XWiki Two-Factor Authentication

Last modified by Agnease on 2026/05/23 18:56

Manage
- Copy
Actions
- Export
- Print Preview
Viewers
- Source
- Siblings
- Comments
- Attachments
- History
- Information
- Likes

XWiki 2FA and MFA

XWiki Two-Factor Authentication

Protect XWiki logins with a second verification step using authenticator app codes, email verification codes, or both.

Ask about this extension View all products

Two-factor authentication built into XWiki

XWiki Two-Factor Authentication adds an additional verification screen after the standard XWiki username and password login. It improves account protection without replacing the familiar XWiki authentication flow.

Users can verify access with TOTP codes generated by an authenticator app, with one-time codes delivered by email, or with a combined setup requiring both methods.

Trusted browsers or devices can be remembered for a configured period, reducing repeated verification prompts on known clients while still requiring verification from new or untrusted ones.

Main capabilities

A focused set of MFA/2FA features for stronger XWiki account protection without changing the standard login experience.

Second verification step

After username and password verification, users complete an additional step before accessing XWiki. The flow can require one verification method or both app and email codes.

Authenticator app codes

Users can verify access with TOTP codes generated by authenticator applications on mobile or desktop devices.

Email verification codes

Users can receive one-time verification codes by email when an authenticator app is not available or preferred.

Useful for XWiki security and NIS 2 readiness

Many organizations need multi-factor authentication for enterprise software, including internal knowledge bases, intranets, documentation platforms and systems containing operational procedures or sensitive business information.

For organizations using XWiki, adding two-factor authentication directly to the standard login flow can help close a practical access-control gap. It can be useful for administrator accounts, remote users, private knowledge bases and broader security readiness initiatives such as NIS 2 preparation.

This extension is not a complete compliance solution on its own, but it can provide an important technical control for protecting access to XWiki.

Interested in using this extension?

Send a short message with your XWiki version, authentication setup, and whether you need authenticator app codes, email verification codes, combined verification, or trusted-device remembering.

Contact Agnease