="security-title">Useful for XWiki security and access protection</h2>
189
190 ```
191 <p>
192 Many organizations use XWiki to store internal documentation, procedures, operational
193 knowledge and business-critical information. Adding a second authentication factor helps
194 reduce the risk of account compromise when a password is exposed or reused.
195 </p>
196
197 <p>
198 The extension is especially useful for protecting administrator accounts, remote users,
199 private knowledge bases and customer or partner portals.
200 </p>
201 </article>
202
203 <aside class="product-info-card" aria-labelledby="use-cases-title">
204 <h3 id="use-cases-title">Typical use cases</h3>
205 <ul>
206 <li>Administrator account protection</li>
207 <li>Internal knowledge base security</li>
208 <li>Private documentation platforms</li>
209 <li>Remote user access protection</li>
210 <li>Customer or partner portals</li>
211 <li>Security review and NIS 2 readiness initiatives</li>
212 </ul>
213 </aside>
214 </div>
215 ```
216
217 </div>
218 </section>
219
220 <section aria-labelledby="admin-experience-title">
221 <div class="container">
222 <h2 id="admin-experience-title">Administrator configuration and monitoring</h2>
223
224 ```
225 <p class="section-intro">
226 Administrators can configure the MFA policy, define recovery options and monitor adoption from the XWiki Administration section.
227 </p>
228
229 <div class="product-feature-grid">
230 #foreach ($entry in $adminExperienceItems)
231 <article class="product-feature">
232 <div class="card-heading">
233 <div class="feature-icon">
234 <i class="fa fa-$entry.icon" aria-hidden="true"></i>
235 </div>
236 <h3>$entry.title</h3>
237 </div>
238
239 <p>$entry.content</p>
240 </article>
241 #end
242 </div>
243 ```
244
245 {{/html}}
246
247 {{gallery}}
248 [[image:mfa-admin-configuration.png]]
249 [[image:mfa-admin-overview.png]]
250 [[image:mfa-admin-full.png]]
251 {{/gallery}}
252
253 {{html clean="false"}}
254
255 ```
256 <p class="product-gallery-caption">
257 Administration screens for configuring MFA and reviewing MFA adoption across users.
258 </p>
259 ```
260
261 </div>
262 </section>
263
264 <section class="product-section-muted" aria-labelledby="user-experience-title">
265 <div class="container">
266 <h2 id="user-experience-title">User setup and login verification</h2>
267
268 ```
269 <p class="section-intro">
270 Users can configure MFA from their profile or during the enforced setup flow, then verify future logins with their authenticator app.
271 </p>
272
273 <div class="product-feature-grid">
274 #foreach ($entry in $userExperienceItems)
275 <article class="product-feature">
276 <div class="card-heading">
277 <div class="feature-icon">
278 <i class="fa fa-$entry.icon" aria-hidden="true"></i>
279 </div>
280 <h3>$entry.title</h3>
281 </div>
282
283 <p>$entry.content</p>
284 </article>
285 #end
286 </div>
287 ```
288
289 {{/html}}
290
291 {{gallery}}
292 [[image:mfa-user-setup-qr.png]]
293 [[image:mfa-login-verification-setup.png]]
294 [[image:mfa-login-verification-code.png]]
295 {{/gallery}}
296
297 {{html clean="false"}}
298
299 ```
300 <p class="product-gallery-caption">
301 User setup, enforced MFA configuration and login verification screens.
302 </p>
303 ```
304
305 </div>
306 </section>
307
308 <section aria-labelledby="self-service-title">
309 <div class="container">
310 <h2 id="self-service-title">Recovery codes and trusted devices</h2>
311
312 ```
313 <p class="section-intro">
314 Recovery codes and trusted devices help balance stronger access protection with a smoother user experience.
315 </p>
316
317 <div class="product-feature-grid">
318 #foreach ($entry in $selfServiceItems)
319 <article class="product-feature">
320 <div class="card-heading">
321 <div class="feature-icon">
322 <i class="fa fa-$entry.icon" aria-hidden="true"></i>
323 </div>
324 <h3>$entry.title</h3>
325 </div>
326
327 <p>$entry.content</p>
328 </article>
329 #end
330 </div>
331 ```
332
333 {{/html}}
334
335 {{gallery}}
336 [[image:mfa-user-profile-overview.png]]
337 [[image:mfa-recovery-codes-not-generated.png]]
338 [[image:mfa-recovery-codes-generated.png]]
339 [[image:mfa-trusted-devices.png]]
340 [[image:mfa-user-profile-full.png]]
341 {{/gallery}}
342
343 {{html clean="false"}}
344
345 ```
346 <p class="product-gallery-caption">
347 User profile screens for recovery codes, trusted devices and MFA self-service management.
348 </p>
349 ```
350
351 </div>
352 </section>
353
354 <section class="product-section-muted" aria-labelledby="admin-support-title">
355 <div class="container">
356 <h2 id="admin-support-title">Administrator support and user recovery</h2>
357
358 ```
359 <p class="section-intro">
360 Administrators can help users recover from lost devices or restart MFA setup when needed.
361 </p>
362
363 <div class="product-feature-grid">
364 #foreach ($entry in $adminSupportItems)
365 <article class="product-feature">
366 <div class="card-heading">
367 <div class="feature-icon">
368 <i class="fa fa-$entry.icon" aria-hidden="true"></i>
369 </div>
370 <h3>$entry.title</h3>
371 </div>
372
373 <p>$entry.content</p>
374 </article>
375 #end
376 </div>
377 ```
378
379 {{/html}}
380
381 {{gallery}}
382 [[image:mfa-admin-user-management.png]]
383 {{/gallery}}
384
385 {{html clean="false"}}
386
387 ```
388 <p class="product-gallery-caption">
389 Administrator view for checking and resetting a user MFA setup.
390 </p>
391 ```
392
393 </div>
394 </section>
395
396 <section aria-labelledby="rollout-title">
397 <div class="container">
398 <div class="product-layout">
399 <article class="product-summary-card">
400 <h2 id="rollout-title">Rollout recommendations</h2>
401
402 ```
403 <p>
404 For a smooth rollout, start with a small administrator or pilot group before requiring MFA for everyone.
405 This helps validate the configuration, prepare user communication and reduce support issues.
406 </p>
407
408 <ol class="process-list">
409 #foreach ($entry in $rolloutItems)
410 <li>
411 <strong>$entry.title</strong>
412 $entry.content
413 </li>
414 #end
415 </ol>
416 </article>
417
418 <aside class="product-info-card" aria-labelledby="planning-title">
419 <h3 id="planning-title">Useful information before installation</h3>
420
421 <p class="product-card-note">
422 These details help evaluate compatibility, rollout scope and configuration options.
423 </p>
424
425 <ul>
426 <li>XWiki version</li>
427 <li>Single wiki or wiki farm with subwikis</li>
428 <li>Current authentication setup</li>
429 <li>Optional or globally required MFA policy</li>
430 <li>Trusted-device policy</li>
431 <li>Recovery-code policy</li>
432 <li>Rollout communication needs</li>
433 </ul>
434 </aside>
435 </div>
436 ```
437
438 </div>
439 </section>
440
441 <section class="cta-section" aria-labelledby="cta-title">
442 <div class="container">
443 <div class="cta-panel">
444 <h2 id="cta-title">Interested in using this extension?</h2>
445
446 ```
447 <p>
448 Send a short message with your XWiki version, current authentication setup and MFA rollout goal.
449 </p>
450
451 <a class="btn btn-primary" href="$xwiki.getURL('contact.WebHome')">Contact Agnease</a>
452 </div>
453 ```
454
455 </div>
456 </section>
457
458 {{/html}}
459 {{/velocity}}