Skip to Content
Version 1.10 by Agnease on 2026/05/22 03:23
Show last authors
1 {{velocity}}
2 #set ($discard = $xwiki.ssx.use('PublicWebSite.WebHome'))
3 #set ($discard = $xwiki.ssx.use('products.WebHome'))
4 {{html clean="false"}}
5
6 <section class="hero hero-centered product-hero" aria-labelledby="product-title">
7 <div class="container hero-inner">
8 <div class="hero-kicker">
9 <i class="fa fa-lock" aria-hidden="true"></i>
10 XWiki security extension
11 </div>
12
13 <h1 id="product-title">XWiki Two-Factor Authentication</h1>
14
15 <p class="lead">
16 Add a second verification step to the standard XWiki login flow.
17 </p>
18
19 <p class="hero-support">
20 This extension protects XWiki accounts with an additional verification step after the standard username and password login.
21 Users can verify access with an authenticator app code or an email-delivered code, while XWiki keeps its familiar login experience.
22 </p>
23
24 <div class="hero-actions">
25 <a class="btn btn-primary" href="$xwiki.getURL('contact.WebHome')">Ask about this extension</a>
26 <a class="btn btn-secondary" href="$xwiki.getURL('products.WebHome')">View all products</a>
27 </div>
28 </div>
29 </section>
30
31 <section aria-labelledby="overview-title">
32 <div class="container">
33 <div class="product-layout">
34 <article class="product-summary-card">
35 <h2 id="overview-title">Stronger login protection for XWiki</h2>
36
37 <p>
38 The XWiki Two-Factor Authentication extension adds an additional verification screen after the standard
39 username and password login. Users confirm their identity with a time-based one-time code generated by an
40 authenticator app, or with a verification code delivered by email.
41 </p>
42
43 <p>
44 The extension is designed for organizations that want to improve account security while keeping authentication
45 close to the standard XWiki login experience. It also supports remembering trusted clients beyond the current
46 session, so users are not forced to enter a second factor again on every login from the same trusted browser.
47 </p>
48
49 <p>
50 It can be useful for internal knowledge bases, intranets, documentation platforms, SOP systems, or other
51 XWiki environments where access to content and administration should be better protected.
52 </p>
53 </article>
54
55 <aside class="product-info-card" aria-labelledby="quick-facts-title">
56 <h3 id="quick-facts-title">Quick facts</h3>
57 <ul>
58 <li>Works with the standard XWiki login flow</li>
59 <li>Supports authenticator app verification codes</li>
60 <li>Supports email-delivered verification codes</li>
61 <li>Can remember trusted clients beyond the current session</li>
62 <li>Configuration available from wiki administration</li>
63 <li>User setup available during login or from the user profile</li>
64 <li>Administrators can enable, disable or reset MFA for users</li>
65 <li>Can be used on the main wiki and subwikis</li>
66 </ul>
67 </aside>
68 </div>
69 </div>
70 </section>
71
72 <section aria-labelledby="features-title">
73 <div class="container">
74 <h2 id="features-title">Main capabilities</h2>
75 <p class="section-intro">
76 The extension focuses on adding a practical second authentication step while keeping the standard XWiki login
77 process and administration experience understandable.
78 </p>
79
80 <div class="product-feature-grid">
81 <article class="product-feature">
82 <div class="feature-icon">
83 <i class="fa fa-key" aria-hidden="true"></i>
84 </div>
85 <h3>Second login step</h3>
86 <p>
87 After the username and password are verified, users are asked to enter a time-based verification code.
88 </p>
89 </article>
90
91 <article class="product-feature">
92 <div class="feature-icon">
93 <i class="fa fa-qrcode" aria-hidden="true"></i>
94 </div>
95 <h3>User setup screen</h3>
96 <p>
97 Users can configure their verification code setup during login or from their XWiki profile when needed.
98 </p>
99 </article>
100
101 <article class="product-feature">
102 <div class="feature-icon">
103 <i class="fa fa-sliders" aria-hidden="true"></i>
104 </div>
105 <h3>Administration controls</h3>
106 <p>
107 Administrators can enable the feature globally, manage user-level activation, and reset a user setup when required.
108 </p>
109 </article>
110
111 <article class="product-feature">
112 <div class="feature-icon">
113 <i class="fa fa-user" aria-hidden="true"></i>
114 </div>
115 <h3>Profile integration</h3>
116 <p>
117 The extension adds user profile controls so the second-factor setup can be reviewed or reset from XWiki.
118 </p>
119 </article>
120
121 <article class="product-feature">
122 <div class="feature-icon">
123 <i class="fa fa-random" aria-hidden="true"></i>
124 </div>
125 <h3>Fallback behavior</h3>
126 <p>
127 The extension can fall back to standard XWiki authentication when the feature is not enabled or not configured.
128 </p>
129 </article>
130
131 <article class="product-feature">
132 <div class="feature-icon">
133 <i class="fa fa-sitemap" aria-hidden="true"></i>
134 </div>
135 <h3>Main wiki and subwikis</h3>
136 <p>
137 The extension is designed to support XWiki environments using the main wiki and subwikis.
138 </p>
139 </article>
140 </div>
141 </div>
142 </section>
143
144 <section aria-labelledby="use-cases-title">
145 <div class="container">
146 <div class="product-layout">
147 <article class="product-summary-card">
148 <h2 id="use-cases-title">When this extension is useful</h2>
149
150 <p>
151 Two-factor authentication is especially relevant when XWiki contains internal documentation, procedures,
152 customer information, project knowledge, administrative pages, or business-critical content.
153 </p>
154
155 <p>
156 It is also useful when many users access the wiki remotely, when administrator accounts need stronger protection,
157 or when the organization wants to reduce the risk of compromised passwords.
158 </p>
159 </article>
160
161 <aside class="product-info-card" aria-labelledby="good-fit-title">
162 <h3 id="good-fit-title">Good fit for</h3>
163 <ul>
164 <li>Private XWiki knowledge bases</li>
165 <li>Company intranets</li>
166 <li>SOP and controlled-document platforms</li>
167 <li>Documentation portals with sensitive content</li>
168 <li>Wikis with several administrators or remote users</li>
169 </ul>
170 </aside>
171 </div>
172 </div>
173 </section>
174
175 #*
176 <section aria-labelledby="gallery-title">
177 <div class="container">
178 <div class="product-gallery-panel">
179 <h2 id="gallery-title">Screenshots</h2>
180 <p class="gallery-note">
181 Use this area to show the login verification screen, first-time setup, user profile controls,
182 and administration configuration.
183 </p>
184
185 <div class="product-gallery-placeholder">
186 Replace this placeholder with the XWiki gallery macro and 3-5 screenshots from the application.
187 </div>
188 </div>
189 </div>
190 </section>
191 *#
192 <section class="cta-section" aria-labelledby="cta-title">
193 <div class="container">
194 <div class="cta-panel">
195 <h2 id="cta-title">Interested in using this extension?</h2>
196 <p>
197 Send a short message with your XWiki version, authentication setup, and whether you use a single wiki
198 or a main wiki with subwikis.
199 </p>
200 <a class="btn btn-primary" href="$xwiki.getURL('contact.WebHome')">Contact Agnease</a>
201 </div>
202 </div>
203 </section>
204
205 {{/html}}
206 {{/velocity}}