Skip to Content

xwiki-two-factor-authentication

Last modified by Alex Cotiugă on 2026/05/12 20:32
XWiki security extension

XWiki Two-Factor Authentication

Add a second verification step to the standard XWiki login flow.

This extension protects XWiki accounts with time-based one-time verification codes while keeping the familiar XWiki username and password authentication as the first login step.

Ask about this extension View all products

Stronger login protection for XWiki

The XWiki Two-Factor Authentication extension adds an additional verification screen after the standard username and password login. Users confirm their identity with a time-based one-time code before accessing the wiki.

The extension is designed for organizations that want to improve account security while keeping authentication close to the standard XWiki login experience.

It can be useful for internal knowledge bases, intranets, documentation platforms, SOP systems, or other XWiki environments where access to content and administration should be better protected.

Main capabilities

The extension focuses on adding a practical second authentication step while keeping the standard XWiki login process and administration experience understandable.

Second login step

After the username and password are verified, users are asked to enter a time-based verification code.

User setup screen

Users can configure their verification code setup during login or from their XWiki profile when needed.

Administration controls

Administrators can enable the feature globally, manage user-level activation, and reset a user setup when required.

Profile integration

The extension adds user profile controls so the second-factor setup can be reviewed or reset from XWiki.

Fallback behavior

The extension can fall back to standard XWiki authentication when the feature is not enabled or not configured.

Main wiki and subwikis

The extension is designed to support XWiki environments using the main wiki and subwikis.

When this extension is useful

Two-factor authentication is especially relevant when XWiki contains internal documentation, procedures, customer information, project knowledge, administrative pages, or business-critical content.

It is also useful when many users access the wiki remotely, when administrator accounts need stronger protection, or when the organization wants to reduce the risk of compromised passwords.

Interested in using this extension?

Send a short message with your XWiki version, authentication setup, and whether you use a single wiki or a main wiki with subwikis.

Contact Agnease