Skip to Content
Version 7.1 by Agnease on 2026/06/23 08:02
Hide last authors
Agnease 1.18 1 {{velocity}}
2 #set ($discard = $xwiki.ssx.use('PublicWebSite.WebHome'))
3 #set ($discard = $xwiki.ssx.use('products.WebHome'))
Agnease 6.11 4
5 #set ($mainCapabilityItems = [{
6 'title': 'Second verification step',
7 'icon': 'key',
Agnease 6.12 8 'content': 'Add an additional verification screen after the normal XWiki username and password login.'
Agnease 6.11 9 },{
10 'title': 'Authenticator app codes',
11 'icon': 'mobile',
Agnease 6.12 12 'content': 'Let users verify access with time-based TOTP codes generated by authenticator applications.'
Agnease 6.11 13 },{
14 'title': 'Email verification codes',
15 'icon': 'envelope-o',
Agnease 6.12 16 'content': 'Send one-time verification codes by email when this method is enabled or combined with app codes.'
Agnease 6.11 17 }])
18
Agnease 6.12 19 #set ($adminExperienceItems = [{
Agnease 6.13 20 'title': 'MFA policy',
Agnease 6.12 21 'icon': 'cog',
Agnease 6.13 22 'content': 'Make MFA optional or required for all users from the XWiki Administration section.'
Agnease 6.12 23 },{
24 'title': 'Recovery and trusted devices',
25 'icon': 'shield',
26 'content': 'Configure recovery-code count and trusted-device duration according to the organization security policy.'
27 },{
28 'title': 'Administration overview',
29 'icon': 'table',
30 'content': 'Review MFA adoption across users with summary indicators and a filterable Live Data table.'
31 }])
Agnease 6.11 32
Agnease 6.12 33 #set ($userExperienceItems = [{
34 'title': 'Self-service setup',
35 'icon': 'qrcode',
36 'content': 'Users configure MFA from their profile by scanning a QR code or entering the setup key manually.'
37 },{
38 'title': 'Familiar login flow',
39 'icon': 'sign-in',
40 'content': 'After the normal login, users enter the configured verification code before accessing XWiki.'
41 },{
42 'title': 'Profile management',
43 'icon': 'user',
44 'content': 'Users can review MFA status, manage recovery codes and remove trusted devices from their profile.'
45 }])
Agnease 6.11 46
Agnease 6.12 47 #set ($recoveryItems = [{
48 'title': 'Recovery codes',
49 'icon': 'life-ring',
50 'content': 'Recovery codes provide backup access when a user loses access to the authenticator application.'
51 },{
52 'title': 'Trusted devices',
53 'icon': 'desktop',
54 'content': 'Trusted browsers or devices can skip repeated MFA prompts for a configured period.'
55 },{
56 'title': 'Administrator reset',
57 'icon': 'refresh',
58 'content': 'Administrators can reset a user MFA setup when the user needs to restart the configuration process.'
59 }])
Agnease 6.11 60
61 #set ($rolloutItems = [{
Agnease 6.12 62 'title': 'Start with a pilot group',
63 'content': 'Test the extension with administrators or a small user group before enabling it widely.'
Agnease 6.11 64 },{
65 'title': 'Define the MFA policy',
66 'content': 'Decide whether MFA should be optional, required for administrators, or required for all users.'
67 },{
Agnease 6.12 68 'title': 'Configure recovery options',
69 'content': 'Choose whether recovery codes and trusted devices should be enabled.'
Agnease 6.11 70 },{
Agnease 6.12 71 'title': 'Inform users',
72 'content': 'Explain how users configure MFA, save recovery codes and manage trusted devices.'
Agnease 6.11 73 },{
74 'title': 'Monitor adoption',
75 'content': 'Use the administration overview to identify users who still need to configure MFA.'
76 }])
77
Agnease 1.18 78 {{html clean="false"}}
Agnease 1.2 79
Agnease 6.11 80 <section class="hero hero-centered" aria-labelledby="product-title">
Agnease 1.18 81 <div class="container hero-inner">
82 <div class="hero-kicker">
Agnease 1.2 83 <i class="fa fa-lock" aria-hidden="true"></i>
Agnease 1.18 84 XWiki 2FA and MFA
Agnease 1.2 85 </div>
86
Agnease 1.18 87 <h1 id="product-title">XWiki Two-Factor Authentication</h1>
Agnease 1.2 88
Agnease 1.18 89 <p class="lead">
Agnease 6.2 90 Protect XWiki logins with a second verification step using authenticator app codes,
91 email verification codes, or both.
Agnease 1.2 92 </p>
93
Agnease 1.18 94 <div class="hero-actions">
95 <a class="btn btn-primary" href="$xwiki.getURL('contact.WebHome')">Ask about this extension</a>
96 <a class="btn btn-secondary" href="$xwiki.getURL('products.WebHome')">View all products</a>
97 </div>
98 </div>
99 </section>
100
101 <section aria-labelledby="overview-title">
102 <div class="container">
103 <div class="product-layout">
104 <article class="product-summary-card">
105 <h2 id="overview-title">Two-factor authentication built into XWiki</h2>
106
107 <p>
Agnease 6.11 108 XWiki Two-Factor Authentication adds MFA/2FA support to the standard XWiki login flow.
109 Users continue to sign in with their normal username and password, then confirm access with
110 an additional verification method.
Agnease 1.18 111 </p>
112
113 <p>
Agnease 6.11 114 The extension supports authenticator app codes, email-delivered verification codes, or a combined
Agnease 6.13 115 setup where both methods are required. It improves account protection without replacing the familiar
116 XWiki authentication experience.
Agnease 1.18 117 </p>
118 </article>
119
120 <aside class="product-info-card" aria-labelledby="quick-facts-title">
121 <h3 id="quick-facts-title">Quick facts</h3>
122 <ul>
123 <li>Works with the standard XWiki login flow</li>
Agnease 6.12 124 <li>Supports TOTP authenticator applications</li>
125 <li>Supports email-delivered one-time codes</li>
126 <li>Can require app and email verification together</li>
Agnease 6.11 127 <li>Includes recovery codes for backup access</li>
Agnease 1.18 128 <li>Can remember trusted browsers or devices</li>
Agnease 6.12 129 <li>Includes administration and user controls</li>
Agnease 1.18 130 </ul>
131 </aside>
132 </div>
133 </div>
134 </section>
135
Agnease 6.12 136 <section aria-labelledby="capabilities-title">
Agnease 1.18 137 <div class="container">
Agnease 6.12 138 <h2 id="capabilities-title">Main capabilities</h2>
Agnease 1.18 139
140 <p class="section-intro">
Agnease 6.12 141 A focused set of MFA/2FA features for stronger XWiki account protection without changing the standard login experience.
Agnease 1.2 142 </p>
Agnease 1.18 143
144 <div class="product-feature-grid">
Agnease 6.11 145 #foreach ($entry in $mainCapabilityItems)
146 <article class="product-feature">
147 <div class="card-heading">
148 <div class="feature-icon">
149 <i class="fa fa-$entry.icon" aria-hidden="true"></i>
150 </div>
151 <h3>$entry.title</h3>
Agnease 6.7 152 </div>
153
Agnease 6.11 154 <p>$entry.content</p>
155 </article>
156 #end
157 </div>
158 </div>
159 </section>
160
161 <section class="product-section-muted" aria-labelledby="security-title">
162 <div class="container">
163 <div class="product-layout">
164 <article class="product-summary-card">
Agnease 6.12 165 <h2 id="security-title">Useful for XWiki security and access protection</h2>
Agnease 6.11 166
Agnease 1.18 167 <p>
Agnease 6.12 168 Many organizations need multi-factor authentication for internal tools, knowledge bases,
169 intranets, documentation platforms and systems containing operational or sensitive information.
Agnease 1.18 170 </p>
Agnease 6.11 171
172 <p>
Agnease 6.12 173 For XWiki, adding two-factor authentication directly to the standard login flow helps protect
174 administrator accounts, remote users, private knowledge bases and customer or partner portals.
Agnease 6.11 175 </p>
Agnease 1.18 176 </article>
177
Agnease 6.11 178 <aside class="product-info-card" aria-labelledby="use-cases-title">
179 <h3 id="use-cases-title">Typical use cases</h3>
180 <ul>
Agnease 6.12 181 <li>Administrator account protection</li>
182 <li>Internal knowledge base security</li>
183 <li>Private documentation platforms</li>
184 <li>Remote user access protection</li>
185 <li>Customer or partner portals</li>
186 <li>Security review and NIS 2 readiness initiatives</li>
Agnease 6.11 187 </ul>
188 </aside>
189 </div>
190 </div>
191 </section>
Agnease 6.7 192
Agnease 6.12 193 <section aria-labelledby="admin-experience-title">
Agnease 6.11 194 <div class="container">
Agnease 6.12 195 <h2 id="admin-experience-title">Administrator experience</h2>
Agnease 6.11 196
Agnease 6.12 197 <p class="section-intro">
198 Administrators can configure the MFA policy, monitor adoption and reset user MFA setups when needed.
199 </p>
Agnease 6.11 200
Agnease 6.12 201 <div class="product-feature-grid">
202 #foreach ($entry in $adminExperienceItems)
203 <article class="product-feature">
204 <div class="card-heading">
205 <div class="feature-icon">
206 <i class="fa fa-$entry.icon" aria-hidden="true"></i>
207 </div>
208 <h3>$entry.title</h3>
209 </div>
Agnease 6.11 210
Agnease 6.12 211 <p>$entry.content</p>
212 </article>
213 #end
214 </div>
Agnease 1.18 215
Agnease 6.12 216 <p class="product-gallery-caption">
217 Administration screens for configuring MFA and reviewing MFA adoption across users.
218 </p>
Agnease 6.11 219 </div>
220 </section>
Agnease 6.7 221
Agnease 6.11 222 {{/html}}
223
224 {{gallery}}
225 [[image:mfa-admin-configuration.png]]
Agnease 6.12 226 [[image:mfa-admin-overview.png]]
Agnease 6.11 227 {{/gallery}}
228
229 {{html clean="false"}}
230
Agnease 6.12 231 <section class="product-section-muted" aria-labelledby="user-experience-title">
Agnease 6.11 232 <div class="container">
Agnease 6.12 233 <h2 id="user-experience-title">User experience</h2>
Agnease 6.11 234
Agnease 6.12 235 <p class="section-intro">
236 Users can configure MFA from their profile and complete the second verification step during login.
237 </p>
Agnease 6.11 238
Agnease 6.12 239 <div class="product-feature-grid">
240 #foreach ($entry in $userExperienceItems)
241 <article class="product-feature">
242 <div class="card-heading">
243 <div class="feature-icon">
244 <i class="fa fa-$entry.icon" aria-hidden="true"></i>
245 </div>
246 <h3>$entry.title</h3>
247 </div>
Agnease 6.11 248
Agnease 6.12 249 <p>$entry.content</p>
250 </article>
251 #end
Agnease 1.18 252 </div>
253
Agnease 6.12 254 <p class="product-gallery-caption">
255 User setup and login verification screens.
256 </p>
Agnease 6.11 257 </div>
258 </section>
259
260 {{/html}}
261
262 {{gallery}}
263 [[image:mfa-user-setup-qr.png]]
264 [[image:mfa-login-verification.png]]
265 {{/gallery}}
266
267 {{html clean="false"}}
268
269 <section aria-labelledby="recovery-title">
270 <div class="container">
Agnease 6.12 271 <h2 id="recovery-title">Recovery codes and trusted devices</h2>
Agnease 6.11 272
Agnease 6.12 273 <p class="section-intro">
274 Recovery codes and trusted devices help balance stronger access protection with a smoother user experience.
275 </p>
Agnease 6.11 276
Agnease 6.12 277 <div class="product-feature-grid">
278 #foreach ($entry in $recoveryItems)
279 <article class="product-feature">
280 <div class="card-heading">
281 <div class="feature-icon">
282 <i class="fa fa-$entry.icon" aria-hidden="true"></i>
283 </div>
284 <h3>$entry.title</h3>
285 </div>
Agnease 6.11 286
Agnease 6.12 287 <p>$entry.content</p>
288 </article>
289 #end
290 </div>
Agnease 1.18 291
Agnease 6.12 292 <p class="product-gallery-caption">
293 Recovery codes, trusted devices and user profile management.
294 </p>
Agnease 1.18 295 </div>
296 </section>
297
Agnease 6.11 298 {{/html}}
299
300 {{gallery}}
301 [[image:mfa-recovery-codes.png]]
302 [[image:mfa-trusted-devices.png]]
303 [[image:mfa-user-profile-overview.png]]
304 [[image:mfa-admin-user-management.png]]
305 {{/gallery}}
306
307 {{html clean="false"}}
308
Agnease 6.12 309 <section class="product-section-muted" aria-labelledby="rollout-title">
Agnease 6.11 310 <div class="container">
311 <div class="product-layout">
312 <article class="product-summary-card">
Agnease 6.12 313 <h2 id="rollout-title">Rollout recommendations</h2>
Agnease 6.11 314
315 <p>
Agnease 6.12 316 For a smooth rollout, start with a small administrator or pilot group before requiring MFA for everyone.
317 This helps validate the configuration, prepare user communication and reduce support issues.
Agnease 6.11 318 </p>
319
Agnease 6.12 320 <ol class="process-list">
321 #foreach ($entry in $rolloutItems)
322 <li>
323 <strong>$entry.title</strong>
324 $entry.content
325 </li>
326 #end
327 </ol>
Agnease 6.11 328 </article>
329
Agnease 6.12 330 <aside class="product-info-card" aria-labelledby="planning-title">
331 <h3 id="planning-title">Useful information before installation</h3>
Agnease 6.11 332 <ul>
333 <li>XWiki version</li>
334 <li>Single wiki or wiki farm with subwikis</li>
335 <li>Current authentication setup</li>
336 <li>Optional or globally required MFA policy</li>
337 <li>Trusted-device policy</li>
338 <li>Recovery-code policy</li>
339 <li>Rollout communication needs</li>
340 </ul>
341 </aside>
342 </div>
343 </div>
344 </section>
345
Agnease 1.18 346 <section class="cta-section" aria-labelledby="cta-title">
347 <div class="container">
348 <div class="cta-panel">
349 <h2 id="cta-title">Interested in using this extension?</h2>
Agnease 6.11 350
Agnease 1.18 351 <p>
Agnease 6.11 352 Send a short message with your XWiki version, authentication setup and whether you need
353 authenticator app codes, email verification codes, combined verification, recovery codes
354 or trusted-device remembering.
Agnease 1.18 355 </p>
Agnease 6.11 356
Agnease 1.18 357 <a class="btn btn-primary" href="$xwiki.getURL('contact.WebHome')">Contact Agnease</a>
358 </div>
359 </div>
360 </section>
361
362 {{/html}}
363 {{/velocity}}