Skip to Content
Version 6.12 by Agnease on 2026/06/23 07:40
Hide last authors
Agnease 1.18 1 {{velocity}}
2 #set ($discard = $xwiki.ssx.use('PublicWebSite.WebHome'))
3 #set ($discard = $xwiki.ssx.use('products.WebHome'))
Agnease 6.11 4
5 #set ($mainCapabilityItems = [{
6 'title': 'Second verification step',
7 'icon': 'key',
Agnease 6.12 8 'content': 'Add an additional verification screen after the normal XWiki username and password login.'
Agnease 6.11 9 },{
10 'title': 'Authenticator app codes',
11 'icon': 'mobile',
Agnease 6.12 12 'content': 'Let users verify access with time-based TOTP codes generated by authenticator applications.'
Agnease 6.11 13 },{
14 'title': 'Email verification codes',
15 'icon': 'envelope-o',
Agnease 6.12 16 'content': 'Send one-time verification codes by email when this method is enabled or combined with app codes.'
Agnease 6.11 17 }])
18
Agnease 6.12 19 #set ($adminExperienceItems = [{
20 'title': 'Simple MFA policy',
21 'icon': 'cog',
22 'content': 'Administrators can make MFA optional or required for all users from the XWiki Administration section.'
23 },{
24 'title': 'Recovery and trusted devices',
25 'icon': 'shield',
26 'content': 'Configure recovery-code count and trusted-device duration according to the organization security policy.'
27 },{
28 'title': 'Administration overview',
29 'icon': 'table',
30 'content': 'Review MFA adoption across users with summary indicators and a filterable Live Data table.'
31 }])
Agnease 6.11 32
Agnease 6.12 33 #set ($userExperienceItems = [{
34 'title': 'Self-service setup',
35 'icon': 'qrcode',
36 'content': 'Users configure MFA from their profile by scanning a QR code or entering the setup key manually.'
37 },{
38 'title': 'Familiar login flow',
39 'icon': 'sign-in',
40 'content': 'After the normal login, users enter the configured verification code before accessing XWiki.'
41 },{
42 'title': 'Profile management',
43 'icon': 'user',
44 'content': 'Users can review MFA status, manage recovery codes and remove trusted devices from their profile.'
45 }])
Agnease 6.11 46
Agnease 6.12 47 #set ($recoveryItems = [{
48 'title': 'Recovery codes',
49 'icon': 'life-ring',
50 'content': 'Recovery codes provide backup access when a user loses access to the authenticator application.'
51 },{
52 'title': 'Trusted devices',
53 'icon': 'desktop',
54 'content': 'Trusted browsers or devices can skip repeated MFA prompts for a configured period.'
55 },{
56 'title': 'Administrator reset',
57 'icon': 'refresh',
58 'content': 'Administrators can reset a user MFA setup when the user needs to restart the configuration process.'
59 }])
Agnease 6.11 60
61 #set ($rolloutItems = [{
Agnease 6.12 62 'title': 'Start with a pilot group',
63 'content': 'Test the extension with administrators or a small user group before enabling it widely.'
Agnease 6.11 64 },{
65 'title': 'Define the MFA policy',
66 'content': 'Decide whether MFA should be optional, required for administrators, or required for all users.'
67 },{
Agnease 6.12 68 'title': 'Configure recovery options',
69 'content': 'Choose whether recovery codes and trusted devices should be enabled.'
Agnease 6.11 70 },{
Agnease 6.12 71 'title': 'Inform users',
72 'content': 'Explain how users configure MFA, save recovery codes and manage trusted devices.'
Agnease 6.11 73 },{
74 'title': 'Monitor adoption',
75 'content': 'Use the administration overview to identify users who still need to configure MFA.'
76 }])
77
Agnease 1.18 78 {{html clean="false"}}
Agnease 1.2 79
Agnease 6.12 80 <div class="product-doc-page product-mfa-page">
81
Agnease 6.11 82 <section class="hero hero-centered" aria-labelledby="product-title">
Agnease 1.18 83 <div class="container hero-inner">
84 <div class="hero-kicker">
Agnease 1.2 85 <i class="fa fa-lock" aria-hidden="true"></i>
Agnease 1.18 86 XWiki 2FA and MFA
Agnease 1.2 87 </div>
88
Agnease 1.18 89 <h1 id="product-title">XWiki Two-Factor Authentication</h1>
Agnease 1.2 90
Agnease 1.18 91 <p class="lead">
Agnease 6.2 92 Protect XWiki logins with a second verification step using authenticator app codes,
93 email verification codes, or both.
Agnease 1.2 94 </p>
95
Agnease 1.18 96 <div class="hero-actions">
97 <a class="btn btn-primary" href="$xwiki.getURL('contact.WebHome')">Ask about this extension</a>
98 <a class="btn btn-secondary" href="$xwiki.getURL('products.WebHome')">View all products</a>
99 </div>
100 </div>
101 </section>
102
103 <section aria-labelledby="overview-title">
104 <div class="container">
105 <div class="product-layout">
106 <article class="product-summary-card">
107 <h2 id="overview-title">Two-factor authentication built into XWiki</h2>
108
109 <p>
Agnease 6.11 110 XWiki Two-Factor Authentication adds MFA/2FA support to the standard XWiki login flow.
111 Users continue to sign in with their normal username and password, then confirm access with
112 an additional verification method.
Agnease 1.18 113 </p>
114
115 <p>
Agnease 6.11 116 The extension supports authenticator app codes, email-delivered verification codes, or a combined
Agnease 6.12 117 setup where both methods are required. It is designed to improve account protection without replacing
118 the familiar XWiki authentication experience.
Agnease 1.18 119 </p>
120 </article>
121
122 <aside class="product-info-card" aria-labelledby="quick-facts-title">
123 <h3 id="quick-facts-title">Quick facts</h3>
124 <ul>
125 <li>Works with the standard XWiki login flow</li>
Agnease 6.12 126 <li>Supports TOTP authenticator applications</li>
127 <li>Supports email-delivered one-time codes</li>
128 <li>Can require app and email verification together</li>
Agnease 6.11 129 <li>Includes recovery codes for backup access</li>
Agnease 1.18 130 <li>Can remember trusted browsers or devices</li>
Agnease 6.12 131 <li>Includes administration and user controls</li>
Agnease 1.18 132 </ul>
133 </aside>
134 </div>
135 </div>
136 </section>
137
Agnease 6.12 138 <section aria-labelledby="capabilities-title">
Agnease 1.18 139 <div class="container">
Agnease 6.12 140 <h2 id="capabilities-title">Main capabilities</h2>
Agnease 1.18 141
142 <p class="section-intro">
Agnease 6.12 143 A focused set of MFA/2FA features for stronger XWiki account protection without changing the standard login experience.
Agnease 1.2 144 </p>
Agnease 1.18 145
146 <div class="product-feature-grid">
Agnease 6.11 147 #foreach ($entry in $mainCapabilityItems)
148 <article class="product-feature">
149 <div class="card-heading">
150 <div class="feature-icon">
151 <i class="fa fa-$entry.icon" aria-hidden="true"></i>
152 </div>
153 <h3>$entry.title</h3>
Agnease 6.7 154 </div>
155
Agnease 6.11 156 <p>$entry.content</p>
157 </article>
158 #end
159 </div>
160 </div>
161 </section>
162
163 <section class="product-section-muted" aria-labelledby="security-title">
164 <div class="container">
165 <div class="product-layout">
166 <article class="product-summary-card">
Agnease 6.12 167 <h2 id="security-title">Useful for XWiki security and access protection</h2>
Agnease 6.11 168
Agnease 1.18 169 <p>
Agnease 6.12 170 Many organizations need multi-factor authentication for internal tools, knowledge bases,
171 intranets, documentation platforms and systems containing operational or sensitive information.
Agnease 1.18 172 </p>
Agnease 6.11 173
174 <p>
Agnease 6.12 175 For XWiki, adding two-factor authentication directly to the standard login flow helps protect
176 administrator accounts, remote users, private knowledge bases and customer or partner portals.
Agnease 6.11 177 </p>
Agnease 1.18 178 </article>
179
Agnease 6.11 180 <aside class="product-info-card" aria-labelledby="use-cases-title">
181 <h3 id="use-cases-title">Typical use cases</h3>
182 <ul>
Agnease 6.12 183 <li>Administrator account protection</li>
184 <li>Internal knowledge base security</li>
185 <li>Private documentation platforms</li>
186 <li>Remote user access protection</li>
187 <li>Customer or partner portals</li>
188 <li>Security review and NIS 2 readiness initiatives</li>
Agnease 6.11 189 </ul>
190 </aside>
191 </div>
192 </div>
193 </section>
Agnease 6.7 194
Agnease 6.12 195 <section aria-labelledby="admin-experience-title">
Agnease 6.11 196 <div class="container">
Agnease 6.12 197 <h2 id="admin-experience-title">Administrator experience</h2>
Agnease 6.11 198
Agnease 6.12 199 <p class="section-intro">
200 Administrators can configure the MFA policy, monitor adoption and reset user MFA setups when needed.
201 </p>
Agnease 6.11 202
Agnease 6.12 203 <div class="product-feature-grid">
204 #foreach ($entry in $adminExperienceItems)
205 <article class="product-feature">
206 <div class="card-heading">
207 <div class="feature-icon">
208 <i class="fa fa-$entry.icon" aria-hidden="true"></i>
209 </div>
210 <h3>$entry.title</h3>
211 </div>
Agnease 6.11 212
Agnease 6.12 213 <p>$entry.content</p>
214 </article>
215 #end
216 </div>
Agnease 1.18 217
Agnease 6.12 218 <p class="product-gallery-caption">
219 Administration screens for configuring MFA and reviewing MFA adoption across users.
220 </p>
Agnease 6.11 221 </div>
222 </section>
Agnease 6.7 223
Agnease 6.11 224 {{/html}}
225
226 {{gallery}}
227 [[image:mfa-admin-configuration.png]]
Agnease 6.12 228 [[image:mfa-admin-overview.png]]
Agnease 6.11 229 {{/gallery}}
230
231 {{html clean="false"}}
232
Agnease 6.12 233 <section class="product-section-muted" aria-labelledby="user-experience-title">
Agnease 6.11 234 <div class="container">
Agnease 6.12 235 <h2 id="user-experience-title">User experience</h2>
Agnease 6.11 236
Agnease 6.12 237 <p class="section-intro">
238 Users can configure MFA from their profile and complete the second verification step during login.
239 </p>
Agnease 6.11 240
Agnease 6.12 241 <div class="product-feature-grid">
242 #foreach ($entry in $userExperienceItems)
243 <article class="product-feature">
244 <div class="card-heading">
245 <div class="feature-icon">
246 <i class="fa fa-$entry.icon" aria-hidden="true"></i>
247 </div>
248 <h3>$entry.title</h3>
249 </div>
Agnease 6.11 250
Agnease 6.12 251 <p>$entry.content</p>
252 </article>
253 #end
Agnease 1.18 254 </div>
255
Agnease 6.12 256 <p class="product-gallery-caption">
257 User setup and login verification screens.
258 </p>
Agnease 6.11 259 </div>
260 </section>
261
262 {{/html}}
263
264 {{gallery}}
265 [[image:mfa-user-setup-qr.png]]
266 [[image:mfa-login-verification.png]]
267 {{/gallery}}
268
269 {{html clean="false"}}
270
271 <section aria-labelledby="recovery-title">
272 <div class="container">
Agnease 6.12 273 <h2 id="recovery-title">Recovery codes and trusted devices</h2>
Agnease 6.11 274
Agnease 6.12 275 <p class="section-intro">
276 Recovery codes and trusted devices help balance stronger access protection with a smoother user experience.
277 </p>
Agnease 6.11 278
Agnease 6.12 279 <div class="product-feature-grid">
280 #foreach ($entry in $recoveryItems)
281 <article class="product-feature">
282 <div class="card-heading">
283 <div class="feature-icon">
284 <i class="fa fa-$entry.icon" aria-hidden="true"></i>
285 </div>
286 <h3>$entry.title</h3>
287 </div>
Agnease 6.11 288
Agnease 6.12 289 <p>$entry.content</p>
290 </article>
291 #end
292 </div>
Agnease 1.18 293
Agnease 6.12 294 <p class="product-gallery-caption">
295 Recovery codes, trusted devices and user profile management.
296 </p>
Agnease 1.18 297 </div>
298 </section>
299
Agnease 6.11 300 {{/html}}
301
302 {{gallery}}
303 [[image:mfa-recovery-codes.png]]
304 [[image:mfa-trusted-devices.png]]
305 [[image:mfa-user-profile-overview.png]]
306 [[image:mfa-admin-user-management.png]]
307 {{/gallery}}
308
309 {{html clean="false"}}
310
Agnease 6.12 311 <section class="product-section-muted" aria-labelledby="rollout-title">
Agnease 6.11 312 <div class="container">
313 <div class="product-layout">
314 <article class="product-summary-card">
Agnease 6.12 315 <h2 id="rollout-title">Rollout recommendations</h2>
Agnease 6.11 316
317 <p>
Agnease 6.12 318 For a smooth rollout, start with a small administrator or pilot group before requiring MFA for everyone.
319 This helps validate the configuration, prepare user communication and reduce support issues.
Agnease 6.11 320 </p>
321
Agnease 6.12 322 <ol class="process-list">
323 #foreach ($entry in $rolloutItems)
324 <li>
325 <strong>$entry.title</strong>
326 $entry.content
327 </li>
328 #end
329 </ol>
Agnease 6.11 330 </article>
331
Agnease 6.12 332 <aside class="product-info-card" aria-labelledby="planning-title">
333 <h3 id="planning-title">Useful information before installation</h3>
Agnease 6.11 334 <ul>
335 <li>XWiki version</li>
336 <li>Single wiki or wiki farm with subwikis</li>
337 <li>Current authentication setup</li>
338 <li>Optional or globally required MFA policy</li>
339 <li>Trusted-device policy</li>
340 <li>Recovery-code policy</li>
341 <li>Rollout communication needs</li>
342 </ul>
343 </aside>
344 </div>
345 </div>
346 </section>
347
Agnease 1.18 348 <section class="cta-section" aria-labelledby="cta-title">
349 <div class="container">
350 <div class="cta-panel">
351 <h2 id="cta-title">Interested in using this extension?</h2>
Agnease 6.11 352
Agnease 1.18 353 <p>
Agnease 6.11 354 Send a short message with your XWiki version, authentication setup and whether you need
355 authenticator app codes, email verification codes, combined verification, recovery codes
356 or trusted-device remembering.
Agnease 1.18 357 </p>
Agnease 6.11 358
Agnease 1.18 359 <a class="btn btn-primary" href="$xwiki.getURL('contact.WebHome')">Contact Agnease</a>
360 </div>
361 </div>
362 </section>
363
Agnease 6.12 364 </div>
365
Agnease 1.18 366 {{/html}}
367 {{/velocity}}