Skip to Content
Version 23.2 by Agnease on 2026/06/24 15:45
Show last authors
1 {{velocity}}
2 #set ($discard = $xwiki.ssx.use('PublicWebSite.WebHome'))
3 #set ($discard = $xwiki.ssx.use('products.WebHome'))
4
5 #set ($mainCapabilityItems = [{
6 'title': 'Second verification step',
7 'icon': 'key',
8 'content': 'Add an additional verification screen after the normal XWiki username and password login.'
9 },{
10 'title': 'Authenticator app codes',
11 'icon': 'mobile',
12 'content': 'Let users verify access with time-based TOTP codes generated by authenticator applications.'
13 },{
14 'title': 'Recovery and trusted devices',
15 'icon': 'shield',
16 'content': 'Provide backup access with recovery codes and reduce repeated prompts on trusted browsers.'
17 }])
18
19 #set ($adminExperienceItems = [{
20 'title': 'MFA policy',
21 'icon': 'cog',
22 'content': 'Make MFA optional or required for all users from the XWiki Administration section.'
23 },{
24 'title': 'Configuration options',
25 'icon': 'sliders',
26 'content': 'Set the authenticator issuer name, recovery-code count and trusted-device duration.'
27 },{
28 'title': 'Administration overview',
29 'icon': 'table',
30 'content': 'Review MFA adoption with summary indicators and a filterable Live Data table.'
31 }])
32
33 #set ($userExperienceItems = [{
34 'title': 'Self-service setup',
35 'icon': 'qrcode',
36 'content': 'Users configure MFA from their profile by scanning a QR code or entering the setup key manually.'
37 },{
38 'title': 'Login verification',
39 'icon': 'sign-in',
40 'content': 'After the normal login, users enter the code generated by their authenticator app.'
41 },{
42 'title': 'Trusted browser option',
43 'icon': 'desktop',
44 'content': 'Users can trust the current browser for the configured duration after successful verification.'
45 }])
46
47 #set ($selfServiceItems = [{
48 'title': 'Recovery codes',
49 'icon': 'life-ring',
50 'content': 'Recovery codes provide backup access when a user loses access to the authenticator application.'
51 },{
52 'title': 'Trusted devices',
53 'icon': 'desktop',
54 'content': 'Trusted devices can be reviewed and removed from the user profile.'
55 },{
56 'title': 'Profile management',
57 'icon': 'user',
58 'content': 'Users can review MFA status, generate recovery codes, manage trusted devices and reset MFA.'
59 }])
60
61 #set ($adminSupportItems = [{
62 'title': 'User MFA status',
63 'icon': 'user',
64 'content': 'Administrators can open a user profile and check the MFA status for that account.'
65 },{
66 'title': 'MFA reset',
67 'icon': 'refresh',
68 'content': 'Administrators can reset MFA when a user needs to restart the configuration process.'
69 },{
70 'title': 'Controlled recovery',
71 'icon': 'unlock-alt',
72 'content': 'Resetting MFA removes the authenticator setup, recovery codes and trusted devices for that user.'
73 }])
74
75 #set ($rolloutItems = [{
76 'title': 'Start with a pilot group',
77 'content': 'Test the extension with administrators or a small user group before enabling it widely.'
78 },{
79 'title': 'Define the MFA policy',
80 'content': 'Decide whether MFA should be optional at first or required for all users.'
81 },{
82 'title': 'Configure recovery options',
83 'content': 'Choose the number of recovery codes and whether trusted devices should be allowed.'
84 },{
85 'title': 'Inform users',
86 'content': 'Explain how users configure MFA, save recovery codes and manage trusted devices.'
87 },{
88 'title': 'Monitor adoption',
89 'content': 'Use the administration overview to identify users who still need to configure MFA.'
90 }])
91
92 {{html clean="false"}}
93
94 <section class="hero hero-centered" aria-labelledby="product-title">
95 <div class="container hero-inner">
96 <div class="hero-kicker">
97 <i class="fa fa-lock" aria-hidden="true"></i>
98 XWiki 2FA and MFA
99 </div>
100
101 <h1 id="product-title">XWiki Two-Factor Authentication</h1>
102
103 <p class="lead">
104 Protect XWiki logins with a second verification step using authenticator app codes,
105 recovery codes and trusted devices.
106 </p>
107
108 <div class="hero-actions">
109 <a class="btn btn-primary" href="$xwiki.getURL('contact.WebHome')">Ask about this extension</a>
110 <a class="btn btn-secondary" href="$xwiki.getURL('products.WebHome')">View all products</a>
111 </div>
112 </div>
113 </section>
114
115 <section aria-labelledby="overview-title">
116 <div class="container">
117 <div class="product-layout">
118 <article class="product-summary-card">
119 <h2 id="overview-title">Two-factor authentication built into XWiki</h2>
120
121 <p>
122 XWiki Two-Factor Authentication adds MFA support to the standard XWiki login flow.
123 Users continue to sign in with their normal username and password, then confirm access
124 with a time-based verification code from an authenticator application.
125 </p>
126
127 <p>
128 The extension is designed for organizations that want stronger access protection for
129 internal knowledge bases, intranets, documentation platforms, customer portals and other
130 XWiki-based applications.
131 </p>
132 </article>
133
134 <aside class="product-info-card" aria-labelledby="quick-facts-title">
135 <h3 id="quick-facts-title">Quick facts</h3>
136 <ul>
137 <li>Works with the standard XWiki login flow</li>
138 <li>Supports TOTP authenticator applications</li>
139 <li>Can require MFA for all users</li>
140 <li>Includes one-time recovery codes</li>
141 <li>Can remember trusted browsers or devices</li>
142 <li>Includes user self-service controls</li>
143 <li>Includes an administration overview</li>
144 </ul>
145 </aside>
146 </div>
147 </div>
148 </section>
149
150 <section aria-labelledby="capabilities-title">
151 <div class="container">
152 <h2 id="capabilities-title">Main capabilities</h2>
153
154 <p class="section-intro">
155 A focused set of MFA features for stronger XWiki account protection without replacing the familiar login experience.
156 </p>
157
158 <div class="product-feature-grid">
159 #foreach ($entry in $mainCapabilityItems)
160 <article class="product-feature">
161 <div class="card-heading">
162 <div class="feature-icon">
163 <i class="fa fa-$entry.icon" aria-hidden="true"></i>
164 </div>
165 <h3>$entry.title</h3>
166 </div>
167
168 <p>$entry.content</p>
169 </article>
170 #end
171 </div>
172 </div>
173 </section>
174
175 <section class="product-section-muted" aria-labelledby="security-title">
176 <div class="container">
177 <div class="product-layout">
178 <article class="product-summary-card">
179 <h2 id="security-title">Useful for XWiki security and access protection</h2>
180
181 <p>
182 Many organizations use XWiki to store internal documentation, procedures, operational
183 knowledge and business-critical information. Adding a second authentication factor helps
184 reduce the risk of account compromise when a password is exposed or reused.
185 </p>
186
187 <p>
188 The extension is especially useful for protecting administrator accounts, remote users,
189 private knowledge bases and customer or partner portals.
190 </p>
191 </article>
192
193 <aside class="product-info-card" aria-labelledby="use-cases-title">
194 <h3 id="use-cases-title">Typical use cases</h3>
195 <ul>
196 <li>Administrator account protection</li>
197 <li>Internal knowledge base security</li>
198 <li>Private documentation platforms</li>
199 <li>Remote user access protection</li>
200 <li>Customer or partner portals</li>
201 <li>Security review and compliance readiness initiatives</li>
202 </ul>
203 </aside>
204 </div>
205 </div>
206 </section>
207
208 <section aria-labelledby="admin-experience-title">
209 <div class="container">
210 <h2 id="admin-experience-title">Administrator configuration and monitoring</h2>
211
212 <p class="section-intro">
213 Administrators can configure the MFA policy, define recovery options and monitor adoption from the XWiki Administration section.
214 </p>
215
216 <div class="product-feature-grid">
217 #foreach ($entry in $adminExperienceItems)
218 <article class="product-feature">
219 <div class="card-heading">
220 <div class="feature-icon">
221 <i class="fa fa-$entry.icon" aria-hidden="true"></i>
222 </div>
223 <h3>$entry.title</h3>
224 </div>
225
226 <p>$entry.content</p>
227 </article>
228 #end
229 </div>
230
231 {{/html}}
232
233 {{gallery}}
234 [[image:mfa-admin-configuration.png]]
235 [[image:mfa-admin-overview.png]]
236 [[image:mfa-admin-full.png]]
237 {{/gallery}}
238
239 {{html clean="false"}}
240
241 <p class="product-gallery-caption">
242 Administration screens for configuring MFA and reviewing MFA adoption across users.
243 </p>
244 </div>
245 </section>
246
247 <section class="product-section-muted" aria-labelledby="user-experience-title">
248 <div class="container">
249 <h2 id="user-experience-title">User setup and login verification</h2>
250
251 <p class="section-intro">
252 Users can configure MFA from their profile or during the enforced setup flow, then verify future logins with their authenticator app.
253 </p>
254
255 <div class="product-feature-grid">
256 #foreach ($entry in $userExperienceItems)
257 <article class="product-feature">
258 <div class="card-heading">
259 <div class="feature-icon">
260 <i class="fa fa-$entry.icon" aria-hidden="true"></i>
261 </div>
262 <h3>$entry.title</h3>
263 </div>
264
265 <p>$entry.content</p>
266 </article>
267 #end
268 </div>
269
270 {{/html}}
271
272 {{gallery}}
273 [[image:mfa-user-setup-qr.png]]
274 [[image:mfa-login-verification-setup.png]]
275 [[image:mfa-login-verification-code.png]]
276 {{/gallery}}
277
278 {{html clean="false"}}
279
280 <p class="product-gallery-caption">
281 User setup, enforced MFA configuration and login verification screens.
282 </p>
283 </div>
284 </section>
285
286 <section aria-labelledby="self-service-title">
287 <div class="container">
288 <h2 id="self-service-title">Recovery codes and trusted devices</h2>
289
290 <p class="section-intro">
291 Recovery codes and trusted devices help balance stronger access protection with a smoother user experience.
292 </p>
293
294 <div class="product-feature-grid">
295 #foreach ($entry in $selfServiceItems)
296 <article class="product-feature">
297 <div class="card-heading">
298 <div class="feature-icon">
299 <i class="fa fa-$entry.icon" aria-hidden="true"></i>
300 </div>
301 <h3>$entry.title</h3>
302 </div>
303
304 <p>$entry.content</p>
305 </article>
306 #end
307 </div>
308
309 {{/html}}
310
311 {{gallery}}
312 [[image:mfa-user-profile-overview.png]]
313 [[image:mfa-recovery-codes-not-generated.png]]
314 [[image:mfa-recovery-codes-generated.png]]
315 [[image:mfa-trusted-devices.png]]
316 [[image:mfa-user-profile-full.png]]
317 {{/gallery}}
318
319 {{html clean="false"}}
320
321 <p class="product-gallery-caption">
322 User profile screens for recovery codes, trusted devices and MFA self-service management.
323 </p>
324 </div>
325 </section>
326
327 <section class="product-section-muted" aria-labelledby="admin-support-title">
328 <div class="container">
329 <h2 id="admin-support-title">Administrator support and user recovery</h2>
330
331 <p class="section-intro">
332 Administrators can help users recover from lost devices or restart MFA setup when needed.
333 </p>
334
335 <div class="product-feature-grid">
336 #foreach ($entry in $adminSupportItems)
337 <article class="product-feature">
338 <div class="card-heading">
339 <div class="feature-icon">
340 <i class="fa fa-$entry.icon" aria-hidden="true"></i>
341 </div>
342 <h3>$entry.title</h3>
343 </div>
344
345 <p>$entry.content</p>
346 </article>
347 #end
348 </div>
349
350 {{/html}}
351
352 {{gallery}}
353 [[image:mfa-admin-user-management.png]]
354 {{/gallery}}
355
356 {{html clean="false"}}
357
358 <p class="product-gallery-caption">
359 Administrator view for checking and resetting a user MFA setup.
360 </p>
361 </div>
362 </section>
363
364 <section aria-labelledby="rollout-title">
365 <div class="container">
366 <div class="product-layout">
367 <article class="product-summary-card">
368 <h2 id="rollout-title">Rollout recommendations</h2>
369
370 <p>
371 For a smooth rollout, start with a small administrator or pilot group before requiring MFA for everyone.
372 This helps validate the configuration, prepare user communication and reduce support issues.
373 </p>
374
375 <ol class="process-list">
376 #foreach ($entry in $rolloutItems)
377 <li>
378 <strong>$entry.title</strong>
379 $entry.content
380 </li>
381 #end
382 </ol>
383 </article>
384
385 <aside class="product-info-card" aria-labelledby="planning-title">
386 <h3 id="planning-title">Useful information before installation</h3>
387
388 <p class="product-card-note">
389 These details help evaluate compatibility, rollout scope and configuration options.
390 </p>
391
392 <ul>
393 <li>XWiki version</li>
394 <li>Single wiki or wiki farm with subwikis</li>
395 <li>Current authentication setup</li>
396 <li>Optional or globally required MFA policy</li>
397 <li>Trusted-device policy</li>
398 <li>Recovery-code policy</li>
399 <li>Rollout communication needs</li>
400 </ul>
401 </aside>
402 </div>
403 </div>
404 </section>
405
406 <section class="cta-section" aria-labelledby="cta-title">
407 <div class="container">
408 <div class="cta-panel">
409 <h2 id="cta-title">Interested in using this extension?</h2>
410
411 <p>
412 Send a short message with your XWiki version, current authentication setup and MFA rollout goal.
413 </p>
414
415 <a class="btn btn-primary" href="$xwiki.getURL('contact.WebHome')">Contact Agnease</a>
416 </div>
417 </div>
418 </section>
419
420 {{/html}}
421 {{/velocity}}